|
An older NUC (8th gen is what I have) running proxmox and then you can run whatever distorts you want as VMs and mess around with LXC. Small, reasonable power usage, and very versatile. For running a NAS, different story but you always have the option of getting a Synology to make things easier on yourself. Personally I’m running unraid on old hardware because i like the flexibility of mixing drives, and the docker containers as apps store thing they have going on.
|
#
?
Jan 9, 2023 22:02
|
|
|
|
| # ? May 28, 2024 06:02 |
|
|
I use Openmediavault for my server. Which, despite its name, works great as one even if you aren't using it as a NAS. I have a seperate NAS that I mount as a cifs share. It's really nice because it has a built in webgui so it can run headless and makes doing a lot of stuff you'd need to do via terminal easier. Install omv-extras (https://wiki.omv-extras.org/) and it'll give you the ability to one click install docker (and will setup the corresponding user groups and so on) and also allow for one click installs and updates of portainer, which is also what I use to manage my docker containers.
|
|
#
?
Jan 9, 2023 22:04
|
|
|
Cool, thanks. Been doing a bit of side research and it sounds like I could power most of what I need on a ~$400 NUC with Unraid, then connect a Synology NAS when I grow beyond external USB SSDs. That sounds like the expensive option, but it also seems like I could run OMV on the NUC in the meantime. Is that correct?
|
|
#
?
Jan 9, 2023 22:57
|
|
|
Well Played Mauer posted:Cool, thanks. Been doing a bit of side research and it sounds like I could power most of what I need on a ~$400 NUC with Unraid, then connect a Synology NAS when I grow beyond external USB SSDs. That sounds like the expensive option, but it also seems like I could run OMV on the NUC in the meantime. Is that correct? Yep. You could run OMV on either bare metal or through proxmox as well if you'd like to be able experiment with multiple distros.
|
|
#
?
Jan 9, 2023 23:03
|
|
|
Well Played Mauer posted:Cool, thanks. Been doing a bit of side research and it sounds like I could power most of what I need on a ~$400 NUC with Unraid, then connect a Synology NAS when I grow beyond external USB SSDs. That sounds like the expensive option, but it also seems like I could run OMV on the NUC in the meantime. Is that correct? No need for UnRAID if you have a NUC. You can run proxmox which has filesharing built in and use LXC for any services you need and then slice the rest up into VMs for learning or whatever.
|
|
#
?
Jan 9, 2023 23:08
|
|
|
You could also try TrueNAS Core or Scale which are both free. I'd recommend Proxmox though. There are a lot of good resources out there and it sounds like it would be a good fit. Since you've recently set up pi-hole, if your trajectory is anything like mine, you should look at reverse proxies sometime soon. Traefik and Nginx are both worth looking into there and if you have your own domain it's a lot smoother to use that than a self-signed certificate. Then again, you might get along just fine without https. I just put off doing it for way too long and it ended up being easier than I thought.
|
|
#
?
Jan 9, 2023 23:34
|
|
|
Ah, interesting. With proxmox, I could toss it on the NUC and just run services inside VMs, right? Sounds like a better alternative than docker just for the customization options. Sorry if these questions are overly basic. I'm not a developer and most of my experience with linux was on the desktop side, so it's a different world than what I've experienced.
|
|
#
?
Jan 9, 2023 23:41
|
|
|
Generally, if you can run it in a container instead of a full VM, then that will help reduce overhead. But for some things you will want or need a VM. My Proxmox server has a Docker VM that runs a few things. edit: https://www.youtube.com/@TechnoTim Has some good Proxmox stuff. odiv fucked around with this message at 23:51 on Jan 9, 2023 |
|
#
?
Jan 9, 2023 23:48
|
|
|
Wanted to chime in here to say that CentOS Stream is now an upstream development branch of RHEL that may not be appropriate for this use case.
|
|
#
?
Jan 9, 2023 23:50
|
|
|
Gotcha. Generally speaking, would something like this cover me for a NUC? Figure I could drop like 32 gigs RAM and a 2.5" SSD in there and be up and running.
|
|
#
?
Jan 9, 2023 23:57
|
|
|
Well Played Mauer posted:Gotcha. Generally speaking, would something like this cover me for a NUC? Figure I could drop like 32 gigs RAM and a 2.5" SSD in there and be up and running. I run my setup on this at $150: https://www.amazon.com/dp/B07WLLR43R?ref=nb_sb_ss_w_as-reorder-t1_ypp_rep_k0_1_7&=&crid=1CLP6Q7NRXAT3&=&sprefix=optiple Its ram is already maxed out at 16 gigs, but I'm still okay while running quite a few applications.  I'll admit I'm getting reasonably close to redlining the RAM though. If you're not looking to run ~38 apps though you'll be fine. Nitrousoxide fucked around with this message at 00:42 on Jan 10, 2023 |
|
#
?
Jan 10, 2023 00:32
|
|
|
Serve the home has a whole series on SFF pcs so yeah don't get too attached to a NUC unless you find a sweet deal on one. Depending on where you are you can also trawl Craigslist or FB Marketplace. Used equipment is always a great place to start when you begin self hosting and homelabbing.
|
|
#
?
Jan 10, 2023 00:58
|
|
|
Nitrousoxide posted:I run my setup on this at $150: 44 containers. What are you running?
|
|
#
?
Jan 10, 2023 01:03
|
|
|
Nitrousoxide posted:I run my setup on this at $150: OK, yeah, this is a better option that I can more easily convince the wife of. Thank you!
|
|
#
?
Jan 10, 2023 01:08
|
|
|
Resdfru posted:44 containers. What are you running? 38 running. 6 of them are leftovers from the ci/cd pipelines running in my gitlab instance. They'll get cleaned up once a week on Saturday. The ones running: code:Well Played Mauer posted:OK, yeah, this is a better option that I can more easily convince the wife of. Thank you! Oh btw, I had to switch the boot on the optiplex to BIOS rather than uefi to get it to boot linux. Maybe I'm a dummy and it can be done with UEFI, but I just wanted to save you some effort getting that to work. There's a flag to do so in the boot menus. Nitrousoxide fucked around with this message at 02:00 on Jan 10, 2023 |
|
#
?
Jan 10, 2023 01:40
|
|
|
Nitrousoxide posted:
Good to know. I was thinking of either what you linked or maybe this one. I figure double the hard drive space for $4, but I also know Dell tends to be more driver-friendly.
|
|
#
?
Jan 10, 2023 04:16
|
|
|
Well Played Mauer posted:Good to know. I was thinking of either what you linked or maybe this one. I figure double the hard drive space for $4, but I also know Dell tends to be more driver-friendly. Poke around on the internet and make sure people were able to install linux okay on that, if so I think it'd be a better pick than my suggestion. It's also upgradable to 32 gigs of ram later if you want. https://support.hp.com/us-en/document/c05371240#AbT2
|
|
#
?
Jan 10, 2023 05:14
|
|
|
Found a dude in the reviews that as of October of last year was using it pretty much for my newbie use case - proxmox and plex for random stuff. Said the SSD is slow but otherwise seems like a good get. Thing gets here Thursday. Thanks for the help everyone. Looking forward to a million more dumb questions to send your way.
|
|
#
?
Jan 10, 2023 08:52
|
|
|
Nitrousoxide posted:38 running. 6 of them are leftovers from the ci/cd pipelines running in my gitlab instance. They'll get cleaned up once a week on Saturday. nice, which homepage do you use? I've had Dashy, Homepage, homer, homarr, heimdall, and I'm sure I'm forgetting one. I just can't decide which one I like. I usually use Heimdall cause its actually set up as its the first one I ever tried. Do you use gitlab just for managing the homelab stuff, or is it doing other stuff? I thought about self hosting but in the end I just decided to use Github. I just have github actions that uses my self hosted runner which in turn has full access to docker to run compose up on all my containers. This is probably breaking 100 different security rules but none of this is accessible publicly so if anyone is accessing any of it I'm screwed anyway. also portainer could literally do the same thing out of the box but I wanted to do it this way for no reason my containers. I like seeing what other people are running to get ideas. but dont wanna spam: traefik, kanboard, syncthing, readarr, wud (whats up docker), prowlarr, lazylibrarian, homarr, github_runner, tautulli, bazarr, ubooquity, mylar3, plex, overseerr, radarr, sabnzbd, heimdall, duplicati, sonarr, portainer, adguard, unifi-controller the next thing I'm doing is moving most of these to kubernetes across 3 nodes for fun and learning
|
|
#
?
Jan 10, 2023 22:18
|
|
|
Resdfru posted:nice, which homepage do you use? I've had Dashy, Homepage, homer, homarr, heimdall, and I'm sure I'm forgetting one. I just can't decide which one I like. I usually use Heimdall cause its actually set up as its the first one I ever tried. I keep two instances running. One of Homepage and another of Homer. The first is for my apps and all the urls go through my internal reverse proxy. The second one, Homer, just links directly to their IP so I can still get to the sites if needed if my reverse proxy is down. I could probably replace the latter with bookmarks in my browser. I rarely use it. I only direct connect to my server IP if I'm updating it and it'll be updating the docker.io package since that would take down the reverse proxy and I'd loose access to it mid update. Homepage is nice becase i've exposed the docker.socket to it (in RO only mode so it can't actually mess with it) and it can see my container statuses and health. It also links up to a bunch of containers with their API's so it can return stats on them.  Resdfru posted:Do you use gitlab just for managing the homelab stuff, or is it doing other stuff? I thought about self hosting but in the end I just decided to use Github. I just have github actions that uses my self hosted runner which in turn has full access to docker to run compose up on all my containers. This is probably breaking 100 different security rules but none of this is accessible publicly so if anyone is accessing any of it I'm screwed anyway. also portainer could literally do the same thing out of the box but I wanted to do it this way for no reason There are three applications I made my own dockerfiles for services where the actual dev didn't make a docker image. So to keep those updated I wanted a CI/CD pipeline to automatically build them, check that they work, and deploy it to an image registry which watchtower can check against the currently deployed image to see if there's an update. Gitlab is kind of a big chungus, chewing up 4 gigs of ram, so I'd not recommend it unless you need the more advanced features like I'm using. If you just need a lightweight git host gitea is significantly lighter on its system resources. I also keep my docker-compose backups in a git repo as well as mirror a few ones I've found on github which I need for odd stuff in my home. (example: https://github.com/andymor/keychron-k2-k4-function-keys-linux) Just in case they ever go away I'll have my own version. I guess I could fork it on github but that's easy heh.
|
|
#
?
Jan 10, 2023 22:50
|
|
|
Does anyone know of a free or very cheap voip setup I can use to play MP3s when someone calls the number? I want to set up a memey phone line like emergency oates.
|
|
#
?
Jan 11, 2023 02:19
|
|
|
If you are hosting the hardware, asterisk can easily do it (freepbx if you need the Gui I guess). But you'll still need a telco provider. Probably something like https://voip.ms is your best bet if you don't want to host anything yourself. (look for the announcement option)
|
|
#
?
Jan 11, 2023 02:30
|
|
|
Welp, it's happening. I grabbed a GT-AX6000 so I can control the network better than the Google Fiber router. The SFF machine gets here Thursday along with a 1TB SSD to drop into it. My plan is to install Proxmox and get a Pi-Hole/Unbound VM running with ubuntu server as a first project. I think for now I'm going to leave the Plex suite on my Macbook and eventually migrate media storage to OpenMediaVault next time I need to add a new drive. I'm also pretty jazzed about getting a VM with Docker/Portainer just to learn it better. This poo poo is cool. It's pretty amazing how much you can do.
|
|
#
?
Jan 11, 2023 04:52
|
|
|
Welcome! Take a look at my post above and Nitrousoxide for some more stuff you can run. These guys have a lot of containers for various app they maintain that you can run: https://docs.linuxserver.io/ And this is a massive list of cool poo poo you can host https://github.com/awesome-selfhosted/awesome-selfhosted and I just looked at the first post in this thread, it has some pretty cool stuff too! Nitrousoxide posted:The second one, Homer, just links directly to their IP so I can still get to the sites if needed if my reverse proxy is down. I have a task in my Kanboard to set up a second instance of Heimdall (or whatever I settle on) for the same reason. Just a way to get to stuff if Traefik goes down or my domain stops working or whatever. I'm sure I'll get around to doing it. Someday. Homepage is nice, but I've been lazy about configuring it. I think one of the ones I mentioned has autodiscovery if given access to docker and thats probably the one I'll end up using if I didn't just imagine that. Nitrousoxide posted:I guess I could fork it on github but that's easy heh. 
Resdfru fucked around with this message at 05:35 on Jan 11, 2023 |
|
#
?
Jan 11, 2023 05:25
|
|
|
Nitrousoxide posted:Homepage is nice becase i've exposed the docker.socket to it (in RO only mode so it can't actually mess with it) and it can see my container statuses and health. That's not how sockets work. Bind mounting in a socket with the ro option only means that the container can't delete the socket itself, but you're still giving away full access to control dockerd (which is equivalent to giving away root access to the host system unless you're running dockerd in rootless mode).
|
|
#
?
Jan 11, 2023 10:14
|
|
|
Keito posted:That's not how sockets work. Bind mounting in a socket with the ro option only means that the container can't delete the socket itself, but you're still giving away full access to control dockerd (which is equivalent to giving away root access to the host system unless you're running dockerd in rootless mode). That's actually why one of the containers I run is docker-socket-proxy https://github.com/Tecnativa/docker-socket-proxy which acts to relay the socket info to whatever service I want without handing over root access to the system itself. Of course, the proxy itself still has access to the real docker socket so it's a potential threat vector, but it limits the number of additional access points to that socket to just one rather than an arbitrarily large number.
|
|
#
?
Jan 11, 2023 16:08
|
|
|
My tiny little server machine got here last night! I got proxmox up and running with pi-hole and unbound running in a Debian 11 VM. Took longer than I’d hoped but for a first run it was still surprisingly straightforward thanks to YouTube. Proxmox is really loving cool. That console virtualization in the browser blew me away. I think my next thing is gonna be a Portainer VM that I throw Heimdall or something similar on to try out. That or a reverse proxy because I’m tired of typing port numbers into everything. One question: my “networked” storage (a few terabytes of external SSDs) is attached to the server and my MacBook. For my current purposes that seems to be working well enough, but is that pretty much how it works until you get a dedicated NAS? I saw some Synology boxes on eBay and Craigslist that weren’t shockingly expensive for 4-drive plus setups that were a few years old, but I’m not quite ready to drop more money into this just yet.
|
|
#
?
Jan 13, 2023 16:12
|
|
|
I suggest reverse proxy next. I put it off for much longer than I should have and it's really nice to have it set up now. Do you own a domain you can set up an SSL certificate with? Also, backups! Do you have proxmox set to backup your VM(s) on a regular basis? If you get scheduled backups set, then it's pretty easy to add whatever VM/CT to it.
|
|
#
?
Jan 13, 2023 16:49
|
|
|
odiv posted:I suggest reverse proxy next. I put it off for much longer than I should have and it's really nice to have it set up now. Do you own a domain you can set up an SSL certificate with? I'm still kind of at a loss for how to do this so please share any guides you come across that end up working for you! I do have Overseerr running through an nginx reverse proxy pointing at a duckdns URL but doing it internally to my network seems really hard!
|
|
#
?
Jan 13, 2023 16:57
|
|
|
You can set up LetsEncrypt with a subdomain from afraid.org (or another DNS service) if you don't own a domain.
|
|
#
?
Jan 13, 2023 16:58
|
|
|
Reverse proxy is a must. I've got Bitwarden and Nextcloud as public-facing services that I run through the proxy. Protip, run let's encrypt on the proxy itself and things become easy. Edit: I don't have this installed, but I've heard good things about this: https://nginxproxymanager.com/ I've got Nginx set up manually but this seems kind of turnkey? Zapf Dingbat fucked around with this message at 17:29 on Jan 13, 2023 |
|
#
?
Jan 13, 2023 17:26
|
|
|
Yeah I have a domain that I have hosted through a provider to facilitate a personal protonmail service. I’m thinking I’ll eventually want to take that mail server internal to save the $80/year or whatever the hosting costs, but they offer LetsEncrypt. I’m pretty in the dark on reverse proxies though. Searching wasn’t super helpful either. Is there a dummies guide on how they work?
|
|
#
?
Jan 13, 2023 17:39
|
|
|
I did this on mine, it was pretty painless https://major.io/2021/08/16/wildcard-letsencrypt-certificates-traefik-cloudflare/ I have my domain pointed to an internal ip, so they only resolve internally but it's nice not having a bunch of cert errors I briefly played with a cloudflare zero trust tunnel and it works nice and it's cool having sso in front of my stuff but I have a VPN and have no need for it so I turned it off
|
|
#
?
Jan 13, 2023 17:58
|
|
|
Zapf Dingbat posted:Edit: I don't have this installed, but I've heard good things about this: https://nginxproxymanager.com/ I can find a guide when I'm a little less busy, but nginx proxy manager has a gui and is pretty straightforward.
|
|
#
?
Jan 13, 2023 18:20
|
|
|
Traefik or NGINX proxy manager are the two options I would recommend. Traefik is cool because it will automatically pick up and create the proxy routing if you setup docker (or podman) containers on the same server and give them the right labels (and you give it access to the docker.sock file so it can get access to a stream of data on what's being spun up/down). This means it'll spin up whatever proxy you need as you need it provided you get those labels right in the docker-compose file. It gets somewhat more complicated if you're doing any proxying outside of services hosted on the same machine as Traefik though. NGINX Proxy Manger (what I use) is nice in that it's got a graphical UI you can use. It's also just as easy to proxy a local service as it is a service on another machine. You can also do local dns resolution with the reverse proxy with both of these services if you have something like a pihole (what I do). All my services can be connected to with (servicename).internal.(domain).(tld) and cannot be accessed from outside of a local IP by setting the access lists to only allow these IP Ranges: 10.0.0.0/24 172.0.0.0/8 192.168.0.0/16 Which (I believe) should account for every possible reserved local IP address. And then you can also set services that you want to be accessible to the world at large (like my Nextcloud instance for example so I can share items with people) to not use the local IP restriction. Nitrousoxide fucked around with this message at 21:30 on Jan 13, 2023 |
|
#
?
Jan 13, 2023 18:29
|
|
|
Also look at Cloudflare tunnel for things you want to expose to the internet. It is super easy to setup and manage. Don't route video through it though.
|
|
#
?
Jan 13, 2023 20:57
|
|
|
I think I'm gonna get a VM going with Portainer to set up this reverse proxy and other docker-oriented apps. I'll probably throw Debian 11 or whatever on it. I'm not sure how much hardware to provision it, though. The machine I have is a quad-core i5 with 16 gigs of RAM. Can I get away with giving it a couple cores and like 4-5 gigs of RAM? Is that too little, too much?
|
|
#
?
Jan 13, 2023 22:13
|
|
|
Well Played Mauer posted:I think I'm gonna get a VM going with Portainer to set up this reverse proxy and other docker-oriented apps. I'll probably throw Debian 11 or whatever on it. I'm not sure how much hardware to provision it, though. The machine I have is a quad-core i5 with 16 gigs of RAM. Can I get away with giving it a couple cores and like 4-5 gigs of RAM? Is that too little, too much? That's plenty probably. You should be able to increase the hardware provisioning later if you find it's not performant too.
|
|
#
?
Jan 13, 2023 23:46
|
|
|
Fantastic, thanks!
|
|
#
?
Jan 13, 2023 23:52
|
|
|
|
| # ? May 28, 2024 06:02 |
|
|
Please don't try and selfhost your mail, just keep the proton sub
|
|
#
?
Jan 14, 2023 00:09
|
|
