Tips for proxmox server

[dragons89]

Hello,

I have a network made up of several PCs (Windows) and I would like
insert a server to add the following features to the network:

1. Installation of an instance of Vaultwarden to centralize password management
2. a centralized storage where i can save and organize files/documents (perhaps also having control over what actions a specific user can do on a specific folder). I had in mind something like Samba so I could view shared folders directly on windows PCs
3. periodic backup of both vaultwarden and storage

among the various searches I discovered proxmox, I think it is an excellent solution for what I need to do (and it would also allow me to extend it with other functions)

1. For vaultwarden I saw a lot of documentation around to integrate it with proxmox, in particular here I saw a script that helps the creation of the container https://tteck.github.io/Proxmox/.
2. I have some doubts about storage, I saw this repository https://github.com/bashclub/zamba-lxc-toolbox/tree/main (is it still maintained?) which seems like a solution. I've also seen TrueNas or similar but they are not recommended on VMs. Can you recommend some good solutions?
3. For the backup part I saw that proxmox allows automatic backup of VMs, so I was thinking of a second HDD where only the backups could be saved.

Could you give me some advice on the hardware to mount for the proxmox server?

Could you give me some advice to help me complete this project? (Consider that I am new to the Proxmox world)

If you can also attach some excellent guides that would be perfect.

Thank you in advance.

 

[Dunuin]

Could you give me some advice to help me complete this project? (Consider that I am new to the Proxmox world)

I would highly recommend to learn the Linux administration basics first in case you only worked with Windows before and no experience with Linux or CLI.

Otherwise some appliances like TrueNAS or Unraid might be a better choice if you don't like to spend a lot of time learning new stuff.

 

[dragons89]

I would highly recommend to learn the Linux administration basics first in case you only worked with Windows before and no experience with Linux or CLI.

Otherwise some appliances like TrueNAS or Unraid might be a better choice if you don't like to spend a lot of time learning new stuff.

I have a bit of experience with Linux.

If I'm here it's precisely because I want to learn new things and discover the features of Proxmox

 

[Dunuin]

I have a bit of experience with Linux.

If I'm here it's precisely because I want to learn new things and discover the features of Proxmox

Ok, good.

Using stuff like ttecks scripts sounded more like you want to go the easy route without actually learning how stuff works, how to secure, troubleshoot and maintain it.
Because then I would set such things up from scratch and learn about each command what it does and why it does that, before running it.
Learning by doing only works if you actually do the stuff yourself.

Because for a turnkey-solution, where other people do the work and you only quickly install stuff without needing to learn how all works in detail, those other options with their ready-to-use plugins and everything configurable via GUI would be a better choice.

 

[dragons89]

Ok, good.

Using stuff like ttecks scripts sounded more like you want to go the easy route without actually learning how stuff works, how to secure, troubleshoot and maintain it.
Because then I would set such things up from scratch and learn about each command what it does and why it does that, before running it.
Learning by doing only works if you actually do the stuff yourself.

no absolutely, I want to learn and I need to maintain the server I need to install.

I listed the scripts here because they are the first thing I found while searching online for solutions to my problems, because I have no experience with proxmox yet (I'm installing it right now on an old PC to do some testing).

This is why I wrote here on the forum, I want advice on how to approach and solve the problems I have described.

 

[Dunuin]

For point 1 I would use a VM (not a LXC because passwords are important and you want it secure) and use the linux distribution you are most familiar with that is supported by vaultwarden according to its manual. Then follow the vaultwarden manual on how to set everything up. I personally would avoid using docker in case there is a way to set things up from scratch because otherwise you won't learn how it works, why it does what it does and you would have to rely on the maintainers to keep stuff working and secure.

For point 2:
I didn't tried it yet but I had a look at its manual some time ago. Looked good, but you will have to learn how to set up your users, ACLs, shares, folders, ... via CLI. There is no UI for that. So harder to use than some VM with a NAS OS like TrueNAS/Unraid/OMV.
In case you plan to use PBS and store lots of stuff on those network shares I would prefer a VM as incremental backups of LXCs can't make use of dirty-bitmapping so the backups will be way slower.

For point 3:
PBS is the way superior backup solution to backup your guests compared to VZDump. But PBS also got way higher requirements. For PBS you for example best get another server with SSDs for your backup storage.
But yes, adding a HDD, create a directory storage on it and use that with VZDump Backups would work too.
It just wastes way more space (no deduplication or differential backups possible), will be slower (only PBS supports incremental baxkups), won't check backup integrity, won't be ransomware protected, won't have features like encryption, live restore, sync to second offsite PBS and so on.

 

[louie1961]

Very doable.

• Installation of an instance of Vaultwarden to centralize password management

Agree with the above. Install your favorite flavor of Linux in a VM. Networking will be a LOT simpler/easier than trying to do it with docker.

• a centralized storage where i can save and organize files/documents (perhaps also having control over what actions a specific user can do on a specific folder). I had in mind something like Samba so I could view shared folders directly on windows PCs

I have used TrueNAS scale, Openmediavault, Turnkey Linux "File Server" (an LXC container), Rockstor, and a couple of others. TO ME, Openmediavault is the simplest to implement and to work with if all you need is file sharing (SMB, NFS, etc.) and you are not trying to run docker images, etc. inside of OMV. It virtualizes very easily and I have an instance of OMV virtualized in a raid 1 arrangement. You just need to pass through a couple of disks to whatever software you want to use.

You could also use an OMV share (or any NAS share) as a backup destination for your windows machines.

As a side note (and this may be too much if you are new to Linux), I have created a "poor man's" implementation of Synology Hybrid Raid using OMV. I created the raid array using mdadm, then formatted the drive with BTRFS and implemented BTRFS snapshots.

• periodic backup of both vaultwarden and storage

Whatever NAS software you use, if it has dedicated (passed through) hard drives, then you can easily use the NAS share as a backup location for all of your VMs. I would probably just backup the entire Vaultwarden VM and data drive and not worry about doing backups from within Vaultwarden.

Just remember with backups you want to keep multiple copies (3,2,1 backup strategy). I use Rsync within OMV to keep a second copy on another device onsite and I use Rclone to keep a third copy on AWS Glacier. Rsync and Rclone are fairly standard Linux utilities that you can download for free. OMV has a GUI for scheduling these jobs, or you can use a cron job