from nosnahc@lemmy.world to selfhosted@lemmy.world on 05 Apr 2024 06:51
https://lemmy.world/post/13923714
Hello everyone,
I would like to get started with selfhost with two projects.
Project A (for me): A NUC with Proxmox installed on it, two VMs including a Home Assistant and a NAS system that I haven’t chosen yet.
The only question I have with this project is:
- how to access the NAS and HA separately from the outside knowing that my access provider does not offer a static IP and that access to each VM must be differentiated from Proxmox.
Project B (for my uncle):
A NUC (with Proxmox or not, I don’t know yet, perhaps simpler for making backups), with HA but especially Frigate.
The goal is to use Google Coral to do recognition on 3 video surveillance cameras.
My questions are:
is Coral really useful with 3 cameras?do you need a Coral in USB or M.2 version?are there affordable NUCs with free M.2 slots?won’t proxmox add a layer of complexity with Coral/Frigate/a Zigbee dongle?
Thank you in advance for your help and sorry if my post is long.
PS: if you have recommendations for cameras that work with Frigate and are self-powered with solar panels, I’ll take them!
Edit : 8 april 2024
A little update. Thank you everyone for your super quick responses!
Regarding my uncle’s project and after big discussions, he is going to buy Reolink cameras and that’s it. This will be much simpler for maintenance than building a server.
Regarding my project: I chose a Beelink Mini S12 pro with an N100 processor (for its low consumption) with a 2.5 bay for an SSD for my Nextcloud.
I wondered if I wouldn’t take the opportunity to add pihole and that’s where new questions arise…
I see a lot of people installing Pihole on Docker, should I put it on Docker? Or create a VM?
Should Docker be installed on Proxmox or on a VM?
Is Proxmox really useful, shouldn’t I better install HA/Nextcloud/Pihole under Docker directly?
Should I use LXC or Docker?
threaded - newest
HA has add-ons for duckns and nginx-proxy-manager which should solve this… Or alternatively use those things in docker or by installing on your host OS.
Yes if you want object detection
I’ve only used a USB, I don’t know how to pass M.2 through to the VM but I’m sure theres tutorials out there if you want to.
Can’t answer that one.
Yes, you’ll need to know how to pass through the devices to their respective VMs.
Thanks for your help!
Oh right, so the NAS you can setup with the addon Samba NAS.
DuckDNS will mitigate your issues with not having a staic IP (alternatively theres any number of DynDNS programs you can look into if for example you already own your own domain name)
Nginx-Proxy-Manager allows you to forward ports based on the domain used to connect so, you might not even need it really but if you wanted for exmple to have an address like mysupercoolnas.duckdns,org rediect to one proxmox vm and mycoolassitant.duckdns.org to reditect to HA you could do that. Or you could just have one DynDNS setup and use port forwarding on your router to handle what ports direct to which VM.
Thanks a lot!!
Tailscale, it will take about 5 minutes to set up and cost nothing.
I have a domain I own and access through Cloudflare, but there’s also DuckDNS or Nabu Casa.
Or as someone else has pointed out, Tailscale, which is awesome, and free.
That’s to access from outside.
As for NAS, I’m currently happily using Open Media Vault.
Nah, just pass it through
Thanks for your help!
I can’t figure out how access from outside is going to happen. I will have multiple addresses that correspond to my different VMs?
Nah it sounds far too simple to “just install Tailscale and you’re good” doesn’t it? But it really is kinda that easy.
Install the Tailscale add on for Home Assistant, sign in and set up an “exit node” (it’s a menu item, easy) then install Tailscale on your phone.
Switch it on on your phone outside your network. 3 dots in the app and select “Use exit node” and select the one you set up.
Now on your browser on your phone just type in the IP address of the self hosted service (I just have my home page address set to Homarr which has them all) and you’re done.
Really damn easy, and free
Edit: That exit node you set.up is inside your network. Tailscale tunnels to that exit node inside your network without open ports, so when you do as above, you’re essentially inside your network.
I use work WiFi. Work block WhatsApp. When I connect through Tailscale via work WiFi, my WhatsApp works fine, because I’m using my own home network to send/receive messages
Tailscale is great, but it’s not something that should be shouted from the rooftops.
I use tailscale with nginx / pihole for my home services BUT there will be a point where the “free” tier of their service will be gutted / monetized and your once so free, private service won’t be so free.
Tailscale are SAAS (software as a service), once their venture capital funds look like their running dry, the funds will be coming from your data, limiting the service with a push to subscription models or a combination.
Nebula is one such alternative, headscale is another. Wire guard (which tailscale is based on) again is another.
I’m hesitant about it too for the same reason but not sure if I’m being unreasonable given that I rely on so many other free services. However, this is one that would potentially have access to everything I do.
I’m watching headscale with interest until its safe enough for me to try breaking it!
I still use it, the service is very handy (and passes the wife test for ease of use)
Probably some tinfoil hat level of paranoia, but it’s one of those situations where you aren’t in control of a major component of your network.
I hear what you’re saying and honestly it’s not something I had thought about, so thanks for that.
For myself I should be good if your prediction comes true since I already have Home Assistant through my own domain using Cloudflare. I could theoretically move all my stuff to my own domain and Nginx, etc.
I like Tailscale because I don’t have to do all that. I’m new to Self Hosting (no I’m new to running multiple VMs) so finding something that just works with minimal effort is great for a noob. I wanna learn the things (networking), but I wanna learn other things (loads!) first.
Cloudflare and a Domain wasn’t as hard as DuckDNS and Nginx, but Tailscale was easier and cheaper than that in my adventures on Home Assistant. I’ve gone from hard to easy mode.
At some point a hobby has to cost money, I may be happy to pay for Tailscale if there’s more features. I’d like to replace SMB mounts with Tailnet mounts, but currently that’s not a thing to my knowledge.
Oh and I’m not really shouting from rooftops on a self hosted Lemmy server, it’s more like a quiet chat around a campfire telling a potential newcomer and easy way. It may cost in the future or they may make enough from Businesses that they keep a free tier, but currently it’s free and easy.
Ahh the shouting from the rooftops wasn’t aimed at you, but the general group of people in similar threads. Lots of people shill tailscale as it’s a great service for nothing but there needs to be a level of caution with it too.
I’m quite new to the self hosting game myself, but services like tailscale which have so much insight / reach into our networks are something that in the end, should be self hosted.
If your using SMB locally between VMs maybe try proxmox, https//clan.lol/ is something I’m looking into to replace Proxmox down the line. I share bind-mounts currently between multiple LXC from the host Proxmox OS, configuration is pretty easy, and there are lots of tutorials online for getting started.
Now then:
Are you sharing SMB mounts? I have my HDDs passed through to OMV and have considered just trying to pass them through to other VMs, but never tried because I don’t wanna break anything.
I have seen that you can share SMB to Proxmox and use them in Proxmox but don’t know if you can use them in VMs too.
As it is I really struggled with mounting smb for a couple of weeks and then had an “aha” moment last weekend, and have it all figured out now.
The Tailnet idea was so I can just mount everything to the Tailnet and stop worrying about whether it’s on this vlan or that. I was trying to set up an Openwrt container with VPN, which I could use for any container that needs a vpn, but then those containers couldn’t see the main network properly…
I’ve given up on that now and have my SMB mounts all set up, but feel like pass-through would give better network speeds for moving things around.
Yeah there is a workaround for using bind-mounts in Proxmox VMs: gist.github.com/…/7e4a6f6f36610eeb0bbb5d011c8ca0b…
If you wanted, and your drives are mounted to the Proxmox host (and not to a VM), try an LXC for the services you are running, if you require a VM then the above workaround would be recommended after backing up your data.
I’ve got my drives mounted in a container as shown here: <img alt="" src="https://lemmy.world/pictrs/image/998454b8-9c2b-4d30-83bc-a8be8612c805.jpeg">
Basicboi config, but it’s quick and gets the job done.
I’d originally gone down the same route as you had with VMs and shares, but it’s was all too much after a while.
I’m almost rid of all my VMs, home assistant is currently the last package I’ve yet to migrate. Migrated my frigate to a docker container under nixos, tailscale exit node under nixos too while the vast majority of other packages are already in LXC.
This all sounds awesome. So eli5 I have all my drives mounted to Proxmox, then passed through to OMV in a VM.
I can just mount these same drives to containers no issues right now, and I can add them to VMs using your link?
I would like to get down to LXCs too, but I’ve found VMs so much easier to set up and use. I’ll try your way
I’ve not tested the method linked but yeah it would seem like it’s possible via this method.
My lone VM doesn’t need a connection to those drives so I’ve not had a point to.
You could probably run OMV in an LXC and skip the overheads of a VM entirely. LXC are containers, you can just edit the config files for the containers on the host Proxmox and pass drives right through.
Your containers will need to be privileged, you can also clone a container and make it privileged if you have something setup already as unprivileged!
I think you guys lots me haha!
Definitely don’t commit to a free service without planning for a transition when that service changes.
Fortunately Tailscale is built on Wireguard. So it’s an easy way to get started with Mesh Networking, and then you could transition to Wireguard if needed.
Hamachi did the same thing 20 years ago, and is still around (I think) with a free tier that lets you have 250 clients. It just doesn’t have mobile apps, which is a show stopper for me.
Tailscale also has the “Funnel” feature, which can route traffic into your Tailscale network without using a Tailscale client.
I’m currently on a free tier of TS, and will have no problem paying for the service once I go production. It’s not expensive for what I’m getting ($50/year IIRC, because I’m one user). Could be a little pricey if you pay per workstation (so using the subnet router option would save subscription cost).
I could just switch to self-hosting Wireguard, it’s the protocol Tailscale is using.
for ease of use i would not use a pci coral. usb just is easier. passing the usb through to a dock or vm is easier. i use unraid and it was extra work to get the pcie vs usb coral setup. I have a nuc with a bunch of ssds for this kinda thing too.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
10 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #656 for this sub, first seen 5th Apr 2024, 09:05] [FAQ] [Full list] [Contact] [Source code]
For project A, I’d look into tailscale. I’d advise against having home assistant open to the internet otherwise.
Don’t know anything about your other project, sorry.
I have dynamic IP and there are several ways around it. I use Cloudflared (updates DNS records regularly) and a script I found to update duck DNS as a backup. Both very simple.
Accessing the services is not the problem, the problem is keeping them safe. I’ve tried lots of different ways (although not tailscale yet) and have a few services exposed directly to the internet behind authentik \ NPM \ Cloudflare \ fail2ban \ ufw. Others, I access through my router openvpn server, with keys for my laptop and phone as clients. There are so many guides online for all VPN types. Its just finding the right approach between ease of use vs safety
Hi, I read your update and you’re just a little behind me on the trail, so here’s some breadcrumbs.
Proxmox is awesome, stop wondering and install it, it’s awesome.
Ok so you can do 2 things, VM or LXC. You’re wondering what the difference is.
VM is a computer
LXC is a container.
Now as far as I can tell a container is kinda like a little computer that’s made to do one thing. So it needs less resources, just what it needs to do that one thing. It also needs less permissions to do that one thing, so it has less permissions.
Now Docker is a container engine. It’s beautiful because you can just tell it what to make and it’ll make it. If you remember what you told it, you can do it again really quickly.
Docker is also beautiful because it will run on anything. So you can make a container on a Linux machine, then make it again on a Windows machine if you remember what you told it. This is done with a bunch of text, so as long as you can save that text and get it on another machine, well you have the container again.
Not knowing this, I’ve been trying to make docker work in LXC containers with a bit of success and a lot of failure. I thought I could just have a bunch of cloned LXC containers with Docker on, and make a bunch of services using minimal resources.
But now I know I’m trying to run a container inside a container and that’s why I’m hitting walls.
So Proxmox VMs are gonna be your friend. It will be tempting to try and migrate to containers, but as a beginner you can save a lot of headaches by making a couple of VMs and cramming a bunch of stuff on em.
This is where Docker is useful. If you use a docker hypervisor (?) app, there’s Portainer for example which I use, you can just use one instance to control a bunch of other instances of Docker.
This makes it easy to try something out on a test machine, then just move it over to another machine when it’s ready. The more similar the machines are, the easier the transfer. In Proxmox you can clone things, so you can make a computer, clone it, then set things up on one and move em over when they’re working right, then just turn the test machine off.
So in my opinion, boot a VM of Home Assistant OS and get that working. Make another for playing with of whichever flavour you fancy. Windows, Linux, both?
Bang docker in it and have a play. I like Portainer, made Docker easier to mess with, but I like a UI. So I got Portainer working first and used that to put Docker Compose files into “Stacks” in Portainer and poked them.
Then when I found stuff I liked I tried booting them so they work, be that in a VM, and LXC or in Docker if I had got it working to my liking already. Because Docker is containers I hit a lot of problems running stuff (and I don’t know what I’m doing) but found an LXC or VM easier.
Try getting piHole (and try Adguard, I prefer it) going in Docker. I found Adguard works perfectly fine in Docker, so once I got it working I just had to decide where I wanted it and ended up having an instance in Docker in an LXC (container in a container, not great, but it works.
Then I copied it onto a raspberry pi, just put Docker on it and and used the same file. That means that if I knackered up my Proxmox my internet won’t go down.
Hope that helps
Thank you so much for all of this ! I appreciate a lot :D
I’ll try that asap!
No rush, take your time. HA OS was pretty simple to get running, you’ll just have to learn how to pass through your usb (top tip, just have that one usb plugged in then you only have 1 device to choose from).
Learn how to make a backup (HA has an add-on called Google Drive Backup that’s REALLY useful) just in case you tinker and kill something.
Above all, don’t kick yourself for making mistakes, it’s how we learn.