Is this urbackup-docker in a VM or an LXC? If the latter, you don’t need to add it in storage at all; you can bind mount the folder and use it directly. Here’s some info on that. If it’s in a VM and you want to use the directory directly (as in not just make a disk image inside the directory to pass as a block device) you’ll have to do some file sharing to the VM.
It sounds like you’ve got your solution already, but just in case someone stumbles on this later, I thought I’d mention autofs.
I’m coming to prefer it over fstab entries because it handles disconnections nicely and attempts to reconnect. Worth checking out for those who haven’t played with it.
Could be. If that’s the case, it’s nothing I’ve noticed. I’ve got a 32gb VM and I’m running a bunch of LXC and docker containers on it without issue.
I’ve never heard anyone else mention them, but I’ve had really good luck with https://www.ssdnodes.com for the past several years. I don’t recall ever using their support, but I did have a policy question before buying when I first signed up and they were pretty quick to reply. I think I found them on LowEndBox.
I second mailcow. It’s what I’ve been using for years and it’s pretty great.
One thing I’ll add is before you take the plunge, make sure your VPS address isn’t on a block list somewhere. Pay a visit to mxtoolbox.com and you should find some resources there.
I’m a fan of the UniFi and Omada lines, but for your use case, I’d be looking for any AP that could run OpenWRT. That’s a super-powerful Linux-based router OS that meets all your needs and will present a nice web interface for each AP, no controller needed.
Check the project’s site for hardware compatibility, but I’ve had good luck with the GL.iNet travel routers and I bet some of their bigger models would do the trick for you.
I completely agree with this. Seems like a stellar use for either Cloudflare Tunnels or Tailscale’s similar Funnel feature.
Connect it only to the gramos deployment and that will be the only piece of your setup available publicly.
I have a couple older Minis in my Proxmox cluster. One’s a 2012 model and the other is a 2018. They both run great (and the 2018’s got 64GB of RAM and 10Gb Ethernet). I’m not sure I’d go looking for them for a homeland, but they’re great to repurpose.
A bind mount kind of shares a directory on the host with the container. To do it, unless something’s changed in the UI that I don’t remember, you have to edit the LXC config file and add something like:
mp0: /path/on/host,mp=/path/in/container
I usually make a sharing dataset and use that as the target.
From that prompt, type ls -l. That will show you a listing of the items in the /var/www/html directory and there will be columns for the user and group that own each file. It will most likely say www-data.
How about option 3: let Proxmox manage the storage and don’t set up anything that requires drive pass through.
TrueNAS and OMV are great, and I went that same VM NAS route when I first started setting things up many years ago. It’s totally robust and doable, but it also is a pretty inefficient way to use storage.
Here’s how I’d do it in this situation: make your zpools in Proxmox, create a dataset for stuff that you’ll use for VMs and stuff you’ll use for file sharing and then make an LXC container that runs Cockpit with 45Drives’ file sharing plugin. Bind mount the filesharing dataset you made and then you have the best of both worlds—incredibly flexible storage and a great UI for managing samba shares.
Not my reply, but I’ve also had mixed tests playing with Netmaker. It’s a project I really want to like, but getting clients to work together is sometimes finicky. It’s a young project, so maybe the kinks will get worked out. I do like the admin UI.
If you’re looking for something more or less in the same footprint, I understand those cheap Wyze cameras can be used. There are alternative firmwares available that can be flashed to them to open up the rtsp stream to whatever self-hosted recorder you’d like. Haven’t tried it, but have heard it mentioned on the Self Hosted podcast.
It’s been on my agenda for a while to set up a Matrix server with an iMessage bridge with the idea I could interact with all of my message protocols from one place. I haven’t gotten around to it, but it might be worth a look.
Who says you can only get one? Don’t let the perfect be the enemy of the good; just get one of the fun ones you already came up with and in the future if you need a different one get that too. That’s been my approach, anyway.
I’ve done something similar, though not with openwrt. There may be a decent way to do this on the firewall, but I ended up using the ACLs available from the Tailscale console.
I removed the default allow all rule. I made a group called admins that can access everything and then added a set of routes that everyone on the tail net could access.
I’ve only recently set this up, but initial testing seems to have this working as hoped.
Sorry to say I’ve never heard of spaceship, but wanted to make sure you know that Cloudflare now has a registrar service, so if you’re already using them for DNS, that might be worth a look for you.
This is the route I went as well. I have a couple MPU2016s at different sites. Like, u/aodhsishaj indicated, they’re pretty cheap on the used market; just bear in mind that you’ll need a module for each machine. I think this makes sense if you have multiple machines, but I’m not so sure mine can power cycle connected machines (as in with AHCI controls). I can, however, reboot from the command line and interact with BIOS, etc.
Gotcha. That makes sense. My own thoughts are that if you mitigate all of the attack surfaces you can, it ends up coming down to the robustness of the particular app. I’ve never played with keycloak, so can’t speak intelligently about that, but I’ve got authentik setup in a similar configuration. I limit access so the only way in is via either the reverse proxy or the PVE console and basically keep an ear out for security and software updates.
As I type this, it occurs to me that perhaps there’s a fail2ban integration that could be added to limit credential guessing at the keycloak webui.
You’ve got some decent answers already, but since you’re getting interested in ZFS, I wanted to make sure you know about discourse.practicalzfs.com. It’s the successor to the ZFS subreddit and it’s a great place to get expert advice.