$10-15 will get you an outlet tester at just about every home improvement store. You plug it in and the three big LEDs light up and you compare it with the sticker on the device. Get one with a GFCI tester built in, when you press the button it will short to ground and if your receptacle has GFCI protection or is on a GFCI protected circuit should trip the GFCI protection.
I work IT for my day job managing a datacenter and cloud infrastructure.
I host mostly Plex, home assistant, and immich. Immich has its data backed up, I don’t care about Plex data. If it all dies, so be it.
I have a server coloed that houses some websites and email, plus some random other things I’ve setup and tested. It’s got backups, and downtime is fine.
If my self hosted stuff dies, it doesn’t matter. Nothing in my life ultimately relies on it.
I wouldn’t, you’ll lose a lot not having it manage the disks such as using dissimilar disks for the array and having it spin down unused disks. You might be able to pass disks through so the unraid VM can manage them directly, but it might be harder than I’d personally want to deal with.
If you aren’t running VMs much. Truenas scale I believe can do docker well. I’ve seen a lot of people put that in a VM on proxmox with disks passed through to be used as the NAS portion.
Plex data, pi hole, and home assistant don’t contain anything meaningful. No credentials are stored in a form that can be reused.
The most sensitive is immich, which I’m more concerned about backups than I am someone might steal my nudes. Their online anyway.
Email is hosted off-site and I still have physical files for a lot of my documents. If someone stole hdds out of my server, they’d get a lot of Linux isos, pictures of cars, porn, tons of versioned software and games installers, etc.
Maybe my definition of sensitive is different than yours though.
Nope. This isn’t part of my threat model.
I don’t have sensitive data and stealing a drive would be inconvenient for a thief.
I just picked up a 4u supermicro chassis that holds 36 3.5" disks and 2 2.5" disks.
Unixsurplus.com has some pre built ones for truenas (I’ll be running unraid.) I’m moving from a 12 bay dell with 200tb useable. Once I max out this new chassis, then I’ll be adding a jbod shelf. Those can basically double my storage without having to do much.
So many people didn’t read the post and going off how raid isn’t backup.
There are a few things to consider. How much data is it? How is it connected? How reliable do you want it to be? Where is it going to be? How are you backing it up? How will you monitor the disk(s) and backup process for failures?
Is it at some place that will be a pain to deal with if a hard drive dies, like a friend’s house or something. I’d deal with raid so it wouldn’t be an immediate reason to go fix it or go without backups.
Is it small enough amounts of data that you could have a complete third copy if you didn’t put the disks in raid? Then I’d probably make multiple copies and not use raid.
Are you dealing with something like veeam doing backup chains? Having an initial copy and then incremental with changes where you can go back to different days? Go with raid because having to reconfigure can be a hassle or having a full and incremental across jbods could cost you all the backups if the disk with the full backup is lost.
Either or is a valid choice and depends on your particular needs.
It has parity disks, which always need to be the largest disks in your array. You can run with either a single one double parity disk.
It seems to work well, as that’s how I’ve had to replace a dozen disks in the last year upgrading from 8tb disks to 18 or 22tb disks.
Since you are talking mismatched disks, I have gone to unraid after running a ceph cluster. I found it easy to keep adding and upgrading disks in unraid where it made more sense than maintaining or adding nodes. While I like the concept of being able to add nodes for very large storage arrays. My current unraid server is 180tb.
It is super simple to add/upgrade the storage one disk at a time.
Regrettably, there is currently no substitute product offered.
I really don’t think you regret a God damn thing broadcom.
As you’ve found, proxmox isnt an application that runs on windows or Linux. It’s an OS that you can install. And yes, you can configure bit to auto start the VMs when the machine boots.
It’s designed to run headless, so you’ll do all your configurations from a web browser. If you want to go crazy, I’m sure that raspberry pi can be configured as KVM for it (though piKVM is a bit of extra hardware.)
If you have something like tailscale or wireguard to a machine in the house, you can easily reach the web gui from any other machine on the VPN network and reboot the VMs that way.
You can even build monitoring that reboots the pihole VM of it stops responding to DNS queries.
Why are you wanting to move the VM to a bare metal install?
In my experience, I would think the more efficient method is to install a hypervisor like proxmox and move the VM and there. And then run another VM for pihole, and maybe even a third for tailscale. It lets you have the ability to expand as you need and to better manage backups and services easier.
Otherwise, if you are determined to go from VM to bare metal, you want to find a backup solution that can backup the whole machine and restore it with a recovery disk. I think veeam and Acronis would work. There are tons out there.
Consider power line adapters instead of wifi.
I’ve pared mine down a lot. The biggest hurdle for me has been storage.
It used to be 5 2u servers running a ceph cluster, but that got to be expensive and unruly.
Now it’s mainly a small half depth supermicro for my firewall, a half depth supermicro for home assistant, a 2u Dell for unraid, and a small NAS.
Unraid houses Plex and the *arrs. Along with a handful of other useful services like immich.
I do colo a 1u HP though that houses my pbx, web server, unifi controller, jirai server, nextcloud, email, and a bunch of other servers that I run.
Now, I’ve got a lot of spare hardware though. 7 Dell 1u servers, 2 Dell 2u, a supermicro 3u, an HP 2u and a bunch of things clients that I might turn into replacements for my rokus.
This comes into the design and requirements for your services.
If they need to be public ally available to more than just you, you’ll want a reverse proxy and appropriate firewall rules. You’ll also need to make sure things stay updated and security hardening is done on the servers and the proxy.
If you just need yourself to access things and they don’t need full access from public internet, you want a VPN. Tailscale is pretty easy. Wireguard is a bit of work to set up, but can make for a good always on VPN for your devices to connect back into your home network to access what you want.
There are certain things like SSH that you really don’t want publically accessible over the internet. Even with fail2ban and all the security hardening, it’s just a headache and pointless traffic you’ll deal with as people try to get in anyway.
Honestly, I am just so curious about your threat model that you are considering this for self hosting.
My more recent experience has been this comes from using residential ISP IPs or cloud provider IPs. These are almost always just permanently in a grey list because AWS, Google Cloud, Azure, and digital ocean instances are so quick, cheap, and easy to setup and cycle through IPs on.
My colo provided IP block hasn’t had any issues sending emails.
Full disk encryption. It wnt do anything if the server is powered on and they plug in a flash drive, but if it were to have the physical disks taken out or the server is powered down and moved.
Disable removable media. Might be able to do it in the bios, but I’d not, you should be able to in the OS.
Easiest one though is to lock the door to the room. Or to the rack if you have it in a rack.
Not the docker container IP. The IP of the machine you are running docker itself on. Nginx is running in a container, it’s not allowed to talk to the other docker container IP directly and it has a separate network stack from the listmonk container, so 127.0.0.1 only goes back to nginx.
Say your machine that you are running docker on is 192.168.0.67, the listmonk docker container is 172.16.0.89, and nginx container has an IP of 172.16.0.34.
Your nginx config would need the proxy to point to 192.168.0.67:5870.
Then make sure you don’t have ufw or some similar firewall blocking the connection from nginx to listmonk.
Most power line adaptors say to keep it on the same circuit. The one I have is running a small VoIP phone and I don’t have issues with call quality.