You probably don't need this post — just update your kernel!

https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-851849

Everything below is only for cases where you cannot immediately update the kernel.

―――――――――――――

On a default Proxmox VE 9 installation with kernel 7.0.0-3-pve,
the following modules are present but not loaded by default:

• esp4.ko
• esp6.ko
• rxrpc.ko

So mitigation should be possible if you are not using L2TP/IPsec or AFS.
esp4.ko, esp6.ko, and rxrpc.ko are present, so I’d like to remove them…

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-43284

https://almalinux.org/ja/blog/2026-05-07-dirty-frag/

Workaround

As described in the article, disabling just esp4, esp6, and rxrpc would be sufficient,
but I’ve also disabled afs, which depends on them, just to be safe.

tee /etc/modprobe.d/blacklist-dirtyfrag.conf << EOF
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
install kafs /bin/false
EOF

log

mors ~   10:20:45 
❯ rmmod rxrpc
rmmod: ERROR: Module rxrpc is not currently loaded

mors ~   10:20:52 
❯ rmmod esp4
rmmod: ERROR: Module esp4 is not currently loaded

mors ~   10:20:59 
❯ rmmod esp6
rmmod: ERROR: Module esp6 is not currently loaded

mors ~   10:21:01 
❯ uname -a
Linux mors 7.0.0-3-pve #1 SMP PREEMPT_DYNAMIC PMX 7.0.0-3 (2026-04-21T22:56Z) x86_64 GNU/Linux

mors ~   10:31:44 
❯ ls /lib/modules/$(uname -r)/kernel/net/ipv*/esp*
 /lib/modules/7.0.0-3-pve/kernel/net/ipv4/esp4.ko           /lib/modules/7.0.0-3-pve/kernel/net/ipv6/esp6.ko
 /lib/modules/7.0.0-3-pve/kernel/net/ipv4/esp4_offload.ko   /lib/modules/7.0.0-3-pve/kernel/net/ipv6/esp6_offload.ko

mors ~   10:31:49 
❯ ls /lib/modules/$(uname -r)/kernel/net/rxrpc/
 rxperf.ko   rxrpc.ko

mors ~   10:34:47 
❯ ls /lib/modules/$(uname -r)/kernel/fs/afs/kafs.ko
 /lib/modules/7.0.0-3-pve/kernel/fs/afs/kafs.ko

MoveTo + titleformat scripting is dangerously addictive.

This is the cursed setup I currently use for organizing my library. What kind of MoveTo / RenameTo scripts do you use?

The script

It auto-sorts albums by genre hierarchy, handles classical separately, trims long filenames, removes emoji, and keeps disc numbering aligned.

$puts(genre1,$cut(%genre%,$sub($strstr(%genre%,','),1)))$puts(genre1-sub,$puts(genre1,$cut(%genre%,$sub($strstr(%genre%,','),1)))$stripprefix(%genre%,$get(genre1)','))$puts(genre2,$cut($get(genre1-sub),$sub($strstr($get(genre1-sub),','),1)))$puts(discs,$len(%totaldiscs%))$puts(date,$left(%date%,4))$puts(composer,[$trim($substr(%COMPOSER%,$strrchr(%COMPOSER%, ),$len(%COMPOSER%)))])Music\album\$get(genre1)\$if($stricmp($get(genre1),CLASSIC),[%label%\]%Album%['['Disc $num(%discnumber%,$get(discs))']']['['$get(composer)']']$ifequal($len(%genre%),7,,'['$substr(%genre%,10,18)..']'),$get(genre2)\%album artist%'['$get(date)']'$replace($ifgreater($len(%album%),52,$left(%album%,28)__$right(%album%,24),%album%),✿,)['['Disc $num(%disc%,$get(discs))']'])

What it does

• Extracts 1st / 2nd genres for subfolders
• Uses label-based folders for classical music
• Extracts composer surname
• Keeps disc numbering aligned
• Truncates long album names safely
• Removes emoji from filenames (Linux compatibility)

Folder structure is roughly: Music/album/ROCK/PSYCHEDELIC/Shpongle [1998] Are You Shpongled？.flac Music/album/CLASSIC/ERATO/Fauré- La Musique De Chambre[Disc 08][Gabriel Fauré][chamber, ..].flac

That’s basically it. Maybe it’s a bit paranoid, but it works perfectly for my library.

If you have any cursed MoveTo / RenameTo scripts, please share them. I love seeing how people abuse titleformat.

My HomeLab Evolution: From a Single PC to a Cluster

The first image is the before photo. Everything else is after.

Mini PCs apparently reproduce asexually in dark rooms.
The mesh mod successfully improved airflow and absolutely failed at stopping dust.

After 6 hours of cable management I discovered a network loop and just started laughing.

🖥️ Node 01: The "Dead Fan" Mini-PC (AOOSTAR NM58)

• Role: experimental server
• Specs: AMD Ryzen 7 5800U | 64GB RAM | 2TB NVMe
• Note: My first mini-PC. The "Patient Zero" of this expanding server lab.(Yes, the fan collapsed, but it’s still kicking!)

🗄️ Node 02: Junk HDD NAS (JONSBO N4)

• Role: DIY NAS / Storage Pool
• Specs: AMD Ryzen 5 5500GT | 32GB RAM | 2TB NVMe
• Storage: Total 25TB HDD (Btrfs/RAID1: 4TBx2, 6TBx2, 8TBx2)
• Note: Built this to replace my Synology. It’s a "graveyard-turned-sanctuary" for all my old HDDs.

🗄️Node 03: NVMe NAS (GMKtec NucBox G9)

• Role: High-speed NVMe Storage
• Specs: Intel N150 | 12GB RAM | Total 4 drives (512GBx2, 1TB, 2TB NVMe)
• Mod: Custom Wire Mesh Mod and Copper Heatsink for cooling.
• Note: A dedicated home for all my spare M.2 drives. Highly customized for airflow.

🖥️ Node 04: White Main Machine (SilverStone SUGO 17)

• Role: Main Workstation / Proxmox Heavy Lifter
• Specs: AMD Ryzen 9 5950X | 80GB RAM | RTX 3060 12GB
• Storage: 2TB NVMe + 1.5TB SATA SSD + 8TB HDD
• Cooling: First AIO (Liquid Cooling) setup.
• Note: My partner since elementary school. After countless part swaps, no original atoms remain—it is truly the Ship of Theseus.

🛠️ Lab Stats & Connectivity

• Hypervisor: Proxmox VE 9 everywhere. (Running pve-kernel-7.x😎)
• Network: 10G/25G SFP+ Fiber Backbone (Mellanox ConnectX-4).
• Completely normal household infrastructure. There are only a few remote SBC nodes over Tailnet and about 203 IPv4 addresses still available.