I prefer running true vms too, but it is resource intensive.
Playing with lxcs and docker could allow one to run more services on a little beelink.
Comment on Getting Started with Proxmox
jubilationtcornpone@sh.itjust.works 6 months ago
I use one VM per service. WAN facing services, of which I only have a couple, are on a separate DMZ subnet and are firewalled off from the LAN.
It’s probably little overkill for a self hosted setup but I have enough server resources, experience, and paranoia to support it.
anamethatisnt@sopuli.xyz 6 months ago
jubilationtcornpone@sh.itjust.works 6 months ago
Yeah, with something that size you’re pretty much limited to containers.
lucas@startrek.website 6 months ago
Am I looking at the wrong device? Beelink EQ15 looks like it has an N150 and looks like 16GB of ram? That’s plenty for quite few VMs. I run an N100 minipc with only 8GB of RAM and about half a dozen VMs and a similar number of LXC containers. As long as you’re careful about only provisioning what each VM actually needs, it can be plenty.
jubilationtcornpone@sh.itjust.works 6 months ago
In this situation it’s not necessarily that it’s the “right” or “wrong” device. The better question is, “does it meet your needs?” There are pros and cons to running each service in its own VM. One of the cons is the overhead consumed by the VM OS. Sometimes that’s a necessary sacrifice.
Some of the advantages of running a system like Proxmox are that it’s easily scalable and you’re not locked into specific hardware. If your current Beelink doesn’t prove to be enough, you can just add another one to the cluster or add a different host and Proxmox doesn’t care what it is.
TLDR: it’s adequate until it’s not. When it’s not, it’s an easy fix.
modeh@piefed.social 6 months ago
I have a couple of publicly accessible services (vaultwarden, git, and searxng). Do you place them on a separate subnet via proxmox or through the router?
My understanding in networking is fundamental enough to properly setup OpenWrt with an inbound and outbound VPN tunnels along with policy based routing, and that’s where my networking knowledge ends.
anamethatisnt@sopuli.xyz 6 months ago
Unless you wanna expose services to others my recommendation is always to hide your services behind a vpn connection.
modeh@piefed.social 6 months ago
I travel internationally and some of the countries In been to have been blocking my wireguard tunnel back home preventing me from accessing my vault. I tried setting it up with shadowsocks and broke my entire setup so I ended up resetting it.
Any suggestions that is not tailscale?
anamethatisnt@sopuli.xyz 6 months ago
I find setting up an openvpn server with self-signed certificates + username and password login works well. You can even run it on tcp/443 instead of tcp/1194 if you want to make it less likely to be blocked.
abeorch@friendica.ginestes.es 6 months ago