Hi, I’m looking for some recommendations, mostly looking for pointers of where to go and look at/research stuff as I have no idea what is good and what is just well advertised.
Intro:
I have finally entered the world of (almost) Gigabit internet, which is opening up options with what I can host.
I currently have:
Pi hole on an actual RP (will probably remain there because its easy)
Inbound Wireguard VPN on my old router (will stop working when my old ISP stops service) EDIT: my new ISB gave me a router, but it doesn’t have VPN functionality
Foundry VTT that I run up on my gaming machine when needed
I will probably also be upgrading my gaming PC in the next few months, so my current rig will probably be put behind the TV to use as a server and for couch gaming.
Info/recommendations I would like:
VPN software (I want to VPN INTO my network) My goto would be wireguard, is that still a good option? (I assume I just port forward the VPN ports to the server?)
Private cloud/File server: I both want to be able to occasionally (but permamently) host files publicly, but still have the main store be available on the local network only. Is that going to be two pieces of software, or just one?
Is a local video streaming app actually useful for a rare watcher of movies etc, or can they be streamed directly from the file server? its something that I see a lot of people talk about, but don’t really understand why…
Is Docker the way to go for everything? or just install on the machine directly?
Piracy VM - Enabling the virtualisation stuff for Docker mostly breaks virtualbox (at least on windows) any recommendations for how to nicely run a VM alongside docker (if that’s the recommendation)?
Should/Could I be hosting anything else? Foundry will probably be on there. I don’t feel like I have a use for smart home stuff, so home assistant wouldn’t be much use etc.
I used to use Wireguard, but Tailscale is a lot easier and has a lot of useful features. Tailscale is built on top of Wireguard but automates all the configuration - all you need to do is install it and log in on all devices. It handles NAT traversal using techniques like UDP hole punching, so you don’t need to configure port forwarding and it works behind firewalls.
What do you want to run in a VM that can’t run in Docker? If you’re using a VPN for torrents or whatever, you can easily use Gluetun and configure the Docker containers so that only done of them use Gluetun’s VPN connection, while the other containers directly connect to the internet.
I like Unraid. It supports Docker, VMs (via KVM), and Linux containers (via LXC), and has a nice UI to configure them. It’s a paid piece of software, but works very well. Proxmox is also very good and free, but it doesn’t directly support Docker.
What do you want to run in a VM that can’t run in Docker?
a VM with torrent client and a killswitched VPN was the easiest way to get a secure setup. also meant if it ever got virused I could just roll it back. I need to look more into what docker can actually do by the looks of it.
You are the second person to suggest unraid - is it ok to sit on the perpetual license (for a few years at a time), or are the updates really required? It supports GPU passthrough right, so I can have a ‘normal’ linux desktop for gaming while running the other stuff in the background?
You can use Docker for the same setup using the --network container:vpn flag to docker run or network_mode: "container:vpn" option in docker-compose.yml where vpn is the name of the container to route through. This makes one Docker container use the network of another (the VPN one), so both containers will share the same internal IP address, and you’ll have to map any ports on the VPN container rather than the torrent/whatever one. This is just as safe as a killswitched VPN.
Unraid has a nice UI for it when editing a Docker container:
also meant if it ever got virused I could just roll it back
Consider using a file system that has snapshots, like ZFS. Then you can get this same behaviour for your whole system rather than just a VM :)
is it ok to sit on the perpetual license (for a few years at a time), or are the updates really required?
I’m not sure, as the new licensing model is pretty new. I purchased Unraid in 2023, and back then, all licenses included lifetime updates. They switched to a subscription mode to make the business more viable long-term and afford to hire more developers, which I definitely understand.
It supports GPU passthrough right
It does. You can pass through any PCIe devices, so for example if you have multiple network cards, you can pass one directly to a VM (it’s a bit more efficient compared to using a virtual Ethernet adapter)
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
I used to use Wireguard, but Tailscale is a lot easier and has a lot of useful features. Tailscale is built on top of Wireguard but automates all the configuration - all you need to do is install it and log in on all devices. It handles NAT traversal using techniques like UDP hole punching, so you don’t need to configure port forwarding and it works behind firewalls.
What do you want to run in a VM that can’t run in Docker? If you’re using a VPN for torrents or whatever, you can easily use Gluetun and configure the Docker containers so that only done of them use Gluetun’s VPN connection, while the other containers directly connect to the internet.
I like Unraid. It supports Docker, VMs (via KVM), and Linux containers (via LXC), and has a nice UI to configure them. It’s a paid piece of software, but works very well. Proxmox is also very good and free, but it doesn’t directly support Docker.
a VM with torrent client and a killswitched VPN was the easiest way to get a secure setup. also meant if it ever got virused I could just roll it back. I need to look more into what docker can actually do by the looks of it.
You are the second person to suggest unraid - is it ok to sit on the perpetual license (for a few years at a time), or are the updates really required? It supports GPU passthrough right, so I can have a ‘normal’ linux desktop for gaming while running the other stuff in the background?
TY for the response!
You can use Docker for the same setup using the
--network container:vpnflag todocker runornetwork_mode: "container:vpn"option in docker-compose.yml wherevpnis the name of the container to route through. This makes one Docker container use the network of another (the VPN one), so both containers will share the same internal IP address, and you’ll have to map any ports on the VPN container rather than the torrent/whatever one. This is just as safe as a killswitched VPN.Unraid has a nice UI for it when editing a Docker container:
Consider using a file system that has snapshots, like ZFS. Then you can get this same behaviour for your whole system rather than just a VM :)
I’m not sure, as the new licensing model is pretty new. I purchased Unraid in 2023, and back then, all licenses included lifetime updates. They switched to a subscription mode to make the business more viable long-term and afford to hire more developers, which I definitely understand.
It does. You can pass through any PCIe devices, so for example if you have multiple network cards, you can pass one directly to a VM (it’s a bit more efficient compared to using a virtual Ethernet adapter)
That’s a lot of useful info, thanks!