No worries, answer anytime :)

Since LXC works on top of the Linux kernel, anything that works with it can be easily used as an image. For example, you can just throw any distribution .iso into it, and it will handle it as a container image. Proxmox does all the interim magic.

Say, you want to make a container with programs running on Debian. You take the regular Debian .iso, the one you use to install Debian on bare metal or VM, feed it to Proxmox and tell it to make an LXC container out of it. You specify various parameters (for example, RAM quotas) and boom, you got a Debian LXC container.

Then you operate this container as a regular Debian installation: you can SSH/VNC into it and go from there. After you’ve done setting everything up, you can just use it, or export it and use somewhere else as well.

Proxmox can work with VMs and LXC containers.

When you need to always have resources reserved specifically for a given task, VMs are very handy. VM will always have access to the resources it needs, and can be used with any OS and any piece of software without any preparations and special images. Proxmox manages VMs in an efficient way, ensuring near-native performance.

When you want to run service in parallel with other with minimal resource usage on idle, you go with containers.

LXC containers are very efficient, more so than Docker, but limited to Linux images and software, as they share the kernel with the host. Proxmox allows you to manage LXC containers in a very straightforward way, as if they were standalone installations, while at the same time maintaining the rest behind the scenes.

What exactly is proxmox?

In layman terms, it’s a Debian-based distro that makes managing your virtual machines and lxc containers easier. Thanks to an advanced virtual interface, you can set up most things graphically, monitor and control your VMs and containers at a glance, and just generally take the pain away from managing it all.

It’s just so much better when you see everything important straight away.

As always, there’s a relevant XKCD:

https://xkcd.com/927/

Well, since intelligence is artificial, why not demand?

Afaik, you can set it up not to have any image, or have any other one.

We’re unlikely to see the grand price fall in the coming year. Can get a bit cheaper, though.

The expenses are mostly upfront though. I’ve spent like $400 on a relatively fancy NAS and two 3TB WD Red CMR drives five years ago, and since then, there was that.

Of course, depending on your use case, there could be extra expenses as well, some of them recurring:

• Bigger drives
• Backup storage (I already had a place I could back up to)
• Domain name and DNS records (if you expose it to the public Web with a URL; you can otherwise just use a VPN tunnel to access NAS from outside the home network, which is free unless you do anything fancy)
• Some kind of paid software (if you don’t enjoy the perfectly good collection of open-source apps)
• Etc.

Now, for the streaming alternative:

• Netflix Standard: $18/mo
• Spotify: $12/mo
• Total: $30/mo, or $360/yr. Just these two services alone.

Your NAS system will pay off in a little over a year (maybe two years if you go all in with huge drives, fancy NAS configs, extra expenses here and there), and it’s smooth sailing from there.

My unit works for 5 years already with no maintenance, is still fully supported by the manufacturer, and I don’t expect to replace it in a few more years.

Self-hosting allows you to have all your files on all your devices, like many have used to with the streaming services. Also, some smart TVs specifically require to connect to some server to grab movies from.

If you don’t need any of that, regular hard drive will suit you best.

I would argue either RAID 5 or ZFS RAIDz1 are inherently unsafe, since recovery would take a lot of read-write operations, and you better pray every one of 4 remaining drives will hold up well even after one clearly failed.

I’ve witnessed many people losing their data this way, even among prominent tech folks (looking at you, LTT).

RAID6/ZFS RAIDz2 is the way. Yes, you’re gonna lose quite a bit more space (leaving 24TB vs 32TB), but added reliability and peace of mind are priceless.

(And, in any case, make backups for anything critical! RAID is not a backup!)

Yay!

Yay!

Can’t it automatically be renewed?

F I N A L L Y

Now tell me it supports IPv6 and I’ll be the happiest man alive

I would be fairly comfortable running a direct WireGuard connection even without Tailscale, but my location and use case simply won’t allow me to.

Your setup is valid, nothing wrong with it, and yes, it is more secure. Just can’t be used in my case.

I mean any connection through these protocols is just not working over the Internet. DPI equipment detects respective packets and cuts the connection, irrespective of the port you assign.

Yep

It’s not illegal to use VPN in my area, but connections are blocked on a protocol level, both through OpenVPN and Wireguard.

I already managed to make caddy work, so, hooray!

I also found a setting on my router that fully isolates certain devices from the local network. I want to put the server in there, so that the rest of my LAN is not under threat. I also want to figure out VLANs.

That’s a good piece of advice, but due to several considerations (extreme censorship interrupting VPN connections, family using NAS for automatic backups, and some others) I cannot go that route.

For now I’m only toying around, experimenting a little - and then closing ports and turning my Pi off. I do have my NAS constantly exposed, but it is solidly hardened (firewall, no SSH, IP bans for unauthorized actions, etc. etc.), fully updated, hosts no sensitive data, and all that is important is backed up on an offline drive.