• 4 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: June 24th, 2023

help-circle

  • LVM is just a way more flexible partition table. It gives you the possibility to grow partitions at a later date. You probably not think you can do that with MBR or GPT too. Well yes, but only when the spare room is adjacent to the partition you want to grow. With LVM you can grow partitions even if the free space is somewhere else on the disk.

    So you can grow any disk ‘partition’ at any time as long as you have some free space in the group.

    Another advantage is that you can encrypt logical volumes easily. Usually that’s supported when you install the OS.

    You can also stack LVM on top of a software RAID, so you can create a mdadm from a disk partition of several disks and create a VG on that with LVs to spilt it into pieces.

    I usually use LVM on every server. There is no need not to and gives you options for the future.


  • Ok, so it is not that hard then I guess. Install proxmox on the appliance, then install two vm’s, HA and pfsense. Deal with further segmentation of your lan and the bridge to the router in pfsense.

    But if you ask me, drop the idea of vlans for appliances and keep it simple. Only make a guest network on WiFi, but using vlans is a pita, people want to stream to tv’s, use the app to control heating, etc. If you are concerned about appliances connecting to internet, just block internet access in OpenWRT or pfsense.







  • You’ll be fine. In the past stuff like ftp and sip could get confused by double nat, but not so much today. And stuff like opening a port from outside to the inside needs some planning through double nat.

    We run it in the office for years now and it is totally fine. We are in a building with multiple companies sharing internet and we wanted our own network within, so we are using double nat (internet modem and our switch).






  • You would have 12 GB ram shared over all the dockers. I think you will be fine. Unless everything will be used intensively continuously. But that’s my opinion. Just give it a shot, nothing to loose. Promox itself does not take so much. So if it it does not run in this setup you need different hardware anyhow.

    I don’t like the solution of running docker next to proxmox, not in a vm, you want proxmox to respond even if the docker vm is busy/overloaded.

    In terms of backup you should be good. I would skip that weekly local backup construction, not sure what that adds if the off site backup is working reliable. I’ld format that one and add proxmox to it and make proper use of it (like a second docker vm)


  • Yeah, that will work fine! I’ve a similar setup and it works fine. 2 VM’s for stuff that needs a VM and a bunch of docker containers in a separate VM.

    And your Nginx will work fine in Docker. Set it up on a random port and route from the modem/router to that random port and from there to your VM, so something like 443 on modem goes to port 8443 on the ip of the VM running docker.

    It also gives you the possibility to later on add a second server with Proxmox, put them both in a cluster so you can easily move one of your VM’s to a second node.

    Final advice is that Tuxis is offering 150GB of free Proxmox backup service. So you can use that for some important VM’s to be stored off site for free (encrypted of course) with full support within your Proxmox environment to create or restore backups (or even restore some files from inside the VM). See https://www.tuxis.nl/en/ordering/?case=PBS and https://www.proxmox.com/en/proxmox-backup-server/overview







  • Check if the router has the possibility to isolate the lan port. That way the port on the router can not talk to other devices in different ports or wlan.

    Second possibility is to check if the router supports VLAN. If so you can put the TV or a port on a separate VLAN.

    If all that is not possible, consider removing the cable and connect the tv wireless. That way you can put the tv on the guest WiFi network. That should come with isolation by default.

    If you don’t want that either, you can resort to extra hardware. Any device with two lan ports could do. Make one port a dhcp based wan port connected to the current network and the other port goes to the tv. Run a dhcp server and nat and you have the tv isolated.


  • You can use Bind or any other nameserver-server.

    But this is one of the things you might want to reconsider. Setup errors might slip in silently and might be hard to diagnose. Complying to the standards like DNSSec and IPv6 on the nameserver might be a challenge without experience.

    Next to that, you probably can’t register the domain itself without a third party, and I always advice to not use a different party for nameservers than the party that registered the domain.

    Laat point I want to bring up, I would advise against combining name servers with other services, as it is crucial for operating the services, you are creating one giant point of failure. Keep it separated. Seperate hardware

    That said, if you accept all these dangers, it’s technically doable. Open the right ports, configure the zone, setup master and slave, read up on glue records, register the name server if needed, setup DNSSec and set the correct name servers in the domain at the party you registered the domain.


  • You probably tried to do to much in one day :)

    Netatmo has a delay indeed. There is an option to get a developer account at Netatmo so changes get pushed to HA. But still, it has some quirks.

    Advice is to work on one integration at a time, read the documentation, search for your problems. After the integration works, setup your dashboard. After that start with the automatons.

    Good luck, HA it’s really worth it, invest a bit more time in it.