@secopsx - eviltoast
  • 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: November 10th, 2023

help-circle

  • I just use the UDM-SE App (Teleport). I can connect on demand and get to all of my services, get adblocking while I’m out and about. Teleport on ubiquiti is just wireguard renamed.

    I don’t need to expose any services from my home network, because I’m the only one using them. If It wasn’t just me, I’d just have them download the wifiman app, send them a teleport link and boom…they’re in on the local network. Exposing “services” for a convenience factor is just too much of a security risk for myself.

    I host all of my websites on github (free) and leverage vercel for CI/CD pipelines (again, free). Domains are the only thing public and that I pay for. (local dns reasons for lets encrypt certs) and for my public websites not associated with my home infrastructure.


  • I can give you an idea of what I do:

    I use a clustered 2 node setup on proxmox (modified corosync as I don’t care about true HA - that way I can reboot node 1, and node 2 stays up and works fine), centralized management, etc…and I don’t have a quorum device, I’ll eventually add a 3rd node and fix it proper.

    I backup the bind volume /data + /appdirs, plus all infra is in compose files/stacks, so I don’t care if I lose all the data. It just costs time to resetup, working on ansible eventually to lessen that.

    So I just split the resources between the two nodes:

    1.) Proxmox Node 1

    • LXC PiHole
    • Big Ubuntu 22.04 LTS VM running docker + docker compose, main portainer + a lot of other various containers under this.

    2.) Proxmox 2

    • LXC PiHole 2 for HA.
    • Big Ubuntu 22.04 LTS VM running docker + docker compose, portainer agent + Plex Media ARR Apps. My “download client” runs behind gluetun and only functions if the VPN connection is active, otherwise the connection is killed. (think wireguard vpn container)

    I literally got all of this setup in ~4 days and previously didn’t know anything about proxmox, or much about docker at all. Granted I am on vacation at the moment, so there is that…unlimited time.

    I can share my giant plex-arr docker compose file I’ve came up with for this, made it myself and it all works assuming you rename a few of the variables.