cross-posted from: https://sh.itjust.works/post/39436154

Hello everyone, I'm building a new server for the house, it will act as
a NAS for everyone and host a few services like paperless, immich, baikal, jellyfin, syncthing probably navidrone, etc. The main reason I'm building a new one is that my current one is a HP prebuilt with a 3rd gen i5 and 8GB ram that is slowly beating the bucket, my 4TB HDD is completely full and there's no more sata ports nor space in the case.

I am fully psychologically prepared to be 24/7 tech support, but after all I already am, and in this way I have to support services for which I know how they work (and that I trust!) and not some strange Big Tech service whose UI and inner workings changes every other day.

For reference my new build is:

• CPU: Ryzen 5 PRO 4560G + stock cooler. Has integrated graphics, can use it for Jellyfin transcoding.
• RAM: Corsair Vengeance 2x8GB (from my desktop before I upgraded to 64GB RAM. If needed in the future I will upgrade the capacity and probably switch to ECC, I've chosen the CPU since it has support for it)
• SSD NVME (boot+VM storage): Verbatim VI3000 512GB
• Storage (SATA): 4x12TB Seagate Enterprise (White label) to use ZFS and Raid Z1 + 1x512GB Samsung SSD as cache.

I'm planning on using proxmox on bare metal and spin up VM/containers as needed, for which I'm wondering:

• I know proxmox can manage ZFS arrays, is it better to create the array via proxmox, then share it as needed via something like openmediavault in vm/container OR to create a TrueNAS VM and passthrough the SATA controller to it, then manage everything via TrueNAS? I've done the latter in the past on another server, it's holding strong

• I don't know if exposing the server to the open internet is a good idea (of course with fail2ban and a firewall properly configured) or to just keep a VPN connection to the server always open. I think the latter would be more secure, but also less user-friendly for parts of the family. I'm using wireguard currently to remote into my server when needed, and sometimes networks like eduroam in my university block it completely.

  • Self signed SSL certificates might also be a problem in the latter case

• Since I will experiment with this server a little bit, I was thinking of keeping:

  • One VM for services for the family (exposed to internet or VPN)
  • One VM for services I still want to expose (I currently expose a couple websites for friends with data archived in my NAS)
  • One VM for me to experiment with before going in "production" for the family

Each VM would host its services using Docker+Portainer.
My question is: is this too convoluted? Should I just use proxmox's LXC containers (which I have no experience with) and host services there?

I was also thinking of spinning up a pfsense/opnsense box and put the server into a separate VLAN from the domestic lan. But that will be a project for a second time. Unfortunately the way ethernet is wired in my house and for the physical space I have available prevent me from separating the networks by physically using another router.

Thanks!

this is me. i originally had truenas core on bare metal but wanted to be able to do more, so truenas is a vm running the same exact pools as before.

proxmox is so goddamn slick!

lxcs for docker compose stacks,

another proxmox setup with backup truenas, rsync weekly!

what do you use your virtualized proxmox for?

Also if you're considering new hardware already I really recommend looking into surplus enterprise gear. I run my whole lab on an R730XD. It holds a ton of drives, has an IDRAC (I can't live without it now), ECC for extra peace of mind during ZFS scrubs, and they hold an insane amount of inexpensive RAM. They're fairly cheap on eBay or from refurbishment companies. Bring your own drives with warranties though, used drives are a headache. Servers like this can be really noisy though, I keep mine in the basement.

I've briefly considered it but it is out of the question for me. Not enough space in the house and enterprise gear is way too noisy. This setup will probably sit next to the TV in the living room so it has to be as silent as possible.

I've seen this floating around. But is this solid info? I mean, a big percentage of users does not have Synology HDDs, what would happen if they implement this? Maybe this will be the case for business uses of some of their apps?

What taxon said.

Most of my services have their own lxc with docker.

A few that need it are vms

It works so well i often forget how i set things up because its very leave and forget about it,
Keeps working.

So your running one lxc with one docker container in it?

Aha! I was considering moving from proxmox to incus too, but incus seemed quite new and not much documentation (at the time)

How do you find it now?

Really great. Passing through hardware is a lot easier, settings can be defined in profiles (containers that should start with boot, which should have uid/gid mapping, privileged, etc), and overall system memory usage is way lower.

Nice. I'll go that way when I next brave the dust and cobwebs where the server's currently located

cross-posted from: https://sh.itjust.works/post/39436154

Hello everyone, I'm building a new server for the house, it will act as
a NAS for everyone and host a few services like paperless, immich, baikal, jellyfin, syncthing probably navidrone, etc. The main reason I'm building a new one is that my current one is a HP prebuilt with a 3rd gen i5 and 8GB ram that is slowly beating the bucket, my 4TB HDD is completely full and there's no more sata ports nor space in the case.

I am fully psychologically prepared to be 24/7 tech support, but after all I already am, and in this way I have to support services for which I know how they work (and that I trust!) and not some strange Big Tech service whose UI and inner workings changes every other day.

For reference my new build is:

• CPU: Ryzen 5 PRO 4560G + stock cooler. Has integrated graphics, can use it for Jellyfin transcoding.
• RAM: Corsair Vengeance 2x8GB (from my desktop before I upgraded to 64GB RAM. If needed in the future I will upgrade the capacity and probably switch to ECC, I've chosen the CPU since it has support for it)
• SSD NVME (boot+VM storage): Verbatim VI3000 512GB
• Storage (SATA): 4x12TB Seagate Enterprise (White label) to use ZFS and Raid Z1 + 1x512GB Samsung SSD as cache.

I'm planning on using proxmox on bare metal and spin up VM/containers as needed, for which I'm wondering:

• I know proxmox can manage ZFS arrays, is it better to create the array via proxmox, then share it as needed via something like openmediavault in vm/container OR to create a TrueNAS VM and passthrough the SATA controller to it, then manage everything via TrueNAS? I've done the latter in the past on another server, it's holding strong

• I don't know if exposing the server to the open internet is a good idea (of course with fail2ban and a firewall properly configured) or to just keep a VPN connection to the server always open. I think the latter would be more secure, but also less user-friendly for parts of the family. I'm using wireguard currently to remote into my server when needed, and sometimes networks like eduroam in my university block it completely.

  • Self signed SSL certificates might also be a problem in the latter case

• Since I will experiment with this server a little bit, I was thinking of keeping:

  • One VM for services for the family (exposed to internet or VPN)
  • One VM for services I still want to expose (I currently expose a couple websites for friends with data archived in my NAS)
  • One VM for me to experiment with before going in "production" for the family

Each VM would host its services using Docker+Portainer.
My question is: is this too convoluted? Should I just use proxmox's LXC containers (which I have no experience with) and host services there?

I was also thinking of spinning up a pfsense/opnsense box and put the server into a separate VLAN from the domestic lan. But that will be a project for a second time. Unfortunately the way ethernet is wired in my house and for the physical space I have available prevent me from separating the networks by physically using another router.

Thanks!