Hello, I’ve been saying it to myself for a year now, but I’m on summer break rn and I really need to do something with my life. Here’s some of the software I plan to host. Goal is to not spend more than $150-200, I do have some gift cards though.
Absolutely Will Run:
Nextcloud & Immich - I want to replace Google and OneDrive
Might do in the near future:
Jellyfin - my mom and I usually just bootleg by using Kodi on our FireTV, so not a major need rn, but might be nice for future purposes.
piHole - better overall ad blocking, so I don’t have to use nextDNS on all my devices, and maybe help my mom out.
VPN - I currently pay for Proton, and we use it on the FireTV, the TV app sucks cause it doesn’t have killswitch (PC and mobile have Killswitch). I have several devices and profiles that I use, so I was thinking maybe just an overall VPN might be nice
Seeding - I think it would be nice to give back to the community, since I torrent every now and then.
OS Plan: I plan to use Proxmox as I have a little bit of experience using it, and others seem to like it a lot for managing multiple software.
I know I don’t need to go full power mode rn, so I wanna stick with something low end that I could maybe upgrade in the future. Should I just buy a used laptop/PC, or get like an Optiplex or ThinkServer? I don’t wanna rack up my parent’s electric bill. I already got some hard drives a year ago, so but is using an external drive bad?
I know to use the Ethernet ports so my signal isn’t shit, but I gotta work out the best spot I can put my server. I do know an okay amount of networking knowledge, and I’m a cyber student anyway so this is like a fun yet educational personal project for me.
When it comes to external access and security of these services, should I stick with Tailscale? Some people have concerns over the proprietary bits and are using headscale instead I guess.
Any guidance is much appreciated!
You must log in or register to comment.
VPN - I currently pay for Proton, and we use it on the FireTV, but it sucks cause it doesn’t have killswitch.
I have been using Private Internet Access so long I can’t remember when I first started but it’s been years. I’ve had great success with PIA and I never fire up a device locally without it. It does have a killswitch, advanced killswitch, split tunnel, multi-hop with shadowsocks or socks5 proxy, openVPN or Wireguard configurations, and a dedicated IP option.
I’ve tried other top name VPNs, but imho, none come up to what PIA does.
Sorry, corrected my post as I have confused several people lol. Proton has killswitch on mobile and PC, just not Fire TVs.
Ahh…gotcha.
get a cheap N100 box. do not overspend.
How much is a kWh in your parts? Noise, ambient temperature? You can buy very decent refurbished Lenovo tiny PCs with some 16 GB RAM and 6 cores and half a TB SSD which will run Proxmox and are low power and noise. You can go multi-node Proxmox later if you want to expand. k8s and related are also an option.
First question: what will you do about data backup? Nextcloud and Immich both imply important data that you don’t want to lose. You say you have some harddrives, so look for some computer that can take more than one harddrive and then setup RAID with snapshots. I’d go for a RAID setup such that you need two drives to fail before you lose data, but there are plenty of debate. We often say RAID is not a backup - you should start thinking about the next step in your backup setup soon.
Used vs new is always the question. In general the newer the system the less power it will use to do the same work. However ARM will almost always use less power than x86 even if the x86 is much newer. I specified work here, your computer will nothing most of the time so idle power matters too.
I definitely plan to used RAID for my drives.
To follow 3-2-1, have the working copy, a copy on a SD, and a copy on cloud (encrypted of course). Depending on the size of the snapshot it will go to Proton or Google Drive (Sticking to Google is silly, I know, but I don’t have a second location to have secure my data lol). 2 is met by having it on SD and Cloud. 1 is met by saving encrypted snapshot on cloud.
The bigger point about cloud that most miss is make sure you are paying them a reasonably price for the service. So long as you are the customer and not the product the cloud can be good.
I would recommend putting the pihole and any network management tools on dedicated hardware.
It’s not fun having a random update for Transmission take down your entire internet. Ask me how I know.
Run two PiHoles. This way you can take one down for maintenance and the other keeps working.
I actually plan on putting hardware related stuff on an extra pi since I only run a single proxmox node right now. Would be home assistant and nut tools for the ups but I might put pihole and unbound on that as well.
I am worried about the performance though because of home assistant. And it is pretty comfortable to have everything on one host that is far from being used to capacity anyway.
IMO, you want ram more than you want processing power. 16 gig ought to be enough. Most of the time your containers will sit dormant and just consume memory. However since you want to run Jellyfin, get a recent CPU which can do hardware decoding of popular codecs. There’s charts online that show what generation can handle what codecs. Ideally you don’t want that done by software. You should still be able to find something cheap.
In terms of placement. It depends a lot on noise IMO. If you’re running something small without magnetic storage, you’re probably fine to stick it anywhere. If you have several data-centre grade hard drives, you will probably want to keep it somewhere where you wont hear it all day.
In terms of upgrading, I’m not sure if its as much of a concern as you might think. I run probably about 30 docker containers off a NUC clone and a seperate NAS, and that has worked pretty well for the last few years. I can always add more drives to the NAS, but otherwise its fine. Also, many of my services scale to zero with sablier+traefik, and I schedule filesharing for low bandwidth times. This makes things pretty manageable.
I would suggest a used laptop with a gtx10xx GPU and min 16gb RAM. 1 to 2 TB SSD and if there is still room And budget still 4tb HDD for jellyfin Content.
Do you have any old hardware lying around? Old gaming pc, or an old laptop? Doesn’t matter if it has a broken screen or keyboard or trackpad or can’t upgrade to win11. Maybe ask around if someone you knows has something similar.
I’d start with that. Then save the money for an upgrade to the old hardware like adding some extra RAM and a big refurbed hdds.
I think we’ve got an old MacBook with a broken screen, and a Windows laptop that slowed down because got a virus on it. Didn’t think I could use something with a broken screen, but I’ll try it maybe.
Edit: Not sure if I have their chargers though…
Either or both will likely work just fine depending on how broken the screen is. The virusy windows would be easiest (sometimes macbooks are harder to get everything working due to drivers, windows ones typically just work). But the virus will be removed when you install proxmox. I currently have 3 laptops in various degrees of old and broken being used as a proxmox cluster.
But the virus will be removed when you install proxmox Oh yeah, if I do use it I was gonna fully wipe windows into oblivion
I currently have 3 laptops in various degrees of old and broken being used as a proxmox cluster.
Oh so you can cluster multiple devices? I’ll have to check that out.
Yes you can cluster devices. I have a NAS in addition to the my laptop proxmox cluster. It lets me use the NAS as storage, so the VMs/lxc’s virtual disks are actually on the NAS. This allows me to make the VM/LXCs Highly Available. So if one laptop crashes it’ll automatically spin up the things running on that laptop on a different one. This can also be done with ceph, but I already had the NAS, so ceph seemed redundant.
I would go for refurb, business line SFF machines. Something like ThinkCentre or Optiplex. Specific form factor based on drive needs but the smaller you go the more power efficient. I have one on the bigger side (internal psu) that runs about 12W idle.
Just double check that it can handle hardware transcoding. Should fit right in your budget!
This is how I got started. HP Elite desk Mini. If you want room for full size HDDs then get the SFF version.
I’d search ebay for 9500t and get a NUC, its a 6 core processor and can be bought pretty cheaply.
Proxmox on a Lenovo micro form factor is probably a good cost effective option. Get a business class ThinkCentre, like an M720 or something similar that’s 3-5 years old that a corpo has just upgraded away from, i5 or Ryzen 5 with however much storage and RAM you want. Spin up a container specifically and only for PiHole+Unbound (and consider adding a pi or some other dedicated hardware for DNS later on for redundancy in case your main goes down), and then the rest is however you want to build your environment.
For me, I’ve got a Pi dedicated to 3 key tasks: PiHole, Unbound, and PiVPN (edit: and Nginx Proxy Manager. It’s dedicated to 4 key tasks…). It’s basically my filtering interface between the home network the rest of the internet immediately after my router handles the frontline defenses, and then I’ve got a Proxmox cluster to run most of the rest of my internal services.
If you really want something upgradeable, used enterprise SFF is the way to go: https://discountelectronics.com/
However, the hardware market is in a weird spot right now; you’ll get far more bang for your buck with an Intel N150. You can find a 16GB DDR5 w/ 1 TB SSD around the $200 mark, and that’s what I’d roll with in your shoes, assuming you don’t mind living without a spinning disk. Your Jellyfin and Immich instances will run far smoother.
Start with a vps so you can ramp up with the software.
Tailscale is great. Don’t believe the bad press. You can always switch in the future if they change their trajectory.
I run all of that on a Dell Optiplex that I bought refurbished in your price range. I couldn’t figure out the self-signing certificates to run nextcloud without a domain, so I run OwnCloud, but hopefully you’ll have better luck.
Protonvpn has a Killswitch: https://protonvpn.com/support/what-is-kill-switch
A kill switch is available to all Proton VPN users on Windows, macOS, Linux, iOS and iPadOS. Newer versions of Android now have built-in kill switch feature, as explained below.
Please note that our regular kill switch feature can’t protect you if you intentionally disconnect from a VPN server. However, the feature does protect you while switching servers with Proton VPN.
Our Windows and Linux apps now also feature an Advanced kill switch. In addition to protecting you from accidental VPN disconnections, this prevents you from accidentally using the internet without the VPN turned on, and it will persist when you shut down and restart your device. You will not be able to connect to the internet if you manually disconnect the VPN without also disabling Advanced kill switch.
or are you in a different scenario where that doesn’t work?
I’ve configured my router to set up a VPN connection to proton ( wireguard config ). I then decide which devices gonout without vpn and which with VPN. ( Default being with VPN ). If the wireguard tunnel happens to go down, the devices can’t surf the web.
Specifically talking about the FireTV, 99% sure the app doesn’t have a Killswitch, I’ve checked. I use it all the time on PC and Mobile though :)
Setting up the VPN on the router sounds great, but can home routers (I have Cox) flash VPN software on them (thought they couldn’t)? Also is it MAC or IP filtering (would I have to set a device to static IP) for deciding which devices use the VPN tunnel? How good is it about switching servers (like if a server I’m connected to is on maintenance or is overloaded)? Not too worried about the web issues, can always hop back on the regular Wi-Fi and use the app.
I think it’s MAC based, but I’m not sure
Specifically talking about the FireTV, 99% sure the app doesn’t have a Killswitch, I’ve checked. I use it all the time on PC and Mobile though :)
Ah! I can’t get a fire stick here so no experience with that.
Setting up the VPN on the router sounds great, but can home routers (I have Cox) flash VPN software on them (thought they couldn’t)?
The asus router I have has a feature called VPN fusion. I specifically bought a set of routers for my home that are in front of my ISP router because I wanted a single SSID and wanted to set my own DNS servers without having to specify them per device . They (ISP) keep restricting features on their router ( can barely do anything on them nowadays ). Also switching ISPs became easier as any config is done in my devices rather than theirs.
Also is it MAC or IP filtering (would I have to set a device to static IP) for deciding which devices use the VPN tunnel? How good is it about switching servers (like if a server I’m connected to is on maintenance or is overloaded)? Not too worried about the web issues, can always hop back on the regular Wi-Fi and use the app.
I THINK it’s Mac based, but I really can’t say. I named the devices on my router and they keep reconnecting as the same device. Either that or it uses some combination of info from the device to identify it.
E.g.: my work MacBook should switch MAC addresses every time it connects to a WiFi, but it’s consistently identified by my router.
Additionally, they have some routers that are supported by custom firmware ( asuswrt-merlin ). Mine don’t support it unfortunately. https://www.asuswrt-merlin.net/
