After years of self-hosting on a VPS in a datacenter, I’ve decided to move my services at home. But instead of just porting services, I’m using this as an opportunity to migrate to a more flexible and robust set up.
I will deploy services on a single mini pc. Since I need to be able to experiment and learn without disrupting my services, I will need to be able to spin up Virtual Machines (VMs). Let’s explore how I deployed Proxmox Virtual Environment on a safe host for my specific needs as a homelabber, and how I automated as much of it as possible. In a follow-up post we will explore how to spin-up and configure VMs in a reproducible way on that setup.
After realizing that my good old Raspberry Pi 4 was too slow to let me backup or restore on an encrypted disk, I bought a Minisforum UM880 Plus. At €600 it was not extremely expensive, but I don’t intend to spend more on hardware in the foreseeable future and I want to make the most of what I have right now.
I love to experiment and would like to do it safely without putting my production set-up at risk. Those are self-hosted services mostly for my personal usage, so I can afford occasional downtime, but I don’t want to have to rebuild everything if my experiments go wrong. I also don’t want to experiment by spinning up VMs at a cloud provider, because I will not know what I’m doing while learning, and cloud providers can get expensive very quickly.
One of my main objectives as I write these lines is to get up to speed with Kubernetes. I want to stay on a single-node k3s deployment while I get comfortable with operating services on a Kubernetes cluster, but I know I will want to explore deployments with several nodes, and eventually create a full blown k8s cluster based on Talos Linux.
My server is in my living room. The most prominent threat in my model is a burglary. If my server gets stolen I will lose access to my infrastructure and my data. I also don’t want my data to leak in the wild if the burglars put their hands on the disk in my server.
I need to have disk encryption and solid backups to keep my data safe
The second biggest threat is hardware failure. All devices can fail, but I’m fairly certain this is particularly true of a €600 mini pc that was not necessarily designed to serve as a home server.
I need to have a setup that can be automatically installed and configured
I am also a team of only one, I am fallible, and I don’t have peers to review my exact set-up. To mitigate this risk I have a group of friends called the Infra Nerds Club, whom I regularly ask for advice.
... continue reading