Considering directions for combining several home IT functions

[ADFH]

Hey folks,

 

Long time listener, first time caller..

 

Wanting to consolidate my "always on" home IT into a more consistent and useful setup for hosting VMs/containers, firewall, media serving etc., looking for some starting points. Looking for ideas for a server that could play multiple roles:

• Data storage (AV files, VMs/containers, maybe some backups that then get funnelled to/from elsewhere)
• Application hosting (be it containers and/or VMs) - I really need to get my head around things like Docker, Python, Ansible etc.
• Firewall/routing - my router's EoL, and the WiFi + internal networking is handled by UniFi kit, so I figure a suitable VM/container should be able to handle? I'd also like more flexibility to be able to run VLANs to quarantine a slowly increasing amount of IoT stuff - the Asus can do VLANs, but it's messy AF
• DVR for network cams

Right now, from an infra perspective I have:

• EoL Asus RT-AC5300 router running Merlin FW (just routing + DNS, WiFi off)
  The Asus router has done really well, but Asus has EoL'd it, so it'll stop getting firmware support soon, and as I don't use its wifi, could probably be more useful at my folks, to replace their RT-AC3200 which doesn't give them enough coverage. I figure it'll handle their needs (and I can turn off bulk of externally facing things), and I could move firewall/router duties to a VM or container on a suitably powered server.
   
• AMD Phentom II X4 840 w/12GiB of RAM and 8TB of drives stitched together in an old Define R3 running Ubuntu LTS with MergerFS playing media server, Kodi MySQL backend, minecraft server, UniFi controller
  This box was a hand-me-down from a friend, and it's done ok, but I figure for the power budget of an always on computer, something else could be doing more, like providing me with a space to play with VMs and containers (this is where the home lab element really comes in). I also think I need more storage.
   
• UniFi switches + APs to network the house
  This part's working fine, though getting the controller to run in bare metal linux is a pain with java dependencies, and a container or VM would probably be better.
   
• Nvidia Shields (the cylinder shaped ones) on the main TVs for media playback (embedded smarts in TVs seem to universally suck)
  Kodi works... okayyyyy.. on them, but impression I get is that I could do better with a different choice of server software and/or something to better manage/collect media on the backend than just NFS + MySQL
   
• tt-rss + Postgresql running on my desktop in the background for feed reading
  Right now, it's running native, on my desktop which otherwise wouldn't have to be switched on all the time. It's also technically only supported inside a container or VM, so it would be nice to consolidate the functions of "always on" equipment to fewer devices
   
• Dahua DVR
  Has a crap web interface that requires proprietary plugins and/or proprietary app to see vision, a ... meeeeeh ... mobile app

Am I right to think I could consolidate the functions into a single system, or are they better split off? I mean, I could go for a NAS setup of sorts that wasn't a powerhouse.. same for something to play router with something like OpnSense or the like. I admittedly suffer very easy choice paralysis, so starting is often the hardest step for me (give me a bucket of parts and I can probably MacGyver something up - ask me to choose what goes in the bucket and I spin my wheels a lot).

Hope I haven't rambled too much, and apologise if I missed a post that covered this exactly (happy to be pointed off to an existing post if what I've said is covered).

[TheGreatestGazoo]

There will be a million opinions on this. Myself, I prefer to keep all these functions split off on separate hardware at home. More points of failure, but also not only one point of failure for everything. I don't need much redundancy at home either - I keep old gear around that can sub in if needed for an emergency. Multiple points is easier to upgrade one component if EOL happens again and typically easier to troubleshoot as well. Maybe consider a Unifi Dream Machine Pro or SE to replace the router and move the controller to it. You could also consider moving to their Protect but I think it's difficult or impossible to get it to work with non-Unifi cameras? I have to say I am not a huge fan of the Protect app (mobile and PC) and their cameras are overpriced comparatively speaking - however they have been rock solid reliable for me for 5+ years.

 

My server is loaded in a cheap Rosswill 4U and runs consumer mobo and Ryzen 1600 with 32GB or ram. I think I have 60TB in there of storage. Running MS Server 2022 because I got a license for free, no containers or anything - I just got everything running as a service including Plex and a couple of other things. It was the easiest way for me to set this up since I have limited knowledge of Linux stuff.

[ADFH]

2 hours ago, TheGreatestGazoo said:

There will be a million opinions on this.

It's always the way, eh?

2 hours ago, TheGreatestGazoo said:

I don't need much redundancy at home either - I keep old gear around that can sub in if needed for an emergency. Multiple points is easier to upgrade one component if EOL happens again and typically easier to troubleshoot as well.

Oh for sure.. I have had to dip into random assortment of cra useful parts in my garage many times . I guess I'm thinking, however, of upskilling in VMs and containers, because they're something that's increasingly a part of my work.

2 hours ago, TheGreatestGazoo said:

Multiple points is easier to upgrade one component if EOL happens again and typically easier to troubleshoot as well. Maybe consider a Unifi Dream Machine Pro or SE to replace the router and move the controller to it. You could also consider moving to their Protect but I think it's difficult or impossible to get it to work with non-Unifi cameras? I have to say I am not a huge fan of the Protect app (mobile and PC) and their cameras are overpriced comparatively speaking - however they have been rock solid reliable for me for 5+ years.

I guess the fear of things becoming obsolete is why I like the idea of devices whose functions can be retasked as they age, until they no longer support new software. I like the UniFi APs and switches I have, because with those, you need specific hardware anyway, and they seem to offer the most management features without some pesky recurring fee. I'm a little less certain on their control and storage appliances, given the amount of lock-in. I've found the controller software a bit dubious too, given it often can't seem to figure out the network topology properly without the hack of reloading the config without the data (I would have thought it could figure out the basics by peeking at each switch's ARP cache?). I also saw some commentary about how apparently some of them use flash storage that can wear out, and be difficult to replace, depending on the version?

2 hours ago, TheGreatestGazoo said:

My server is loaded in a cheap Rosswill 4U and runs consumer mobo and Ryzen 1600 with 32GB or ram. I think I have 60TB in there of storage. Running MS Server 2022 because I got a license for free, no containers or anything - I just got everything running as a service including Plex and a couple of other things. It was the easiest way for me to set this up since I have limited knowledge of Linux stuff.

Yeah.. "server" here is much older. Only 8TB of storage in 3x2TB + 2x1TB drives, with 12GiB RAM.. it's done ok, but I've used up all the SATA ports now, and I'd like somewhere to park containers/VMs/virtual appliances, and have some more storage for all my Linux ISOs. I'm comfortable at the Linux command prompt, but my experience is mostly my own bare metal boxes whereas the trend now in business settings is for containers. I see expanding my home setup as not only a chance to improve things at home, but learn more about how they work (I learn best when I have a task to achieve ).

 

I've liked my Asus RT-AC5300 because with the 3rd party firmware I have on it, I can install packages, tweak the firewall etc. and it's done pretty well pushing through my internet connection (1000/50 - Australia's NBN is stingy AF on uplink speeds). It's been EoL'd by Asus now, however, which means that it won't be getting firmware updates - and whilst I could try messing with OpenWRT or DD-WRT, I like the idea of the firewall router being less about the hardware, and more about the software, in that it's just a package I could potentially load on anything.

 

I guess where I've been spinning my wheels is it seems that when it comes to firewall/routers, network storage, VM/container hosting etc. there's a lot of overlap.

• Several of the NAS OSs seem to support containers as standard
• Mini PCs on which I might run a firewall appliance can also run containers
• A decent enough machine could run it all
• Separating storage from VM/container execution unless one went really overboard could slow performance due to IO latency

I take your point about single points of failure for single tasks, so maybe keeping the firewall router duties separate might make sense, but combining storage + appliance/vm/container hosting seems to make sense.

 

Guess I'm curious to see what directions others have taken too.

[ADFH]

An update on what I ended up doing..

 

I bought a small fanless mini PC I'd seen over on STH, loaded it with 64GiB of RAM, 1TB NVMe drive, and Proxmox VE.

 

Under that, I have two LXC containers:

• UniFi Controller
• TT-RSS news feed aggregator

... and a KVM VM:

• OPNsense firewall router

... with the WAN interface using VT-x IOMMU PCI passthrough stuff to OPNsense, so the Proxmox VE hypervisor OS doesn't bind to it at all.

... LAN interface currently a virtual network in a bridge within Proxmox so it can share the connection to its containers etc.

 

I'm thinking eventually I'll set up a tagged trunk port out of the OPNsense VM into my switch so I can isolate things like IoT or guests.

Still not sure what I'm going to do about storage - our media "server" is still just an old AMD with 8-9TB of HDDs running mergerfs to stitch them together (yes, I know, no redundancy... but it's not mission critical data). New mini PC can connect 4 plain SATA ports to an external drive enclosure, so it _could_ do storage I guess with the right capacity drives?