For my own safety I will definitely not disclose every detail of my server, but a brought overview of how it works.
Hardware
As I have written before, the server has
- x6 320 GiB NAS zfs raid2 HDD which I reguard as rather save
- X1 256 GiB NVME ssd which is rather fast
- X2 1000GiB hdd, in a mirror(I just found them in some old laptops and my old server, so they are not to be reguarded as save, but I just hope that as they are so different, in use and age, that they won’t fail at the same time, but overall what ever is saved there is really save)
- 16 GiB ECC memory
- Intel XEON E3-1240 v6 that has 8 cores
Proxmox
The operating system is booting from the ssd and has about 70GiB of space on that, additionally 8GiB of swap are allocated on this ssd.
Backup
All the containers and vms are backed up once a week to the zraid2 with the highest compression, which I think assures me the highest reliability of all my storage devices and is still quite big.
Routing
The server now creates it’s own network bridge and network, all the vm’s are connected, so they are not accessible from my home network. I have haproxy installed on proxmox that now routes incoming requests to the webserver on the separate network. The tls certificate is also installed on the proxmox side, which means that I just use a wildcard to resolve all requests and then forward them without encryption to the separate services. It might not be easy to convince all services, especially the ones that come with batteries, to not use https, but as everything is so separated on my server, just having to manage one certificate, makes it a lot easier.
Services
Everything besides my nextcloud and printer server are lxct’s. But I will not present all the services as some are completely irrelevant and, as I have written them myself, could be some mayor security hassars.
Website
Everything that is hosted on nginx is in this alpine container. This includes this website, and some other ones, knowledgeable personnel would call “MOLWIKI”.
The whole lxct runs on the ssd, which makes the backups the more important as the ssd is the easiest to fail, as there is no redundancy of any kind.
I2P
Just quick, I have setup an I2P instance, and haproxy automatically routes specific requests through this proxy, which makes it easy to explore the i2p web, as I have setup a firefox profile to use a specific proxy and now, I’m in the darkweb, by just opening a specific browser profile.
Vikunja
I will write a bit more about it sometime in the future, but it’s there and doing a great job for syncing and managing my tasks
Nextcloud
This VM runs on a 10GiB of the ssd and has a storage server on the zfs pool. This means it spins up rather fast, but it does waste the scarce space on the fast ssd. This also means that the data itself is not backuped that often, as it would only be needed as snapshot, as it is already saved on the save disks.
Power usage
Overall, the server uses about 39W/h running which I think, is, for how many disks it’s running quite reasonable, but luckily the heat is generated is also used to a specific part of my apartment, so the rest doesn’t go to waste.