So I'm setting up Proxmox on bare metal for the first time (been playing around with it in a VM) and I have a few questions about the best way to set it up.
One PVE Node:
1. How should I setup the hard drives? My plan is to mirror the SSDs in a zpool for the root fs and VMs/LXCs and mirror the 8TBs in a zpool for my family's data. I was wondering if I should setup a SLOG or L2ARC either on one of the SSDs or I can probably afford a small 120GB SSD. Besides that I'm kind of stuck with the hardware I have.
2. I want to encrypt the data on the server. Not sure if I should use LUKS or ZFS native encryption. ZFS native looks like it would be easier to manage but it's pretty new and I haven't been able to find an independent audit of it yet. LUKS is very stable and has been audited. One option is to use LUKS on the SSDs and native on the HDDs that way I wouldn't have to encrypt my TV shows and movies
3. My last question is how to best setupt the networking. My goals are:
but I want to get as fast a connection as possible.
Thanks for your help!
One PVE Node:
- Used Intel Server with two E5620 Xeon CPUs, PCIe 2.0, and SATA2
- 16GB ECC Memory (planning on upgrading to 32GB near end of year)
- Besides the two built in Intel Network ports I added a Quad Port Intel PCIe card (for pfsense VM backup)
- There is an old RAID card in the system but plenty of SAS/SATA ports so I can bypass it.
- Two 8TB HDDs
- Two 250GB SSDs
- pfSense VM (will be turned off most of the time, backup for my main router)
- Torrent VM
- Emby/Samba LXC
- NextCloud LXC
- Collabra LXC
- Searx search engine LXC
- LXC with Apt-Cacher-NG and Syncthing
- Zabbix LXC
- Graylog LXC
- Unifi Controller LXC
1. How should I setup the hard drives? My plan is to mirror the SSDs in a zpool for the root fs and VMs/LXCs and mirror the 8TBs in a zpool for my family's data. I was wondering if I should setup a SLOG or L2ARC either on one of the SSDs or I can probably afford a small 120GB SSD. Besides that I'm kind of stuck with the hardware I have.
2. I want to encrypt the data on the server. Not sure if I should use LUKS or ZFS native encryption. ZFS native looks like it would be easier to manage but it's pretty new and I haven't been able to find an independent audit of it yet. LUKS is very stable and has been audited. One option is to use LUKS on the SSDs and native on the HDDs that way I wouldn't have to encrypt my TV shows and movies
3. My last question is how to best setupt the networking. My goals are:
- Fast as possible between VMs/LXCs
- Fastest connection to my PC (one device in the house not on wireless). I have two 4TB drives connected to my PC using ZFS and I plan on using WOL to wake it up and use syncoid to send ZFS snaphots to it every night.
- Secure connections between VMs/LXCs, especially between the user facing VMs/LXCs and the ones used for management (i.e. Zabbix). Also would like to isolate the torrent VM from the others.
- Prefer no traffic or as little as possible that travels between VMs/LXCs leave the PVE node. (i.e. different vlans that have to go through main router)
- Nice to have: HAProxy to wildcard SSL certificate and so I can bring up and take down VMs/LXCs without dropping connection to clients.
- Simplest solution just put all the VMs/LXCs into one VLAN and use PVE firewall to secure them.
- Next step up add a 2nd bridge to connect each VM/LXC with Jumbo Frames. I can also add a 2nd Network card to my PC add to the same VLAN with Jumbo Frames. It doesn't make sense to put Jumbo Frames on the whole network since most devices are on wireless.
- Separate the user facing and management servers into separate VLANs and use a pfSense VM for traffic going between them and out to the physical network. I can run HAProxy on pfsense VM or my main pfSense router.
but I want to get as fast a connection as possible.Thanks for your help!