from DarkSirrush@piefed.ca to selfhosted@lemmy.world on 12 May 17:43
https://piefed.ca/c/selfhosted/p/718755/upgrading-my-home-server-setup
Cross-posted (hopefully properly) from !selfhosting@slrpnk.net
Looking for some advice on what to do with my selfhosting setup. I currently have 2 Vostro 430’s (salvaged from work), and have retrieved 5(!) newer computers from work:
-
1 ThinkStation P330 (1x16gb ram),
-
2 ThinkCentre M720 SFF’s (4x4gb ram each), and
-
2 ThinkCentre M73’s (mixed ram amounts/brands, may salvage from the Vostro’s depending)
The Vostro’s are currently setup with 1 of them being baremetal Debian with a Pihole, and a Debian VM with a Headscale server, and the other being baremetal Debian with… just a few containers, and baremetal tailscale as an exit node (I don’t like this, need to do better). Using Authelia with a password to block incoming connections, and Traefik as my reverse proxy. It also has 2x10TB and 1x7TB HDD’s in Raid1.
My current plan is to see if the M73’s are good enough for light emulation (PS1 for sure, PS2 maybe) and Jellyfin, hook 1 up to my TV (to replace the 25’ HDMI that is slowly killing itself under it’s own weight), and 1 for a relative, connected to my server via Headscale/Tailscale.
I currently have 1 of the M720’s hosting a small webserver to learn HTML so I can replace my workplace’s website (I did do a temporary replacement already, but it’s not great). Trying to decide if it is staying completely separate, or if I am utilizing it in the overall setup.
Now, what I am looking for advice on, is how best to utilize what I have, and any recommendations on better software to use.
-
Do I dedicate each computer to different tasks, or learn how to do a docker swarm/kubernetes cluster/something else?
-
Should I set up one device as a dedicated NAS, using a NAS focused OS, or continue to use SSHFS mounts?
-
Should the file storage be on the best hardware I have available, mid ranged, or should I save one of the Vostros specifically for being a NAS with nothing else running on it?
-
Should I learn how to do SSO with Authelia, or is there a better program for SSO (I want to do better with security, and SSO feels like the best place to start)
-
What do you recommend as a reverse proxy? I have my Traefik configs working great for automatic service discovery, but the way it stores the certs feels impossible to extract for other services that ask for them, and I have no idea what I am doing wrong with that - hasn’t been a problem, but I feel like I should be doing better with this.
I had other thoughts, but they swam away while writing this. If you ask a question/make a comment and I don’t answer right away, it means I fell asleep and will answer tomorrow. I am open to any and all suggestions, and am happy to answer any clarifying questions!
threaded - newest
On how you want to slice up the hardware - I feel like there isn’t one right answer, and I’d do whatever feels most comfortable to admin for you. I feel like for homelab workloads, any half-reasonable setup should work fine, just make sure you have good backups.
On SSO - I have never tried Authelia, but am personally very enamoured with Kanidm. It’s very lightweight, and has pretty good default settings.
On reverse proxy - I personally use Caddy, but Traefik is good too, and can do more stuff out of the box. I just mount the certs I need readonly in the container of the service that needs them. Clunky, but works well enough for me.
honestly too poor for backup storage atm, I have a manual backup of my important shit, but definitely not a robust setup.
A few people have recommended kanidm, definitely going to look at it - not the biggest fan of Authelia at this point. No real defaults, a ton of configuration steps you need to follow, and SSO was a pain to setup last time I looked.
I have been considering caddy, as traefik has a few weird issues - for example, returning ‘I’m a teapot’ instead of its web frontend for no reason sometimes. Also, its near impossible to get useable certs to share with other services - it stores them in its own format, and the conversion tools dont really work.
I found Authentik was the one that stuck for me, Authelia was always a bit brittle. Using Caddy due to a mix of Docker and LXC containers making Traefik seem like a bit too much trouble. I used to use NPM but that was a bit of a pain to get working at one stage and Caddy was the interim solution that hung on. I miss being able to manage reverse proxy via GUI. But for how often I need to map new services 5 lines in a config file to use the wildcard I already have is really no stress.
I haven’t dug any deeper but Proxmox keeps killing my router VM due to OOM at the moment which is a bit of a pain and every time I think I have it sorted it crops back up, only been doing it since the update from V8 to V9. I’m almost at the point where I just scrap Proxmox and run OPNSense bare metal, but it always seems like such a waste to have an N300 box with 16GB of ram and 1 tb SSD driving a small network, 20ish devices and a dozen or so VMs and containerised services doesn’t really stress that hardware.
I initially started virtualising to get around periodic resets of the i226 network cards on my router box. Was kinda wild that virtualising and using Virtio was so much more stable and consequently faster than running on bare metal. Wonder if that’s changed since then.
Huh, Authentik was what I used before Kanidm. Wasn’t anything wrong with it per se, but there where a lot of moving parts and complexity rhat didn’t really serve a purpose for me.
I thought about kubernetes or proxmox, but I don’t really see any reason to. All my containers are controlled via podman quadlets, and either run on a single machine locally, or on a VPS.
A lot of moving parts and unnecessary complexity is why I want to drop Authelia, that and the user management being a text file that I have to modify as root/change permissions on just to change is annoying.
Oh don’t get me wrong I barely scratch the surface of what Authentik can do… It stuck for me because I could ignore the complexity and it was functional with what I know. Especially how easy it has been to onboard users and add new services, especially with regards to SSO(I initially used it just as Auth to replace HTTP Basic).
I will definitely look at kanidm though. I haven’t made a change to the core operation of my setup in a year or so, might be time to give in to the itch.
Yeah, I agree with Authelia feeling brittle. I have seen a lot of people switch from traefik to caddy, and I am definitely considering it at this point - I am a bit worried about the lack of GUI as it is definitely easier to see if something is wrong by opening that up (when it actually works) than reading logs, but i also heard caddy has a plugin for a GUI?
I have considered looking at proxmox, but i don’t think i do enough vm’s to justify it, and I dont have any dedicated WAP’s so OPNSense just isnt worth it for me, though if that ever changes I would definitely consider it.
I imagine there are Caddy GUIs, I just don’t find them necessary. The last service I added was the work of 20 seconds to add, I did it while waiting for the Docker pull to complete. I’m not sure a GUI would make that significantly faster/easier. But your mileage may vary. Especially in the initial setup phase.
I have generally been happy with Proxmox to increase the versatility of my setup. It’s so liberating to be able to spin up a simple VM and test something out before commiting to changes. I also have a small old machine that just chugs away with a VM for hosting a couple of containers and only gets updated every few months so its not like it’s only useful for ephemeral stuff.
OPNSense, I use the Asus router it replaced in AP mode, but I do want to ditch that. Strongly considering sitting a couple of Unifi APs up in the field cavity (renter so no drilling holes for me). I have 2 cat6 lines I was able to get run from the garage to the living room (some numpty thought the connection box for the internet should be in the middle of the wall in the lounge room so have to have the cables) so I can get up there, cut and terminate one of the lines and add a switch with POE.
Honestly OPNSense has been fun, but I barely scratch a quarter of its capability. I could and probably should just use the Asus router as a router.
With this many PCs, just for the fun of it I’d set them up as Kubernetes or Proxmox, passing maximum storage to one of the guests as a NAS. Then your hardware is pretty flexible for the future.
I was definitely debating doing something like that, I would just need to actually learn how.
The cluster would definitely only have 3 systems, one of which having actual storage space and the other 2 having at most 1TB (but would be on SSD/NVME drives).
My biggest concern is if I can migrate my current docker stack without much issue, or if I would have to start from scratch.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
[Thread #287 for this comm, first seen 13th May 2026, 13:40] [FAQ] [Full list] [Contact] [Source code]
To anyone that may want an update:
the fuck out ofa Vostro’s case, as the M720’s can only hold 1 HDD, 1 SSD and 1 NVME drive1012gb drives as I found out the M720 uses a 10pin power connection, and the 10pin PSU I had doesn’t have a single sata power connection (and is only 280W). I didn’t trust using the 4pin mobo to sata power for 2 12tb HDD’s, especially on a 280W PSU.