Hey, y’all!
Here’s the deal:
I have a server I’ve been running for a couple years, running mostly home automation and NVR stuff (home assistant, node red, frigate, etc). This was my first server and it wasn’t set up in the best way possible. On top of that, it’s starting to suffer from hardware failure. So I’m replacing it with a retired gaming computer, and I want to do it “right” this time.
So far, I’ve got it running proxmox with a couple debian VMs (thought process was to have one “primary” one that runs most of everything, and a “network” one that runs network services like nginx, tailscale, etc - I don’t know if that separation is actually important or not). I, at some point, want to run pi-hole for sure. I also need a new router, so my thought was to set up opnsense for that. I also want to build a dedicated NAS somewhere down the line, but that’s another thread for another time.
I work from home and require stable internet, and I have family that will be very upset if internet is randomly going out from my tinkering with stuff, so I think it’s probably best to have totally separate, dedicated hardware for opnsense/pi-hole. I was looking at protectli, but it seems like I’d be looking at at least ~$300 for that option, and I’m not even sure I can run both opnsense and pi-hole on it? I’d also need to get an access point since I’d be replacing my current router that supplies wifi to the house, so I’m looking at like $400 for that transition, which is much more than I’d like to pay for this right now.
I could set everything up without the extra complexity of opnsense/pi-hole and add it down the line, but then I’d be looking at yet another complete re-work of the network and reconfiguring all my automations, cameras, etc., so it feels like it’d definitely be best to just do it up front and get it done. I have access to another old gaming PC I could theoretically set up as a dedicated network box to run opnsense and pi-hole on (after buying a NIC for it), but that seems wildly overkill (it’s running an i5 and 32gb RAM, if I remember right), large (full ATX case), and power-hungry for a glorified router. I guess, in this case, I could move my network vm off the “main” server and onto this one, to truly use it as a dedicated network box, running things like opnsense, pi-hole, wireguard/tailscale, nginx, authelia, etc. But then I start getting into the territory of it being too much of a “tinkering” box instead of a stable router that I allow to handle my network and don’t screw around with, lol.
So, I seek the advice of you much more experienced homelabbers. I’m terrified to do it “wrong” and wind up having to redo everything over and over, which I know is kind of antithetical to the entire idea of homelabbing in the first place. I need to avoid, as much as possible, unstable internet. In my shoes, what would y’all do? Bite the bullet and go for protectli? Use another old PC for the network box? Just set things up without opnsense/pi-hole for now and go protectli/something else later on and just deal with having to redo everything again?
Thank you so much in advance for any advice!
EDIT: I found a Zotac ZBox CL331 locally for $100 - would that be a good option, do y’all think?
(small aside: if anyone has any advice on moving my entire home assistant instance, node-red, and frigate setups (all separate docker containers) from the old server to the new one, that’d also be greatly appreciated!)
I steered away from replacing my router with a PC and got an ER-X and virtualized everything else including TrueNAS on an old office PC. Having PCI-E slots helps with stability a ton when virtualizing and my setup has 64gb DDR3 which was cheap.
Ubiquiti APs are typically the homeLab standard and work great especially with multiple APs. You can start with turning your existing router to AP mode and replace with APs later.
For stability, you can create a “test network” on the ER-X. This is an incredibly useful unofficial guide to setup ER-X with multiple lan networks, APs and more. Then create redundancy with docker containers on a Pi. (put DNS server on proxmox system and a second on the Pi so if one goes down, DNS works).
For your home assistant question, does the backups or copy/paste data folder not meet your needs?
These mini pcs are a godsend: 12th Gen Intel N100 Firewall Computer Soft Router 4x 2.5G i226 i225 LAN NVMe Industrial Fanless Mini PC https://a.aliexpress.com/_mPBQflM
Cheap and more than powerful for opnsense and pi-hole on top.
Home assistant just run the new install script on proxmox to setup a vm. Copy your data over, usb pass through your radio hw and good to go.
Docker on lxc also works and you can probably swarm your containers over.
TP-Link Omada EAP line is rock solid for cheap managed access points. You can even run the controller in an lxc full local.