Comment

Do I use BTRFS or ZFS? I tend to use ZFS because of its advantages when making backups. What would you do?

Usually VMs are usually I/O starved therefore I would try to go as lightweight as possible and chose Ext4 or XFS (depending on what the VM is used for). The VMs can be backed up whole by Proxmox. You have more than enough space to do that and it’s considerably easier to set up. And honestly how big could the containers and VMs be? I guess the containers are 50-200 MB and a VM a few GBs. That’s almost nothing.

Do I use QEMU/KVM virtual machines or LXC/LXD cointainers? Performance wise QEMU emulating the host architecture should be the way to go, right?

LXC containers are way more lightweight than VMs. I depends on what you want to do. Docker and a file server work better in a VM so far but Pi-hole and Jellyfin run perfectly in a container.

I shy away from running all services as Docker on the same machine for backup/restore purposes and rather have VMs per service. Is there anything wrong with this approach?

I would go for LXC first. If that isn’t possible or too cumbersome I would try docker (in a VM) next and one-VM-per-service last as they need the most resources.

I’d love to keep NextcloudPi (because it’d make it easy to migrate settings and files) and there’s an LXD container for it. Would you recommend doing a switch to Nextcloud AIO instead?

Sorry, no idea.

I’ve equipped the Deskmeet X300 with a WiFi card and antennas. AFAIU trying to use WLAN instead of LAN will create some trouble. Has anyone running Proxmox on a machine with WLAN insteal of LAN access successfully?

I would always try to connect it to LAN.

I’m aware that Proxmox comes with a firewall, but I don’t feel very confortable using a software firewall running on the same machine that hosts the virtual machines. Is this just me being paranoid or would you recommend putting a hardware firewall between the internet access and the Proxmox server?

No idea. I wouldn’t mind a firewall container. If something breaks through you are fucked one way or the other. The firewall in your router isn’t much different than any other.
You should always go for Wireguard or another VPN to access your network from the outside.

What else should I think of, but haven’t talked about/asked yet?

Helper scripts for beginners: community-scripts.github.io/ProxmoxVE/
Just give them a look.

And it seems you are ignoring Proxmox’ LXC. They are one of main reasons to pick that software.

source

Sort:hotnew top

zergtoshi@lemmy.world ⁨2⁩ ⁨months⁩ ago
Thanks a million for the extensive feedback, especially because it’s enriched by your own experience!

Usually VMs are usually I/O starved therefore I would try to go as lightweight as possible and chose Ext4 or XFS (depending on what the VM is used for). The VMs can be backed up whole by Proxmox. You have more than enough space to do that and it’s considerably easier to set up. And honestly how big could the containers and VMs be? I guess the containers are 50-200 MB and a VM a few GBs. That’s almost nothing.

I suppose your expectations about VM size are appropriate. The RaspberryPis have 8 GB SD cards and there’s quite some space left on them. I don’t know why the space requirement should be very different on a VM. Going from Raspbian/Armbian to Debian shouldn’t play that much of a role size wise.
Wouldn’t pick ETX4 oder ZFS make replicating data to the Proxmox backup server way less efficient?

LXC containers are way more lightweight than VMs. I depends on what you want to do. Docker and a file server work better in a VM so far but Pi-hole and Jellyfin run perfectly in a container.

I would go for LXC first. If that isn’t possible or too cumbersome I would try docker (in a VM) next and one-VM-per-service last as they need the most resources.

I will try LXC before VM then!

I would always try to connect it to LAN.

That will make the physical placement harder, but I was afraid that’s the way to go: connect it to LAN…

No idea. I wouldn’t mind a firewall container. If something breaks through you are fucked one way or the other. The firewall in your router isn’t much different than any other.
You should always go for Wireguard or another VPN to access your network from the outside.

Some ports need to be forwarded in order for e.g. Nextcloud to work. Right now they are forwarded to my firewall and all that’s reachable from outside is behind that firewall. The main purpose of the firewall is to protect the rest of the network from a compromised device within the firewall zone. So if something breaks through a bug in Nextcloud now, it will hopefully have a hard time breaking through the firewall.
Having a bug in Nextcloud running in an LXC or VM may allow additional attack vectors, if there’s no hardware firewall (and only the built-in firewall functions or a firewall container) between them and the rest of the network.
Connection from outside to my home network is via Wireguard tunnel.

Helper scripts for beginners: community-scripts.github.io/ProxmoxVE/
Just give them a look.

I was reading up on Proxmox setup both by consulting official documentation and forum entries, but I haven’t stumbled upon that link so far.
It looks awesome!
And I’m damn sure it will save me plenty of time :)
I found tteck’s helper-scripts (tteck.github.io/Proxmox/), but the collection linked by you looks more tidy.

And it seems you are ignoring Proxmox’ LXC. They are one of main reasons to pick that software.

I fear that’s because I hadn’t understood the benefits of LXC over VM, which you made clear very plainly:

As an additional note: I ran about 6 or 7 VMs on a mini PC (Intel N100) with 16 GB RAM. RAM was almost used up and the cpu was at ~15 %.
I then switched mostly to LXC and only one VM. The cpu was now at ~1% and RAM usage went down to 3 GB while still providing the same services as before.
The power of containers, baby! :D

It’s about time to get Proxmox set up and dirty my hands!

source