Hello everyone,
I would like to get started with selfhost with two projects.
Project A (for me): A NUC with Proxmox installed on it, two VMs including a Home Assistant and a NAS system that I haven't chosen yet.
The only question I have with this project is:
- how to access the NAS and HA separately from the outside knowing that my access provider does not offer a static IP and that access to each VM must be differentiated from Proxmox.
~~Project B (for my uncle):~~ ~~A NUC (with Proxmox or not, I don't know yet, perhaps simpler for making backups), with HA but especially Frigate.~~ ~~The goal is to use Google Coral to do recognition on 3 video surveillance cameras.~~
~~My questions are:~~
- ~~is Coral really useful with 3 cameras?~~
- ~~do you need a Coral in USB or M.2 version?~~
- ~~are there affordable NUCs with free M.2 slots?~~
- ~~won't proxmox add a layer of complexity with Coral/Frigate/a Zigbee dongle?~~
Thank you in advance for your help and sorry if my post is long.
~~PS: if you have recommendations for cameras that work with Frigate and are self-powered with solar panels, I'll take them!~~
Edit : 8 april 2024
A little update. Thank you everyone for your super quick responses!
Regarding my uncle's project and after big discussions, he is going to buy Reolink cameras and that's it. This will be much simpler for maintenance than building a server.
Regarding my project: I chose a Beelink Mini S12 pro with an N100 processor (for its low consumption) with a 2.5 bay for an SSD for my Nextcloud.
I wondered if I wouldn't take the opportunity to add pihole and that's where new questions arise...
I see a lot of people installing Pihole on Docker, should I put it on Docker? Or create a VM?
Should Docker be installed on Proxmox or on a VM?
Is Proxmox really useful, shouldn't I better install HA/Nextcloud/Pihole under Docker directly?
Should I use LXC or Docker?
Nah it sounds far too simple to "just install Tailscale and you're good" doesn't it? But it really is kinda that easy.
Install the Tailscale add on for Home Assistant, sign in and set up an "exit node" (it's a menu item, easy) then install Tailscale on your phone.
Switch it on on your phone outside your network. 3 dots in the app and select "Use exit node" and select the one you set up.
Now on your browser on your phone just type in the IP address of the self hosted service (I just have my home page address set to Homarr which has them all) and you're done.
Really damn easy, and free
Edit: That exit node you set.up is inside your network. Tailscale tunnels to that exit node inside your network without open ports, so when you do as above, you're essentially inside your network.
I use work WiFi. Work block WhatsApp. When I connect through Tailscale via work WiFi, my WhatsApp works fine, because I'm using my own home network to send/receive messages
Tailscale is great, but it's not something that should be shouted from the rooftops.
I use tailscale with nginx / pihole for my home services BUT there will be a point where the "free" tier of their service will be gutted / monetized and your once so free, private service won't be so free.
Tailscale are SAAS (software as a service), once their venture capital funds look like their running dry, the funds will be coming from your data, limiting the service with a push to subscription models or a combination.
Nebula is one such alternative, headscale is another. Wire guard (which tailscale is based on) again is another.
I hear what you're saying and honestly it's not something I had thought about, so thanks for that.
For myself I should be good if your prediction comes true since I already have Home Assistant through my own domain using Cloudflare. I could theoretically move all my stuff to my own domain and Nginx, etc.
I like Tailscale because I don't have to do all that. I'm new to Self Hosting (no I'm new to running multiple VMs) so finding something that just works with minimal effort is great for a noob. I wanna learn the things (networking), but I wanna learn other things (loads!) first.
Cloudflare and a Domain wasn't as hard as DuckDNS and Nginx, but Tailscale was easier and cheaper than that in my adventures on Home Assistant. I've gone from hard to easy mode.
At some point a hobby has to cost money, I may be happy to pay for Tailscale if there's more features. I'd like to replace SMB mounts with Tailnet mounts, but currently that's not a thing to my knowledge.
Oh and I'm not really shouting from rooftops on a self hosted Lemmy server, it's more like a quiet chat around a campfire telling a potential newcomer and easy way. It may cost in the future or they may make enough from Businesses that they keep a free tier, but currently it's free and easy.
Ahh the shouting from the rooftops wasn't aimed at you, but the general group of people in similar threads. Lots of people shill tailscale as it's a great service for nothing but there needs to be a level of caution with it too.
I'm quite new to the self hosting game myself, but services like tailscale which have so much insight / reach into our networks are something that in the end, should be self hosted.
If your using SMB locally between VMs maybe try proxmox, https//clan.lol/ is something I'm looking into to replace Proxmox down the line. I share bind-mounts currently between multiple LXC from the host Proxmox OS, configuration is pretty easy, and there are lots of tutorials online for getting started.
Now then:
Are you sharing SMB mounts? I have my HDDs passed through to OMV and have considered just trying to pass them through to other VMs, but never tried because I don't wanna break anything.
I have seen that you can share SMB to Proxmox and use them in Proxmox but don't know if you can use them in VMs too.
As it is I really struggled with mounting smb for a couple of weeks and then had an "aha" moment last weekend, and have it all figured out now.
The Tailnet idea was so I can just mount everything to the Tailnet and stop worrying about whether it's on this vlan or that. I was trying to set up an Openwrt container with VPN, which I could use for any container that needs a vpn, but then those containers couldn't see the main network properly...
I've given up on that now and have my SMB mounts all set up, but feel like pass-through would give better network speeds for moving things around.
Yeah there is a workaround for using bind-mounts in Proxmox VMs: https://gist.github.com/Drallas/7e4a6f6f36610eeb0bbb5d011c8ca0be
If you wanted, and your drives are mounted to the Proxmox host (and not to a VM), try an LXC for the services you are running, if you require a VM then the above workaround would be recommended after backing up your data.
I've got my drives mounted in a container as shown here:
Basicboi config, but it's quick and gets the job done.
I'd originally gone down the same route as you had with VMs and shares, but it's was all too much after a while.
I'm almost rid of all my VMs, home assistant is currently the last package I've yet to migrate. Migrated my frigate to a docker container under nixos, tailscale exit node under nixos too while the vast majority of other packages are already in LXC.
This all sounds awesome. So eli5 I have all my drives mounted to Proxmox, then passed through to OMV in a VM.
I can just mount these same drives to containers no issues right now, and I can add them to VMs using your link?
I would like to get down to LXCs too, but I've found VMs so much easier to set up and use. I'll try your way
I've not tested the method linked but yeah it would seem like it's possible via this method.
My lone VM doesn't need a connection to those drives so I've not had a point to.
You could probably run OMV in an LXC and skip the overheads of a VM entirely. LXC are containers, you can just edit the config files for the containers on the host Proxmox and pass drives right through.
Your containers will need to be privileged, you can also clone a container and make it privileged if you have something setup already as unprivileged!
I think you guys lots me haha!
I'm hesitant about it too for the same reason but not sure if I'm being unreasonable given that I rely on so many other free services. However, this is one that would potentially have access to everything I do.
I'm watching headscale with interest until its safe enough for me to try breaking it!
I still use it, the service is very handy (and passes the wife test for ease of use)
Probably some tinfoil hat level of paranoia, but it's one of those situations where you aren't in control of a major component of your network.
Definitely don't commit to a free service without planning for a transition when that service changes.
Fortunately Tailscale is built on Wireguard. So it's an easy way to get started with Mesh Networking, and then you could transition to Wireguard if needed.
Hamachi did the same thing 20 years ago, and is still around (I think) with a free tier that lets you have 250 clients. It just doesn't have mobile apps, which is a show stopper for me.
Tailscale also has the "Funnel" feature, which can route traffic into your Tailscale network without using a Tailscale client.
I'm currently on a free tier of TS, and will have no problem paying for the service once I go production. It's not expensive for what I'm getting ($50/year IIRC, because I'm one user). Could be a little pricey if you pay per workstation (so using the subnet router option would save subscription cost).
I could just switch to self-hosting Wireguard, it's the protocol Tailscale is using.