Unifi. I’ve got a box of APs as ewaste just sitting in the basement. Every so often I would get more ewaste from companies I work with.
I don’t need the most demanding of wifi systems. I hardwire most of my stuff whenever possible. And I have a fairly small home. A single AP on the main floor, 1 AP on the basement. 1 AP in the detached garage.
Most of my wifi devices are iot things on their own vlan.
I’m a big fan of ipmi so I can remotely manage it. I’d look at one of these now: https://www.starwindsoftware.com/blog/supermicro-superserver-e200-8de300-8d-review/
I don’t really like having to connect a monitor and keyboard when working on my servers now.
Storage is really limited for TV and movies though if you are running Plex.
If you want to host something like libre office, just remember how important backups actually are. If you take the risk of hosting business documents, make sure you do everything necessary to protect them.
I wouldn’t, you’ll lose a lot not having it manage the disks such as using dissimilar disks for the array and having it spin down unused disks. You might be able to pass disks through so the unraid VM can manage them directly, but it might be harder than I’d personally want to deal with.
If you aren’t running VMs much. Truenas scale I believe can do docker well. I’ve seen a lot of people put that in a VM on proxmox with disks passed through to be used as the NAS portion.
Plex data, pi hole, and home assistant don’t contain anything meaningful. No credentials are stored in a form that can be reused.
The most sensitive is immich, which I’m more concerned about backups than I am someone might steal my nudes. Their online anyway.
Email is hosted off-site and I still have physical files for a lot of my documents. If someone stole hdds out of my server, they’d get a lot of Linux isos, pictures of cars, porn, tons of versioned software and games installers, etc.
Maybe my definition of sensitive is different than yours though.
Nope. This isn’t part of my threat model.
I don’t have sensitive data and stealing a drive would be inconvenient for a thief.
So many people didn’t read the post and going off how raid isn’t backup.
There are a few things to consider. How much data is it? How is it connected? How reliable do you want it to be? Where is it going to be? How are you backing it up? How will you monitor the disk(s) and backup process for failures?
Is it at some place that will be a pain to deal with if a hard drive dies, like a friend’s house or something. I’d deal with raid so it wouldn’t be an immediate reason to go fix it or go without backups.
Is it small enough amounts of data that you could have a complete third copy if you didn’t put the disks in raid? Then I’d probably make multiple copies and not use raid.
Are you dealing with something like veeam doing backup chains? Having an initial copy and then incremental with changes where you can go back to different days? Go with raid because having to reconfigure can be a hassle or having a full and incremental across jbods could cost you all the backups if the disk with the full backup is lost.
Either or is a valid choice and depends on your particular needs.
It has parity disks, which always need to be the largest disks in your array. You can run with either a single one double parity disk.
It seems to work well, as that’s how I’ve had to replace a dozen disks in the last year upgrading from 8tb disks to 18 or 22tb disks.
Since you are talking mismatched disks, I have gone to unraid after running a ceph cluster. I found it easy to keep adding and upgrading disks in unraid where it made more sense than maintaining or adding nodes. While I like the concept of being able to add nodes for very large storage arrays. My current unraid server is 180tb.
It is super simple to add/upgrade the storage one disk at a time.
Regrettably, there is currently no substitute product offered.
I really don’t think you regret a God damn thing broadcom.
As you’ve found, proxmox isnt an application that runs on windows or Linux. It’s an OS that you can install. And yes, you can configure bit to auto start the VMs when the machine boots.
It’s designed to run headless, so you’ll do all your configurations from a web browser. If you want to go crazy, I’m sure that raspberry pi can be configured as KVM for it (though piKVM is a bit of extra hardware.)
If you have something like tailscale or wireguard to a machine in the house, you can easily reach the web gui from any other machine on the VPN network and reboot the VMs that way.
You can even build monitoring that reboots the pihole VM of it stops responding to DNS queries.
Why are you wanting to move the VM to a bare metal install?
In my experience, I would think the more efficient method is to install a hypervisor like proxmox and move the VM and there. And then run another VM for pihole, and maybe even a third for tailscale. It lets you have the ability to expand as you need and to better manage backups and services easier.
Otherwise, if you are determined to go from VM to bare metal, you want to find a backup solution that can backup the whole machine and restore it with a recovery disk. I think veeam and Acronis would work. There are tons out there.
Consider power line adapters instead of wifi.
I’ve pared mine down a lot. The biggest hurdle for me has been storage.
It used to be 5 2u servers running a ceph cluster, but that got to be expensive and unruly.
Now it’s mainly a small half depth supermicro for my firewall, a half depth supermicro for home assistant, a 2u Dell for unraid, and a small NAS.
Unraid houses Plex and the *arrs. Along with a handful of other useful services like immich.
I do colo a 1u HP though that houses my pbx, web server, unifi controller, jirai server, nextcloud, email, and a bunch of other servers that I run.
Now, I’ve got a lot of spare hardware though. 7 Dell 1u servers, 2 Dell 2u, a supermicro 3u, an HP 2u and a bunch of things clients that I might turn into replacements for my rokus.
This comes into the design and requirements for your services.
If they need to be public ally available to more than just you, you’ll want a reverse proxy and appropriate firewall rules. You’ll also need to make sure things stay updated and security hardening is done on the servers and the proxy.
If you just need yourself to access things and they don’t need full access from public internet, you want a VPN. Tailscale is pretty easy. Wireguard is a bit of work to set up, but can make for a good always on VPN for your devices to connect back into your home network to access what you want.
There are certain things like SSH that you really don’t want publically accessible over the internet. Even with fail2ban and all the security hardening, it’s just a headache and pointless traffic you’ll deal with as people try to get in anyway.
Honestly, I am just so curious about your threat model that you are considering this for self hosting.
My more recent experience has been this comes from using residential ISP IPs or cloud provider IPs. These are almost always just permanently in a grey list because AWS, Google Cloud, Azure, and digital ocean instances are so quick, cheap, and easy to setup and cycle through IPs on.
My colo provided IP block hasn’t had any issues sending emails.
Not to knock on the security, but what is the threat model you are protecting against?
I see people harp on about security and you can do X or you need to do Y as if they hold a million bucks in Bitcoin to protect.
We make concessions every day with security for convenience. Most people’s threat model doesn’t include wire guard might respond to connection attempts without the proper key AND this will somehow allow an attacker to leverage a vulnerability in wire guard to gain access. However, I admit that some people’s paranoia makes them want to add every bit of security they possibly can even if it’s the most frustrating day to day usage.
Self hosting individuals aren’t a lucrative target for ransomware. Nor is it for most targeted hacking attempts.
Because no one needs access externally. Overseerr is public facing and passes the requests to the arrs.
It’s not about secure access, it’s that no one outside my house, me included, really needs access to them at all.
Both. Some things are only resolvable internally or over wireguard. Some things are publicly accessible via a reverse proxy.
Overseerr, bitwarden, plex all have ports open or through the reverse proxy. Same with email and a few other services. All the *arrs are accessible only on my network or over VPN.
Att’s usage meter sucks.