Comment on Proxmox setup - help needed
Xanza@lemm.ee 1 month ago
I tend to use ZFS because of its advantages when making backups. What would you do?
Then I would stick with ZFS if you’re already familiar with it.
Do I use QEMU/KVM virtual machines or LXC/LXD cointainers?
LXD is a management system for LXC containers. If you’re just starting out, stick, with LXD. It’s much more user friendly.
I shy away from running all services as Docker on the same machine for backup/restore purposes and rather have VMs per service. Is there anything wrong with this approach?
Not really. I run a VPS which acts as a reverse proxy for my docker setup, which has non-local storage via NAS. I don’t particularly see a point in fragmenting docker like that, but if that’s how you want to roll, then go for it.
I’ve equipped the Deskmeet X300 with a WiFi card and antennas. AFAIU trying to use WLAN instead of LAN will create some trouble. Has anyone running Proxmox on a machine with WLAN insteal of LAN access successfully?
I very strong advise against this. But it’s perfectly possible. You’re just at the whim of the airwaves. I live near a main highway and sometimes when large trucks go by, I lose WiFi for a quick second. Really fucks with certain things.
Is this just me being paranoid
Yes. Nothing wrong with software firewalls.
would you recommend putting a hardware firewall between the internet access and the Proxmox server?
Also yes. Particularly (like I have setup) I have a software firewall that tunnels my local vLAN to my VPS, and then everything else is further bisected using a hardware firewall–so all outside incoming requests are proxified by my VPS meaning any direct connections are dropped by the software firewall, then I manage ports from within the hardware switch.
zergtoshi@lemmy.world 1 month ago
I’m not at all familiar with ZFS. It’d be part of the learning curve as is Proxmox as a whole. But I consider knowledge about both as useful.
I will stick with LXD for containers then if I don’t use a VM.
This due to my lack of experience with Docker and backing up all properly to do a complete restore. It looks like I have learning curves in more than just one area ahead of me.
Yeah, nothing beats a setup, where each network interface is the maximum size of a collision domain.
Gotta get ahead of that old school me that thinks running a software on a different hardware plays a crucial role in the threat model.
That’s a setup I may borrow from you :)
Xanza@lemm.ee 1 month ago
lol oh yeah. It can feel insurmountable, but nothing here is actually too crazy. After a week or two, or maybe even after the first time you set it up (and actually see how it works) the learning curve will flatten out.
I mean, it can. I personally don’t see anything wrong with that approach either.
It was a real PITA to get everything to play nice. May God have mercy on your soul! haha.