15
votes
What programming/technical projects have you been working on?
This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?
I'm going to be installing Proxmox on my server PC (it has been transferring data back and forth for weeks while fixing a ZFS issue), and I figure who better to ask about architectural decisions than other techies on Tildes.
Everything (Wireguard, Nginx, Forgejo, Jellyfin, Samba, various game servers, etc) is currently run inside a single Linux instance that is running on baremetal. I enjoy the simplicity of this solution, but I should learn to do things in a more industry-standard way someday.
I know that the final configuration will look like one Proxmox instance running a number of programs across a number of Linux VMs (or containers?), with an additional Windows VM that will allow me to experiment with SR-IOV and Sunshine/Moonlight based game streaming (yes, I understand that the performance will not be stellar). However, I'm lost as to best practices when it comes to separation of concerns.
Do I want a singular VM, which all networking is passed through to, which runs Nginx and acts as a reverse proxy for other VMs (this will also allow me to insert "system under maintenance" messages when certain services are down)?
Do I want to pass the primary ZFS array through to a VM which handles dissemination of access to the array contents using NFS or similar? How does this consideration change if I only care about Linux VMs accessing said files? Should this VM be a different one to that which performs network proxying, so as to sandbox the network stack?
How much should I run on the Proxmox instance itself, vs inside the VMs? I'm completely stuck in the choice paralysis stage, and I desperately wish to avoid over-complicating the final solution.
You are in almost exactly the same situation I am in! I've also been growing my home lab experimenting with Proxmox and learning a lot. In fact, I plan to post an update to my "help with a home lab" thread I started a while back to update everyone on my progress. Having said all of that, I have been doing quite a bit of reading on the subject of LXC vs. VMs, and I think the general rule I'll be following is as follows.
In general, try to use LXC for "single container" applications. Such as Nextcloud, Wireguard, Nginx, etc.
Use VMs for complex docker compose stacks, such as routing container traffic through Gluetun.
Use a VM for applications that require transcoding.
I think this gives the best balance of tradeoffs, though it can obviously be done in differently. If you have any insights id love to hear your experiences too.
I wrote a comment for you earlier, but I forgot to post it apparently!
I've been self-hosting for a number of years, here's my personal recommendations for your questions:
Proxmox (the host) should have an IP (of course), but your VM should also have an IP on the same network (your local LAN). You can get fancy with VLANs to segregate things, but even having it on the same network is fine as long IMO.
Honestly I'm not as well versed in storage administration. I would personally separate the storage and compute VMs. They operate very differently, as least in my preferred configuration. One is stateful, one is (mostly) stateless. Having storage on a separate VM can aid in ensuring a strong security boundary.
This is pretty easy. Do not run anything but Proxmox on the Proxmox instance. Proxmox needs to be extremely stable (as the base of your compute stack). Installing anything non-standard increases the risk of side effects. Don't do it unless you have a very good reason to. Separate VMs for your Linux host (whether bare metal, LXC, or Docker), Windows host, storage, etc.
Some more general recommendations:
This also has the advantage of being easy to back up or manage with Git. Nowadays, I'm running K8s, but I wouldn't recommend that for someone unless they really know they want it.
As is tradition, as soon as I finish up work for the year, my brain goes "you should be writing code". It's been nearly a year since I released my Tiny Flowers mod for Minecraft, and it has one major issue that I knew about from the start that I want to change.
The issue is the block state explosion. The game has two ways of storing data about blocks, the simplest of which are block states. My little garden blocks had 4 slots that could have 20+ different values in each and the block could be rotated one of 4 ways, and the game had to enumerate and build block models for each of these combinations. Also, these combinations were constant and couldn't be expanded upon by other mods.
My plan with V2 of the mod was to use a block entity instead, which is an entirely different system for storing data about a block, and use a data pack to define all of the flower types. The latter point would mean that other mods could define their own tiny flower variants and it would just work. I've done most of the rewrite now, I just have the hardest part left: rendering.
That system of enumerating every possibility was extremely convenient to use, as it took advantage of an existing system in the game, but now I don't really know what to do. There are pages on the Fabric wiki and docs (Fabric being the mod loader I'm using), but I don't know enough yet to know what I need to know from them. It also seems like the way the game wants you to do custom rendering is changing at the same time, so I don't even know what the best practice is here.
Ideally, I'd have something similar to the block state system but on the fly, where I can go "I want this model, this model, and this model all together with these textures" and use existing game code. I don't know if that exists or how to find it if it does, but that's what these kinds of projects are all about: doing something you haven't done before to learn how to do it.
Not a particular project but I'm going to do a little bit of inter-business consulting. My company has sister companies that also do e-commerce and one of the businesses seems to be struggling with their backend so I'm looking over a Rails and React app (both things I have little experience with) to figure out where we can make some improvements.
For myself, I am thinking of working on a small program that lets me manage clients, jobs, and generate invoices for some of the freelance audio work that I do. I have following Gleam a lot and I think this is a great tool for building the application.
Ever since switching to Helix from Jetbrains IDEs as my editor/s of choice earlier this year, I've been obsessed with going CLI-first as much as possible for my personal projects. I'm now working on moving my finances to text with
beancount.The biggest challenge for me with this project was actually deciding whether to go with
beancountor withhledger. I do not feel qualified to write about the tradeoff, except that I prefer the syntax ofhledgerand I prefer some of the clear decisions thebeancountauthor made in this post. That post is a bit outdated, though, and I have not spent enough time comparing the two pieces of software to say if my opinion is "right" (I may switch!).I made the call that I did because
beancountis clearly much more opinionated thanhledger, which tends to work better for me from a meta-perspective. If a piece of software gives me too much freedom, I tend to spend time messing with it to get it to behave in a certain way. A piece of software designed to force me to do things a specific way tends to push me to get the actual project at hand done. I also suppose that I can transition between the two without too much difficulty.Also, I'm not sure what the best way to store this plain text file securely is. Naturally, it's got a decent amount of sensitive data on here that I try to lock behind some kind of authentication. I am not a security engineer; I just know how to code. I could encrypt it, decrypt it, and re-encrypt it every time I was to use or update it, but if anyone here has better suggestions, I would love to hear them.
It appears beancount supports encrypted files.
Briefly mentioned this in my comment in the weekly post on ~talk but I'd love some input on the following.
I've currently got a little HP office PC running Debian as my home media server. It's got 2x4TB HDDs in a software RAID 1 through mdadm. I've got Jellyfin and the *arr stack running through Docker, with qbittorrent going through a VPN, all setup with https://yams.media. It's got 3.6TB usable space and I've used up about 2.5TB, and that is filling fast. I'd love to upgrade to get like 15-20TB of space so that I could also start hosting an Immich instance. I wanted to ask here if anyone had any recommendations on what's the best path to upgrade. I was thinking of just setting up a separate RAID 5 or something with 3x12TB drives and start using that for my Jellyfin/*arr stack and then repurpose the 4TB RAID 1 for Immich. Another option I was thinking of was setting up UnRAID to have one big RAID volume and then just having separate subfolders for Immich, Jellyfin, and anything else in the future. I was originally leaning towards the former since that sounded simpler in my head for some reason but I'm tempted by the flexibility and ease of use of UnRAID. I'd be ditching the HP in either case as it was meant to be a temporary/starter server and it doesn't have enough SATA ports. What would you guys recommend?
I am also looking for VPN recommendations. I've currently got Private Internet Access since I got a deal for 3 years for $80US. However, it's been almost 3 years now so I'm looking for something new. I'm like 99% set on getting Mullvad but am curious if anyone recommends anything else.
As someone who as dabbled on and off on home servers, I can't really answer your questions, but I can give you my prespective on what I use.
I also have jellyfin, qb, immich and some others. My main problem was that hardware upgrades get really expensive, really fast and these days with the recent rising prices of ram/storage, the problem is even worse.
So, right now my jellyfin server is only a storage for the best content I want to save. A place for that series or movie that you loved and are just waiting a few years so that you forget and can watch again, or so that you have something cozy to watch when the internet goes down. For that purpose, I dont really need raid and can save on storage. Same thing happens with the music I host.
Now immich is a different case. The loss of that content might be something that you want to really avoid. For that case I would recommend dedicated drives with raid, plus some sort of backup outside the server. Raid only protects you from drive failure, but there are other dangers lurking like your server getting compromised, accidental deletion or even mother nature. Maybe the HP can serve as a target for backups. Some people even keep servers on friends/family's houses, just in case. Maybe you can even setup some sort of High availability setup for your critical dockers.
Reggarding VPNs, I dont really use them, but i can point you to this site, that talks about their ownsership: https://proprivacy.com/vpn/guides/who-owns-your-vpn
Maybe that can help you make a decision. Also I think I read that mullvad was ditching subscriptions and you had to renew every month. Maybe that changed, but if not, that might be to much trouble to maintain a regular subscription.
My reply to this got lost somehow but I really appreciate your input here! Good point on getting backups setup too, will definitely keep that in mind. Thanks!
Since you mentioned bittorrent, you don't want to use Mullvad as they no longer allow port forwarding (for good reasons, but still-- not conducive to torrenting).
I went with AirVPN and have been happy. They run 3 sales a year, so you can always grab a couple months' subscription and then top up during a sale.
Ah interesting, thanks for the heads up! I haven't heard of AirVPN actually, I'll check them out. Their prices are pretty tempting, even without the sale. I paid ~70 euros for 3 years of Private Internet Access so 100 euros doesn't sound too crazy to me. I was also considering ProtonVPN but their plans only go up to 2 years. Will weigh my options in a bit, I've still got a few months left on my PIA subscription. I think my PIA subscription also just renews at the price I got it so it's not the biggest deal to just have it renew.
I recently made a donation portal for a non profit. Should go live soon! The whole thing is stateless (well, all state is in query parameters or Stripe). It’s basically a Stripe front end. There’s only about 50 lines of client JavaScript.