i love selfhosting :3
Mine is just Debian.
What is your reason for running two separate Debian docker hosts with under 5 containers in total? That seems like quite the overhead? And why did you choose to install Nextcloud on your TrueNAS server?
Not OP. But i do the same.
I have multiple proxmox hosts, running multiple VMs, each running containers.
I do it so I can minimise disruption. Fixing a fault in immich doesn’t mean the house is without plex for a week.
Running multiple Proxmox hosts in a cluster makes sense so you can swap VMs from one the other and have extra hardware reliability. I’d also get grouping your containers on different Docker VMs the apply the same security rules to containers in a group (internally vs. externally available for example). But how does a faulty Immich container take down a Plex container?
Nice setup.
Though in terms of manageability it looks like a nightmare.
Cosmos Cloud You can thank me later ;) or azukaar for that matter.
And Cosmos OpenWrt for the ultimate all in one OS (my creation)
" Why won’t somebody think about the backups ? "
None of you come in my shop.
But there’s a RAID!
[Cough]
🤦🏼♂️
Or the restores… 😉
Why do you use two separate Debian VMs plus a truenas VM running nextcloud?
Security is the first thing that comes to mind. Compartmentalization prevents or at least makes it considerably harder for compromised services to screw up all the others.
Another thing would be that it might be easier to manage backups and snapshots.
From my understanding, it’s helpful that each VM will have its own IP so ports can be opened only on specific VMs, increasing overall security.
Am I doing something wrong? All my services are grouped in docker compose files. Containers that have to communicate internally - a server and it’s db for example - are on their own private docker network. A reverse proxy has its ports 80 and 443 open and it is on an external docker network. Services that I need to access from the outside are on this network and they do not have any ports open. Except for the torrent client, which has a UDP port open.
It’s strong, but splitting services into separate VMs is stronger than just using separate docker containers. This is especially true for the torrent client.
I’m not a netsec professional, this is just my understanding of best practices.
I am also just a hobbyist, so that was a genuine question. Thanks for the answer.
Same here! Good luck with your setup!!
You should look into container technology. No reason to have this many operating systems wasting resources
Heh. Container mafia going “hush, don’t worry about iso27002, just one more pull, bro.”
OP is still running 5 containers though? And why does a home server need to implement an IT security standard meant for large organisations? I hope you got an incident response policy written down, would be a shame to fail the next audit.
Public facing services should pantamime security best practices. I recognize its not realistic for most solo-home labs, but you can always improve with practice.
Tell me again why a properly managed container environment (if you wanna go bonkers use Jails on FreeBSD) offers more attack surface than multiple operating systems running the exact same software.
Just randomly mentioning ISO27x tells me exactly that you have absolutely no idea how those standards work.
Dutch user spotted
nee hoor jij liegenaar
Lol
4 running nodes for like 5 services? Seems exessive, no?
What makes you think its 4 proxmox nodes?
To me it looks like 3 Debian VMs (2 of them running docker containers) and 1 TrueNAS VM running in a single Proxmox node.
Running everything in a VM to run it in Docker is excessive as well. It is supposed to use bare metal containers.
i love selfhosting :3
Me2! Nice solid stack you got going there bro.
Is proxmox a viable option to be used on a NUC for example?
Yes, I run it on mine, with an N100 processor. Make sure it’s a recent-ish one with the necessary virtualization extensions. https://www.proxmox.com/en/products/proxmox-virtual-environment/requirements
And obviously more storage and more RAM is better, especially if you plan to use zfs. Keep that in mind when selecting hardware.
Thanks, I will look into the provided link.