Server fun for days! Part 1: Decisions, decisions
Well, I haven’t posted for a while! Lot of stuff happening in my personal life. But that is irrelevant for this blog post. We’re setting up a new home server!
NOTE: At the time of writing this, the new “home server” is lying on my desk, idle and doing nothing. All setups mentioned are subject to change. Hardware used is already in place.
1: The hardware
Firstly, it’s good to mention what I use now and what the new system will look like. The original system is an X200 laptop with a 4TB drive plugged in via USB and 8GB RAM. The laptop was librebooted by yours truly.
It is holding up very nicely, but it is starting to sweat and it is more work than it’s worth for me to manage it. The reason is I’m running OpenMediaVault 5 on it, which is lovely to manage through webUI, but over time I lost the webUI access (other things had to be configured to the default port) and half the config files I would like to change get changed back by the OS. The Core2Duo is struggling to keep up with the tasks I would like the server to perform.
The fact that I want a new home server has been on the table for a while now. This week, I realized that I can buy a cheap-ish micro box with a good CPU and a small NVMe drive, and upgrade it on day one with stuff I have gathering dust (a 500GB NVMe disk and 8GB of DDR4).
The new choice for me was the Dell Optiplex 7050 Micro. This small and cute box has an i5-6500T, supports NVMe and DDR4, so it’s a good dump for my unused hardware. Plus, the 7050 stands for how much faster the new CPU will be compared to my Core2Duo.
2: The current setup
The current setup, as mentioned, is OpenMediaVault as the host OS with several Docker containers. The benefit of this is that I only have to set up one Wireguard client and I have access to all files. The drawback is that it’s OpenMediaVault and it’s difficult to update properly. I tried in the past, it broke everything, I rolled back and never touched it again; but this is not how it should be!
While running this thing, I realized that everything OMV is for me is an overlay for some scripts and runs apt-get install for me. Damn, I manage my own shit, I run my own apt! I can do it better on my own, probably.
3: The needs
Now that I have shown what I hate about my current setup, what do I actually use it for and want to set up in the future?
The current programs running on my server are:
- Media server (DLNA to all devices in the local network)
- Backup (over Rsync, from other servers and my Android phone)
- DNS server (PiHole for VPN and home LAN)
- Photo library (currently Lychee)
- My breach data collection (searched with qgrep from an old HDD, so slow)
- VPN client (server is on the Internet, but it gives me access to my home server from anywhere)
This is apparently all I’m currently using my server for, mostly due to a lack of imagination and resources. Some parts of this system were such a pain to set up that I really didn’t want to touch them again for fear of breaking it again. With the new server, I want the option to fuck up and return quickly.
With more power could come more responsibility, so in the new server, I would like to have space to experiment. Some network shares for the whole household, better photo management, and who knows, maybe even a full-blown self-hosted office suite or a wiki! Most of all, I want to experiment with software without the risk of actually spending too much money or risking a setup.
4: The possible solutions
To get the chance to experiment without having to reinstall my server every time I fuck up, I choose to run Proxmox as the host OS. This hypervisor will give me a chance to run any VM or container I need and want to try, including machines from Vulnhub to practice my penetration testing.
On top of Proxmox, there are two options I have for my self-hosted services:
Run as I did now, one VM with all my services in containers and only one Wireguard connection
In this scenario, nothing changes for me. One VM, one IP address to connect to and a shitton of ports. The drawback would be balancing all the programs I need to install to get all services running well. Docker can help with that, and I’ve been happy with it so far, but the alternative may give me more granularity.
Run each service with its own Wireguard connection, taking care of one thing at a time
The alternative is to spawn a whole virtual network into the box, with each VM having either its own Wireguard connection, or all of them being pushed through a virtualized PFsense router which connects them to the VPN. This is doable, but at the moment I don’t know how. It would be a great learning experience, and with Proxmox, I can always turn off the main Debian VM and go to town on all these different setups.
In closing
This is just a late-night thought exercise, basically my stream of consciousness about what I want to do with new hardware. The next part will probably be more hands-on, explaining what difficulties I ran into. Let’s see you next blogpost, where I hopefully don’t burn the house down!