Too much hardware, I want to simplify. What to do?

[jsdifuhy76]

Hi everyone,

 

I have been struggling on my own and using AI and I can't seem to be happy with any setup. I recently got some extra hardware and I wanted to use it to simplify the setup, make it make more sense, be less power hungry, more efficient etc. but I've found some roadblocks.

 

I have the following devices, per location:

My brother's place:
- Old i7 laptop, 32GB RAM, GTX 960M used as a server hosting on Docker nextcloud, onlyoffice, immich, plex, formbricks, minio, swag, librespeed, navidrome, romm, traccar, arr stack, swag (only added the big ones)

- Synology NAS with 30+ TB and 32GB RAM

- UPS (for laptop and NAS)

- Unused 5Tb HDD with adapter

 

My place:

- Mini PC with N100, 8GB RAM used as a server hosting on Docker swag, musicassistant, navidrome, frigate, homeassistant, zigbee2mqtt, mosquitto, piper, pihole, jellyfin, unbound, wgeasy (wanna do local AI)

- Unused Mac Mini M1 with 1TB SSD and 16GB RAM

- Unused Custom PC without case (Ryzen 7 3700x, RTX 2070 Super, 32GB RAM, ASUS Prime B500A-M, 128gb SSD, 700W PSU)
- Unused Raspberry Pi Zero 2

- Unused GTX 1650 GPU

 

 

My initial optimisation idea was the following:

 

Selling old laptop, still works flawlessly, but I would like to retire it. Also sell the Custom PC and keep the raspberry pi for future minor projects.

 

My brother place:

- Mini PC with N100 hosting wgeasy, pihole,

- 5Tb HDD for offsite backups

 

My place:- Mac Mini M1 hosting *everything* from both servers
- Synology NAS
- UPS powering both Mac Mini and NAS

 

Main issues with this:

- My place ISP blocks all ports up until 1024 (cannot access router, they do not provide password), so all webpages and publicly available services (nextcloud, navidrome, onlyoffice etc.) still needs to be hosted at my brother's place to avoid using port 8443 in the url. BUT, if I do that, then I need the NAS to stay there as Nextcloud is pointing using SMB to the NAS and using VPN would not be ideal (see last point).  For my current setup, I can publicly access my home automation services using port 8443, it does not matter as it's only for me and my wife and we are using the external connection of HomeAssistant when away

- I think all those services will be a bit too much for the Mac Mini. Right now, the total amount of RAM used between the two servers is 25Gb... Nextcloud, onlyoffice etc. are so RAM hungry

- I would migrate from Docker to Orbstack, but it's still VMs, so hardware passthrough will be a pain for my Z2MQTT USB module and I can forget about GPU passthrough. I could natively host Frigate, Plex, Jellyfin and Z2MQTT but I don't really like the idea...

- I could redirect all traffic from my brother's place to mine using wireguard tunnel but I think that's a "dirty" approach and it'll be slower, as between my brother's place and mine there are more than 1500 miles and the routing sucks. I have to use a VPN to get better speeds that without any VPNs lol

 

So I thought about using the Custom PC without a case, get a case and use it to host all those services. Problem is, where I live it gets *hot* and I cannot have this in its own temperature controlled cabinet, it must be at the office or living room. And it will be power hungry, it'll get hot, it's big and most likely noisy.

 

 

So, in the end, what can I do? Did I oversee anything obvious? Should I sell everything and buy something else? I thought the Mac Mini M1 would make my life easier but seems to have done the opposite.

 

Any ideas will be greatly appreciated!

 

Thanks in advance to everyone.

[Mina G]

3 hours ago, jsdifuhy76 said:

- My place ISP blocks all ports up until 1024 (cannot access router, they do not provide password), so all webpages and publicly available services (nextcloud, navidrome, onlyoffice etc.) still needs to be hosted at my brother's place to avoid using port 8443 in the url. BUT, if I do that, then I need the NAS to stay there as Nextcloud is pointing using SMB to the NAS and using VPN would not be ideal (see last point).  For my current setup, I can publicly access my home automation services using port 8443, it does not matter as it's only for me and my wife and we are using the external connection of HomeAssistant when away

i don't think leaving things in public like that is a good idea if you could setup VPN and use it only through the VPN is better from security standpoint and i mean seriously this very dangerous 

of course  change the VPN ports 

 

 

3 hours ago, jsdifuhy76 said:

So I thought about using the Custom PC without a case, get a case and use it to host all those services. Problem is, where I live it gets *hot* and I cannot have this in its own temperature controlled cabinet, it must be at the office or living room. And it will be power hungry, it'll get hot, it's big and most likely noisy.

that depend  on the load and the cooling maybe add bigger cooler  to give you thermal buffer and quieter fan with quit fan curve 

in term of power maybe but laptops isn't designed to be servers beside the pc will give a better flexibility 

Edited March 5 by Mina G
REmoved a section that wasn't needed

[LIGISTX]

Cloudflare zero trust tunnels is your answer. No need to open ports on your router… Cloudflare punches a hole out, connects to their infrastructure, then you point your domain at the tunnel. Every service I run that needs to be public slot accessible has its own domain pointed to it. So for example… homeassistant.my domain.com and nextcloud.my domain.com, no ports need to be opened, and you can set up as many as you need with a domain and A records. 
 

Id look into this as it solves your port forwarding issue entirely. 

[jsdifuhy76]

13 hours ago, Mina G said:

i don't think leaving things in public like that is a good idea if you could setup VPN and use it only through the VPN is better from security standpoint and i mean seriously this very dangerous 

of course  change the VPN ports 

 

 

that depend  on the load and the cooling maybe add bigger cooler  to give you thermal buffer and quieter fan with quit fan curve 

in term of power maybe but laptops isn't designed to be servers beside the pc will give a better flexibility 

 

Everything is behind a reverse proxy, secure passwords (using 1password) and TFA for the services that have them, like Nextcloud. I also keep everything up to date.

 

About the cooling, it's already got a good, big cooler with two fans. It's not noisy in standby, but as soon as I start adding services things will get hotter.

 

3 hours ago, LIGISTX said:

Cloudflare zero trust tunnels is your answer. No need to open ports on your router… Cloudflare punches a hole out, connects to their infrastructure, then you point your domain at the tunnel. Every service I run that needs to be public slot accessible has its own domain pointed to it. So for example… homeassistant.my domain.com and nextcloud.my domain.com, no ports need to be opened, and you can set up as many as you need with a domain and A records. 
 

Id look into this as it solves your port forwarding issue entirely. 

 

That's a good point, but still have two issues that bug me...

 

Thank you for your answers guys.

[Mina G]

2 hours ago, jsdifuhy76 said:

reverse proxy

the reverse proxy is just a relay point if there is a exploit in one of you application that enough to hijack your whole network and the worst part you wouldn't know 

 

if you have secure network with vlans and internal security polices then maybe but raw like that maybe it's not good idea 

 

i would suggest building your own VPN and connect to it directly

maybe expose the high bandwidth ones like nextcloud  and if there a certain service you need it to be exposed it's better to be on isolated network or at least vlan