I know that in general its not suggested to install anything on a Proxmox host, and split it out to an LXC or Docker.
My setup is as following; I run one Proxmox that is hosting two ZFS pools (added via Proxmox webui). In general I went with docker in an LXC mostly because I can pass the ZFS directory directly into it for better speed, and easier to share GPU. At least it works great, so I am running one privileged LXC with docker and some LXC for containers that require own ip (so I dont have to run vlan on docker and add a second layer).
Now the thing is that I would like to install Cockpit or other light admin tools to add users, make same shares, and that should run in tandem with authentik and freeIPA so that I can map users much better.
So its some scenarioes.
1. Install it directly on the host, thake that chance and get the benefit of having some more config tools for the host. I am not planning to install a lot of services, or run any non essensial services (I wont run web hosting for example or and third part apps like plex), those belong in its own container.
2. Install cockpit in a fully privileged LXC with all security turned off. I managed to make it run like this, but when you create the user in that LXC the host doesnt know anything about that new user, so unsure how the best way to sync this.
3. Install in a VM. Fully detached, but you cant (from what I know) directly pass ZFS into the VM, and have to use samba/nfs. Im not fully updated on this, but im not sure if hardlinks etc would work between vm and lxc if you connect them via samba etc.
Any thoughts? Should I take the easy route or do someone have some good idea for making number 2 be a much more appealing selection?
My setup is as following; I run one Proxmox that is hosting two ZFS pools (added via Proxmox webui). In general I went with docker in an LXC mostly because I can pass the ZFS directory directly into it for better speed, and easier to share GPU. At least it works great, so I am running one privileged LXC with docker and some LXC for containers that require own ip (so I dont have to run vlan on docker and add a second layer).
Now the thing is that I would like to install Cockpit or other light admin tools to add users, make same shares, and that should run in tandem with authentik and freeIPA so that I can map users much better.
So its some scenarioes.
1. Install it directly on the host, thake that chance and get the benefit of having some more config tools for the host. I am not planning to install a lot of services, or run any non essensial services (I wont run web hosting for example or and third part apps like plex), those belong in its own container.
2. Install cockpit in a fully privileged LXC with all security turned off. I managed to make it run like this, but when you create the user in that LXC the host doesnt know anything about that new user, so unsure how the best way to sync this.
3. Install in a VM. Fully detached, but you cant (from what I know) directly pass ZFS into the VM, and have to use samba/nfs. Im not fully updated on this, but im not sure if hardlinks etc would work between vm and lxc if you connect them via samba etc.
Any thoughts? Should I take the easy route or do someone have some good idea for making number 2 be a much more appealing selection?