Cross-posted (hopefully properly) from !selfhosting@slrpnk.net
Looking for some advice on what to do with my selfhosting setup. I currently have 2 Vostro 430’s (salvaged from work), and have retrieved 5(!) newer computers from work:
-
1 ThinkStation P330 (1x16gb ram),
-
2 ThinkCentre M720 SFF’s (4x4gb ram each), and
-
2 ThinkCentre M73’s (mixed ram amounts/brands, may salvage from the Vostro’s depending)
The Vostro’s are currently setup with 1 of them being baremetal Debian with a Pihole, and a Debian VM with a Headscale server, and the other being baremetal Debian with… just a few containers, and baremetal tailscale as an exit node (I don’t like this, need to do better). Using Authelia with a password to block incoming connections, and Traefik as my reverse proxy. It also has 2x10TB and 1x7TB HDD’s in Raid1.
My current plan is to see if the M73’s are good enough for light emulation (PS1 for sure, PS2 maybe) and Jellyfin, hook 1 up to my TV (to replace the 25’ HDMI that is slowly killing itself under it’s own weight), and 1 for a relative, connected to my server via Headscale/Tailscale.
I currently have 1 of the M720’s hosting a small webserver to learn HTML so I can replace my workplace’s website (I did do a temporary replacement already, but it’s not great). Trying to decide if it is staying completely separate, or if I am utilizing it in the overall setup.
Now, what I am looking for advice on, is how best to utilize what I have, and any recommendations on better software to use.
-
Do I dedicate each computer to different tasks, or learn how to do a docker swarm/kubernetes cluster/something else?
-
Should I set up one device as a dedicated NAS, using a NAS focused OS, or continue to use SSHFS mounts?
-
Should the file storage be on the best hardware I have available, mid ranged, or should I save one of the Vostros specifically for being a NAS with nothing else running on it?
-
Should I learn how to do SSO with Authelia, or is there a better program for SSO (I want to do better with security, and SSO feels like the best place to start)
-
What do you recommend as a reverse proxy? I have my Traefik configs working great for automatic service discovery, but the way it stores the certs feels impossible to extract for other services that ask for them, and I have no idea what I am doing wrong with that - hasn’t been a problem, but I feel like I should be doing better with this.
I had other thoughts, but they swam away while writing this. If you ask a question/make a comment and I don’t answer right away, it means I fell asleep and will answer tomorrow. I am open to any and all suggestions, and am happy to answer any clarifying questions!
You must log in or # to comment.
With this many PCs, just for the fun of it I’d set them up as Kubernetes or Proxmox, passing maximum storage to one of the guests as a NAS. Then your hardware is pretty flexible for the future.
On how you want to slice up the hardware - I feel like there isn’t one right answer, and I’d do whatever feels most comfortable to admin for you. I feel like for homelab workloads, any half-reasonable setup should work fine, just make sure you have good backups.
On SSO - I have never tried Authelia, but am personally very enamoured with Kanidm. It’s very lightweight, and has pretty good default settings.
On reverse proxy - I personally use Caddy, but Traefik is good too, and can do more stuff out of the box. I just mount the certs I need readonly in the container of the service that needs them. Clunky, but works well enough for me.
honestly too poor for backup storage atm, I have a manual backup of my important shit, but definitely not a robust setup.
A few people have recommended kanidm, definitely going to look at it - not the biggest fan of Authelia at this point. No real defaults, a ton of configuration steps you need to follow, and SSO was a pain to setup last time I looked.
I have been considering caddy, as traefik has a few weird issues - for example, returning ‘I’m a teapot’ instead of its web frontend for no reason sometimes. Also, its near impossible to get useable certs to share with other services - it stores them in its own format, and the conversion tools dont really work.
