Comment on Getting Started with Proxmox
jubilationtcornpone@sh.itjust.works 6 days ago
I use one VM per service. WAN facing services, of which I only have a couple, are on a separate DMZ subnet and are firewalled off from the LAN.
It’s probably little overkill for a self hosted setup but I have enough server resources, experience, and paranoia to support it.
I have a couple of publicly accessible services (vaultwarden, git, and searxng). Do you place them on a separate subnet via proxmox or through the router?
My understanding in networking is fundamental enough to properly setup OpenWrt with an inbound and outbound VPN tunnels along with policy based routing, and that’s where my networking knowledge ends.
Unless you wanna expose services to others my recommendation is always to hide your services behind a vpn connection.
I travel internationally and some of the countries In been to have been blocking my wireguard tunnel back home preventing me from accessing my vault. I tried setting it up with shadowsocks and broke my entire setup so I ended up resetting it.
Any suggestions that is not tailscale?
I find setting up an openvpn server with self-signed certificates + username and password login works well. You can even run it on tcp/443 instead of tcp/1194 if you want to make it less likely to be blocked.
anamethatisnt@sopuli.xyz 6 days ago
I prefer running true vms too, but it is resource intensive.
Playing with lxcs and docker could allow one to run more services on a little beelink.
jubilationtcornpone@sh.itjust.works 6 days ago
Yeah, with something that size you’re pretty much limited to containers.
lucas@startrek.website 5 days ago
Am I looking at the wrong device? Beelink EQ15 looks like it has an N150 and looks like 16GB of ram? That’s plenty for quite few VMs. I run an N100 minipc with only 8GB of RAM and about half a dozen VMs and a similar number of LXC containers. As long as you’re careful about only provisioning what each VM actually needs, it can be plenty.
jubilationtcornpone@sh.itjust.works 5 days ago
In this situation it’s not necessarily that it’s the “right” or “wrong” device. The better question is, “does it meet your needs?” There are pros and cons to running each service in its own VM. One of the cons is the overhead consumed by the VM OS. Sometimes that’s a necessary sacrifice.
Some of the advantages of running a system like Proxmox are that it’s easily scalable and you’re not locked into specific hardware. If your current Beelink doesn’t prove to be enough, you can just add another one to the cluster or add a different host and Proxmox doesn’t care what it is.
TLDR: it’s adequate until it’s not. When it’s not, it’s an easy fix.