Ah classic IPoAC!

I run my webservers behind a pfsense firewall with ssl offloading(using a wildcard cert) with a static IP and use Haproxy to have sub-domain’s go to individual servers. Even though I’ve seen my fair share of scans, I only ever expose port 443 and keep things updated.

Recently though someone on here mentioned routing everything over Tailscale via a VPS. I didn’t want to pay for a VPS and frankly can’t even find one that is reasonably priced in the US(bandwidth limits mainly), so I threw Tailscale onto my pfsense, setup split-dns on Tailscale’s admin panel with my domain name, and then reconfigured Haproxy to listen on my Tailscale interface. Even got IPv6 working(huge pain due to a bug it seems). Oh and setup pfblocker.

My current plan is I’m going to run my webservers behind Tailscale and keep my game servers public and probably segment those servers to a different vlan/subnet/dmz/whatever. And maybe just have a www/blog landing page that is read only on 443 and have it’s config/admin panel accessible via my tailscale only.

Anyway, back on topic. I run my game servers and I don’t advertise them out anywhere(wildcard cert) and do whitelist only, yet I still see my minecraft servers get hit constantly on port 25565.

So not much you can do except minimize exposure as much as possible.

Oh for sure. Kind of forgot about that.

I usually build my own PCs, or I buy certified refurbished systems from eBay, so I usually don’t pay the Windows tax(or its baked in).

But definitely a good option to get something for cheaper, I do wish more systems had a Linux or no OS option.

And even if I plan to use Windows on a system, I usually re-install Windows anyway. Can’t be too careful with what has already been installed on something.

And to clarify, it’s pretty much only Ubuntu that is the Linux option with the standard SI’s. And I’m pretty sure it’s standard Ubuntu with gnome, not Kubuntu or being able to select a different DE, etc.

So it’s an option…but not something I’d seek out from Dell or HP specifically.

I also had the same experience with Mint having outdated packages. And at that time I was a Linux noob so I figured I’d just wait until Mint updated their shit.

Well days turned into weeks and then about 3 months later, still with no updates from Mint, I jumped ship to Fedora. Which Fedora was nice but then I hopped to Kubuntu and now I’m on CachyOS.

I see all of this Mint hype and while I do love Cinnamon; I would never put Mint on my own devices going forward. It’s definitely a distro I would put on my mom’s laptop or a grandparent’s device. But their release schedule is abhorrent.

Just looked, I guess USA servers only include 1TB of bandwidth, EU gets 20TB included.

Absolutely wild lol.

Ah I’ll have to look into this then…gotta find a VPS that will hopefully have a Los Angeles location and have decent traffic bandwidth.

Honestly never thought to use a VPS like that before. We’ve all seen using a VPS as a VPN exit node. Do you run into quota limits on the VPS or Tailscale side? Too many requests/data?

I’m gonna have to look into this for fun lol

Could you explain your setup a bit more? Because my understanding is:

Let’s say you have a blog website in your homelab. To access the blog you have to: you go to your VPS’s hostname/IP, from there the VPS forwards your request over tailscale to your homelab which then responds with your blog website?

If that’s the case, why even have the VPS and instead just use tailscale to access your homelab directly?

Unless you intend to have the VPS be a load balancer in some way? Or a filter/firewall? Or you can’t do a static IP for your homelab but you want it to be publicly accessible?

Just trying to understand why you’re doing it this way. I love seeing all the crazy ways people can set things up like this lol

Kind of, TrueNAS has “CORE” which is FreeBSD and “SCALE” which is Linux.

If you’re on CORE 13.X you can actually side-grade over to SCALE.

CORE is in maintenance only and SCALE is the path forward. So you can still get some updates on CORE I think, but everyone should be switching over to SCALE or using SCALE from here on out.

Proxmox recommends to not install anything directly on the proxmox host/baremetal.

Personally I would set this up as:

Proxmox installed on whatever single disk or raid 1 array.

Create a TrueNAS(or whatever OS you want) VM inside Proxmox. Mount the rest of the drives directly to the TrueNAS VM via Proxmox’s interface.

In the TrueNAS VM take the drives that were mounted directly to it and setup your array and pool(s) to your preference.

Now, I’d say you have two paths from this point:

• Inside the TrueNAS VM use their tools to create a VM within TrueNAS and use that for your arr stack.

OR

• Go back to Proxmox and create another VM or container and setup your arr stack in that container and point it to your TrueNAS via network mounts using internal networking from within proxmox(virtual bridge with a virtual LAN).

Either option has pros and cons. Doing everything inside TrueNAS will be a bit more simple, but you do complicate your TrueNAS setup and you’re at the mercy of how TrueNAS manages VMs(backups, restores, etc.). On the reverse with Proxmox, setting up the vmbridge and doing the network mounts is more work initially, but keeping the arr stack in a Proxmox VM/container lets you do direct snapshots and backups of the arr stack, and if you ever need to rebuild it or change it to another arr style set of tools then you can blow away the Proxmox VM and start fresh and resetup the network mounts.

Or don’t do any of the above and just install TrueNAS on the box directly as the baremetal OS and do everything inside TrueNAS.

0 bytes free is a broken environment. So that requires a fix during moratorium IMO.

Mint 21 still has support until 2027, so not exactly needed…but I get it when you only see certain family members during specific times of the year.

I’m just saying doing a full migration from ESXI to Proxmox and having to backup all VMs and import them or recreate and doing this during the holidays…I’d rather just sit on the couch and enjoy family time than be stuck in my garage or glued to my laptop.

Upgrading a family member’s laptop while shooting the shit with everyone while drinking a beer or something is just fine. Don’t need 100% focus, you’re good there man.

At work we have a nearly 2 week moratorium that covers Christmas and New Years. We do zero changes unless something breaks on its own. So everyone can take time off without worrying too much.

So I do the same for my homelab. I’ll spin up new stuff for fun(new docker containers to try out new apps), but I don’t touch my stable stuff. No reboots, no updates, no image pulls, nothing.

Personally I think the metadata alone is pretty valuable. Being able to use it as an agent for something like my Plex library would be great from my understanding.

Gnome is good if you want a Mac-lite interface and have zero plans on customizing it. Install more than 2 or 3 extensions and your DE breaks.

Or just install any other DE and have a working distro again.

Kubuntu is fine. I’ve been running that without issues for months now.

Bazzite is good too. But do push for the KDE version.

I’m as much of a nerd as the next guy, but hanging out with my HOA president? Probably the second to last thing I would ever want to do on this planet, and the last being living in a HOA.

No one is going to be interested in…whatever you’re trying to setup. Sorry buddy

I do this as well. Though if I’m deploying a stack(grafana+prometheus+cadvisor) then it all goes under a single folder like /opt/stackname/

But if I’m running multiple services that are mostly separate or not in the same stack then they go in their own folders like /opt/nginx/ and /opt/grafana/

Yes, essentially I have:

Proxmox Baremetal
    ↪LXC1
        ↪Docker Container1
    ↪LXC2
        ↪Docker Container2
    ↪LXC3
        ↪Docker Container 3

Or using real services:

Proxmox Baremetal
    ↪Ubuntu LXC1 192.168.1.11
        ↪Docker Stack ("Profana")
            ↪cadvisor
              grafana
              node_exporter
              prometheus
    ↪Ubuntu LXC2 192.168.1.12
        ↪Docker Stack ("paperless-ngx")
            ↪paperless-ngx-webserver-1
              apache/tika
              gotenberg
              postgresdb
              redis
    ↪Ubuntu LXC3 192.168.1.13
        ↪Docker Stack ("teamspeak")
            ↪teamspeak
              mariadb

I do have a AMP game server, which AMP is installed in the Ubuntu container directly, but AMP uses docker to create the game servers.

Doing it this way(individual Ubuntu containers with docker installed on each) allows me to stop and start individual services, take backups via proxmox, restore from backups, and also manage things a bit more directly with IP assignment.

I also have pfSense installed as a full VM on my Proxmox and pfSense handles all of my firewall rules and SSL cert management/renewals. So none of my ubuntu/docker containers need to configure SSL services, pfSense just does SSL offloading and injects my SSL certs as requests come in.

I have an old Windows laptop. I need to figure out how to do dual boot with Linux

For this I would recommend:

1. Install Windows first
2. In Windows, partition the disk drive to how much storage you want. So if you have a 1TB, then maybe do 500GB for Windows and 500GB for Linux? Leave the new partition as unformatted/unallocated
3. Boot up your linux installer and select the unformatted/unallocated partition for Linux to install to. Don’t erase whole disk. But let Linux setup all of it’s own formatting and partitions on the empty space

Now why do it this way? Because Windows does NOT like the boot manager being replaced and does NOT like disk space go “missing” unless it allocates it itself. If you install Windows first it’ll setup the boot manager for Windows and then when you install Linux grub will get installed and that can manage Windows pretty well.

And if you let Windows partition off the blank space for Linux then Windows knows that that empty partition isn’t owned by Windows anymore and it won’t freak out seeing the space go missing when Linux takes it over.

This article covers most: https://linuxblog.io/dual-boot-linux-windows-install-guide/

If you have two individual disk drives then I would do the same thing, install Windows on one of the drives, boot into Windows, and make sure the second drive shows up in disk utility, but it isn’t formatted for use in Windows, just unallocated/blank. Then when you install Linux you just tell it to install onto the second drive.

and get my vpn sorted (again) so he can use VMs on my Proxmox box

I would 100% recommend Tailscale for this. You can install Tailscale on the Proxmox host and then have your nephew have his own Tailscale account where you can give him access to only the Proxmox box.

I do this with my Proxmox boxes so I can remotely manage them wherever I am. When you first install Tailscale on Proxmox it may require a reboot, so I would recommend being nearby the server so you can login physically if needed, but after it has been smooth sailing for me. Been using it like this for a year or two now.

Of course just a suggestion.