• 4 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: June 24th, 2023

help-circle

  • LVM is just a way more flexible partition table. It gives you the possibility to grow partitions at a later date. You probably not think you can do that with MBR or GPT too. Well yes, but only when the spare room is adjacent to the partition you want to grow. With LVM you can grow partitions even if the free space is somewhere else on the disk.

    So you can grow any disk ‘partition’ at any time as long as you have some free space in the group.

    Another advantage is that you can encrypt logical volumes easily. Usually that’s supported when you install the OS.

    You can also stack LVM on top of a software RAID, so you can create a mdadm from a disk partition of several disks and create a VG on that with LVs to spilt it into pieces.

    I usually use LVM on every server. There is no need not to and gives you options for the future.


  • Ok, so it is not that hard then I guess. Install proxmox on the appliance, then install two vm’s, HA and pfsense. Deal with further segmentation of your lan and the bridge to the router in pfsense.

    But if you ask me, drop the idea of vlans for appliances and keep it simple. Only make a guest network on WiFi, but using vlans is a pita, people want to stream to tv’s, use the app to control heating, etc. If you are concerned about appliances connecting to internet, just block internet access in OpenWRT or pfsense.








  • You’ll be fine. In the past stuff like ftp and sip could get confused by double nat, but not so much today. And stuff like opening a port from outside to the inside needs some planning through double nat.

    We run it in the office for years now and it is totally fine. We are in a building with multiple companies sharing internet and we wanted our own network within, so we are using double nat (internet modem and our switch).






  • You would have 12 GB ram shared over all the dockers. I think you will be fine. Unless everything will be used intensively continuously. But that’s my opinion. Just give it a shot, nothing to loose. Promox itself does not take so much. So if it it does not run in this setup you need different hardware anyhow.

    I don’t like the solution of running docker next to proxmox, not in a vm, you want proxmox to respond even if the docker vm is busy/overloaded.

    In terms of backup you should be good. I would skip that weekly local backup construction, not sure what that adds if the off site backup is working reliable. I’ld format that one and add proxmox to it and make proper use of it (like a second docker vm)


  • Yeah, that will work fine! I’ve a similar setup and it works fine. 2 VM’s for stuff that needs a VM and a bunch of docker containers in a separate VM.

    And your Nginx will work fine in Docker. Set it up on a random port and route from the modem/router to that random port and from there to your VM, so something like 443 on modem goes to port 8443 on the ip of the VM running docker.

    It also gives you the possibility to later on add a second server with Proxmox, put them both in a cluster so you can easily move one of your VM’s to a second node.

    Final advice is that Tuxis is offering 150GB of free Proxmox backup service. So you can use that for some important VM’s to be stored off site for free (encrypted of course) with full support within your Proxmox environment to create or restore backups (or even restore some files from inside the VM). See https://www.tuxis.nl/en/ordering/?case=PBS and https://www.proxmox.com/en/proxmox-backup-server/overview








  • Check if the router has the possibility to isolate the lan port. That way the port on the router can not talk to other devices in different ports or wlan.

    Second possibility is to check if the router supports VLAN. If so you can put the TV or a port on a separate VLAN.

    If all that is not possible, consider removing the cable and connect the tv wireless. That way you can put the tv on the guest WiFi network. That should come with isolation by default.

    If you don’t want that either, you can resort to extra hardware. Any device with two lan ports could do. Make one port a dhcp based wan port connected to the current network and the other port goes to the tv. Run a dhcp server and nat and you have the tv isolated.