cross-posted from: https://sh.itjust.works/post/39436154
Hello everyone, I'm building a new server for the house, it will act as a NAS for everyone and host a few services like paperless, immich, baikal, jellyfin, syncthing probably navidrone, etc. The main reason I'm building a new one is that my current one is a HP prebuilt with a 3rd gen i5 and 8GB ram that is slowly beating the bucket, my 4TB HDD is completely full and there's no more sata ports nor space in the case.
I am fully psychologically prepared to be 24/7 tech support, but after all I already am, and in this way I have to support services for which I know how they work (and that I trust!) and not some strange Big Tech service whose UI and inner workings changes every other day.
For reference my new build is:
- CPU: Ryzen 5 PRO 4560G + stock cooler. Has integrated graphics, can use it for Jellyfin transcoding.
- RAM: Corsair Vengeance 2x8GB (from my desktop before I upgraded to 64GB RAM. If needed in the future I will upgrade the capacity and probably switch to ECC, I've chosen the CPU since it has support for it)
- SSD NVME (boot+VM storage): Verbatim VI3000 512GB
- Storage (SATA): 4x12TB Seagate Enterprise (White label) to use ZFS and Raid Z1 + 1x512GB Samsung SSD as cache.
I'm planning on using proxmox on bare metal and spin up VM/containers as needed, for which I'm wondering:
I know proxmox can manage ZFS arrays, is it better to create the array via proxmox, then share it as needed via something like openmediavault in vm/container OR to create a TrueNAS VM and passthrough the SATA controller to it, then manage everything via TrueNAS? I've done the latter in the past on another server, it's holding strong
I don't know if exposing the server to the open internet is a good idea (of course with fail2ban and a firewall properly configured) or to just keep a VPN connection to the server always open. I think the latter would be more secure, but also less user-friendly for parts of the family. I'm using wireguard currently to remote into my server when needed, and sometimes networks like eduroam in my university block it completely.
- Self signed SSL certificates might also be a problem in the latter case
Since I will experiment with this server a little bit, I was thinking of keeping:
- One VM for services for the family (exposed to internet or VPN)
- One VM for services I still want to expose (I currently expose a couple websites for friends with data archived in my NAS)
- One VM for me to experiment with before going in "production" for the family
Each VM would host its services using Docker+Portainer. My question is: is this too convoluted? Should I just use proxmox's LXC containers (which I have no experience with) and host services there?
I was also thinking of spinning up a pfsense/opnsense box and put the server into a separate VLAN from the domestic lan. But that will be a project for a second time. Unfortunately the way ethernet is wired in my house and for the physical space I have available prevent me from separating the networks by physically using another router.
Thanks!
My setup is TrueNAS SCALE on bare metal with VMs for Proxmox and Jellyfin. I pass an Arc A380 to Jellyfin for transcoding and it works great. I also leverage LXC contains a lot for small services. I keep everything behind a VPN. It's pretty easy to distribute Wireguard configs and import them on most OSes, but It's been a mixed bag getting family members to use it though.
I'm a fan of having dedicated network hardware and VLANs on one router. I generally go for Mikrotik. I used to run pfsense on a VM and when the server when down so did everything else, which caused the house to erupt into chaos.
Also if you're considering new hardware already I really recommend looking into surplus enterprise gear. I run my whole lab on an R730XD. It holds a ton of drives, has an IDRAC (I can't live without it now), ECC for extra peace of mind during ZFS scrubs, and they hold an insane amount of inexpensive RAM. They're fairly cheap on eBay or from refurbishment companies. Bring your own drives with warranties though, used drives are a headache. Servers like this can be really noisy though, I keep mine in the basement.
I'll also suggest a second drive to mirror your boot drive. You can and should back up your configs but a mirror saves headache and down time if the boot ssd fails. Probably even more important if you're planning on using this pool for VM storage.
Have fun! π
what do you use your virtualized proxmox for?
Pretty much everything else virtualization. I have a few small LXC containers running Ad Guard and Unifi Controller, and VMs for a gitlab instance, gitlab runner, and some game servers. I could host all that in TrueNAS directly but I like proxmox's UI.
I've briefly considered it but it is out of the question for me. Not enough space in the house and enterprise gear is way too noisy. This setup will probably sit next to the TV in the living room so it has to be as silent as possible.
Oh ya makes sense. Anything in a rack form factor would be much too loud to live with. I think in that case you've made great choices in hardware!