Dear selfhosters!
I come to you in the hope of help for avoiding some rookie mistakes.
I plan to migrate my very diverse hard- and software environment to a single machine.
Current mode of operation
I operate several RaspberryPis, a hardware firewall running on OpenWRT and a NUC like mini PC.
The RaspberryPis more or less are there for a single function; one runs Nextcloudpi, two run PiHoles, another one runs iSpy.
The mini PC is for the tasks that are heavier on CPU, RAM or storage space.
Maintaing this has become somwehat cumbersome and a replacement is dearly needed. My plan is to move all to a Proxmox sever.
I do have a general idea how to set up things, but as I'm brand new to Proxmox, I fear that there's a lot of mistakes to be made. I haven't read all documentation, but enough to know that it's no easy task to set up and operate Proxmox properly.
I'm aware that not having server hardware (e.g. no ECC RAM) is not the best setup, but AFAIU at least having a data centre SSD and lots of RAM is a good start.
Hardware
In the future all services are meant to run on this machine:
Case/Mainboard: AsRock Deskmeet X300
CPU: AMD Ryzen 5 5600GT
RAM: 64 GB
Storage:
- 480 GB SSD (Intel DC S4500 Series)
- 4 TB SSD (Team Group MP44)
- 16 TB HDD (Seagate Exos, yeah, I know, but realized too late...)
OS: Proxmox 8.3.1
Future mode of operation
Here's a high-level scheme of what I plan to do:
- Install Proxmox on the Intel SSD
- Use the 4 TB SSD as storage drive for the machines
- Use the 16 TB HDD as storage drive for backups and additional storage (for files that mainly get read like media) for the machines
- Migrate each physical device to a virtual machine (or create a new one to replicate the service)
- Repurpose the mini PC as Proxmox backup server
Help!
The areas where I think reading documents can't beat experience are:
- Do I use BTRFS or ZFS? I tend to use ZFS because of its advantages when making backups. What would you do?
- Do I use QEMU/KVM virtual machines or LXC/LXD cointainers? Performance wise QEMU emulating the host architecture should be the way to go, right?
- I shy away from running all services as Docker on the same machine for backup/restore purposes and rather have VMs per service. Is there anything wrong with this approach?
- I'd love to keep NextcloudPi (because it'd make it easy to migrate settings and files) and there's an LXD container for it. Would you recommend doing a switch to Nextcloud AIO instead?
- I've equipped the Deskmeet X300 with a WiFi card and antennas. AFAIU trying to use WLAN instead of LAN will create some trouble. Has anyone running Proxmox on a machine with WLAN insteal of LAN access successfully?
- I'm aware that Proxmox comes with a firewall, but I don't feel very confortable using a software firewall running on the same machine that hosts the virtual machines. Is this just me being paranoid or would you recommend putting a hardware firewall between the internet access and the Proxmox server?
- What else should I think of, but haven't talked about/asked yet?
Thank you very much for your time and your suggestions in advance!
Thank you for advising me of your concerns!
That'd require moving all to a different hardware platform. I hope to get the risks associated with failing drives mitigated by the Proxmox backup server
That's good advice! It seems I need to get comfortable with automatic backups of Docker containers and data volumes
Getting familiar with Proxmox is indeed one of the reasons I switched to that route. My initial plan was to replace the mini PC with the X300 and move all to docker. Then one consideration lead to another. Maybe I need to re-evaluate whether going the Proxmox route is worth the trouble.
I agree that's another reason for having a hardware firewall besides the security aspects of having one.
The containers will store their data in volumes, and ideally those volumes are individual ZFS datasets. The containers themselves are stateless, and you can just boot them up with the volume to "restore" them.
However if you want to learn proxmox anyway this is a moot point anyway.