Conservative is a misnomer used for propaganda purposes.
After all conservative aren’t really in the game of conserving.

Everyone living (on the whole earth!) has ancestors from there, right!
https://en.m.wikipedia.org/wiki/Recent_African_origin_of_modern_humans

Yes, it’s small, runs at a few watts and is silent.
The Celeron J4105 and Pentium J5005 CPUs in the Wyse 5070 are very close to each other both regarding energy and computing power.
Have a look here: https://www.cpu-monkey.com/de/compare_cpu-intel_celeron_j4105-vs-intel_pentium_silver_j5005
I would take either.
You’ll have a hard time finding another silent box with such a small footprint that’s able to take 2 gumstick drives - even if one of them needs some tinkering - and 32 GB RAM.

You could try to get a used Dell Wyse 5070.
If you pick the right dual ranked RAM modules (e.g. Patriot PSD416G26662S), you can have a max. of 2x16 GB.
There’s a slot for SATA SSDs onboard and with the right adapter (PCIe A/E key -> M key) you can plug an NVME SSD in the WiFi PCIe slot, which gives plenty room for storage and even allow for a disk mirror setup.
All that is very well within your budget and quite a beast that once was meant to be just a thin client.

I believe you’re right, but that doesn’t solve the problem of making routine full backups, which would come in handy if the device gets lost or breaks.
One can hope future versions of Seedvault care less about what apps want.

I’m being bugged by Seedvault caring for apps that have a ‘don’t backup app data’ flag.
I could live with that being a default setting, which can be manually overwritten in the Seedvault settings for these apps.
Apps not allowing (in case of Seedvault: encrypted) full backups while offering no or bad built-in backups is just cumbersome when trying to have current backups.

Well, some people read something different into my comment. I better delete it, before I create any more confusion…

deleted by creator

Au contraire!
https://en.m.wikipedia.org/wiki/Paradox_of_tolerance

Apparently sometimes leaning on amendments of the constitution is required to protect said constitution and hence the people protected by it.

If one takes beta-carotene instead of vitamin a, an existing deficiency can be resolved without introducing any risk of reaching toxic levels.

It’s less the motion of the atmosphere that causes the distortion, but rather differences in its temperature and hence the density of the air, which causes differences in the refraction index of the air along the way of the light.
The variable refraction index makes it look like the atmosphere is moving though.
But that’s the effect of the light not going in a straight line and not the cause of it.

Don’t forget to mention what xylitol does to dogs.
Small amounts of arund 2 g per 10 kg body weight are very likely lethal within a short time if not treated instantly.
Xylitol can be in sugar free candy or chewing gum potentially making one piece of them a lethal dose for small dogs.

Unless you find/invent a new procedure that’s way more efficient instead of doing more cycles of known procedures.

If you want to save energy, consider launching him outside our solar system instead.
I’d be fine with both though and even grant him the trip to Mars of which he apparently dreamt some time ago.

A broken clock may be forever wrong, whereas a stopped clock may be right twice per day.

Then I would stick with ZFS if you’re already familiar with it.

I’m not at all familiar with ZFS. It’d be part of the learning curve as is Proxmox as a whole. But I consider knowledge about both as useful.

LXD is a management system for LXC containers. If you’re just starting out, stick, with LXD. It’s much more user friendly.

I will stick with LXD for containers then if I don’t use a VM.

Not really. I run a VPS which acts as a reverse proxy for my docker setup, which has non-local storage via NAS. I don’t particularly see a point in fragmenting docker like that, but if that’s how you want to roll, then go for it.

This due to my lack of experience with Docker and backing up all properly to do a complete restore. It looks like I have learning curves in more than just one area ahead of me.

I very strong advise against this. But it’s perfectly possible. You’re just at the whim of the airwaves. I live near a main highway and sometimes when large trucks go by, I lose WiFi for a quick second. Really fucks with certain things.

Yeah, nothing beats a setup, where each network interface is the maximum size of a collision domain.

Yes. Nothing wrong with software firewalls.

Gotta get ahead of that old school me that thinks running a software on a different hardware plays a crucial role in the threat model.

Also yes. Particularly (like I have setup) I have a software firewall that tunnels my local vLAN to my VPS, and then everything else is further bisected using a hardware firewall–so all outside incoming requests are proxified by my VPS meaning any direct connections are dropped by the software firewall, then I manage ports from within the hardware switch.

That’s a setup I may borrow from you :)

Hopping in here to mention Proxmox Helper Scripts . They have many scripts that help you set up LXCs with software you may be using, including the full aar stack.

I got made aware of these scripts by @Krik@lemmy.dbzer0.com already, but thank you for pointing me to this very helpful resource!

I tend to test things in a dedicated new VM, to get a feel for it, make sure I need to add it to my permanent services. If it does, I try to find a way to run it via LXC, and if that is too complicated/won’t work, I have a dedicated docker VM I throw it on. Everyone will answer the “LXC/VM/Docker” question differently, and they will all be correct. What is easiest for you is the right way.

I suppose I will go that road for new things I’m about to try out if it’s as easy as spinning up another VM or LXC.
Replicating services provided by the RaspberryPis and the mini PC I think I will try the LXC way and see how far I get.
This is leaning heavily on the experience of @Krik@lemmy.dbzer0.com regarding performance advantages of LXC over VM.

I run a VM with opnsense as my network firewall. Moved it from a hardware install. I don’t see any issues, and there are loads of times it’s saved my ass having it backed up as a VM.

Not having to deal with a dedicated piece of hardware/configuration is for sure in favour of a virtual firewall.
Then again the configuration of the firewall is pretty static, unless I plan on adding services in the firewall zone that need to reach the rest of the local network. I need to mull over this some more.

Slam as much ram as you can afford/fit inside the computer too. Every time I think I have enough, I always find I have need/use for more.

64 GB has pretty much reached the limit, if I don’t want to throw the 4 DIMMs away and purchase a new set. Let me find out how far that carries me.

Thanks a million for the extensive feedback, especially because it’s enriched by your own experience!

Usually VMs are usually I/O starved therefore I would try to go as lightweight as possible and chose Ext4 or XFS (depending on what the VM is used for). The VMs can be backed up whole by Proxmox. You have more than enough space to do that and it’s considerably easier to set up. And honestly how big could the containers and VMs be? I guess the containers are 50-200 MB and a VM a few GBs. That’s almost nothing.

I suppose your expectations about VM size are appropriate. The RaspberryPis have 8 GB SD cards and there’s quite some space left on them. I don’t know why the space requirement should be very different on a VM. Going from Raspbian/Armbian to Debian shouldn’t play that much of a role size wise.
Wouldn’t pick ETX4 oder ZFS make replicating data to the Proxmox backup server way less efficient?

LXC containers are way more lightweight than VMs. I depends on what you want to do. Docker and a file server work better in a VM so far but Pi-hole and Jellyfin run perfectly in a container.

I would go for LXC first. If that isn’t possible or too cumbersome I would try docker (in a VM) next and one-VM-per-service last as they need the most resources.

I will try LXC before VM then!

I would always try to connect it to LAN.

That will make the physical placement harder, but I was afraid that’s the way to go: connect it to LAN…

No idea. I wouldn’t mind a firewall container. If something breaks through you are fucked one way or the other. The firewall in your router isn’t much different than any other.
You should always go for Wireguard or another VPN to access your network from the outside.

Some ports need to be forwarded in order for e.g. Nextcloud to work. Right now they are forwarded to my firewall and all that’s reachable from outside is behind that firewall. The main purpose of the firewall is to protect the rest of the network from a compromised device within the firewall zone. So if something breaks through a bug in Nextcloud now, it will hopefully have a hard time breaking through the firewall.
Having a bug in Nextcloud running in an LXC or VM may allow additional attack vectors, if there’s no hardware firewall (and only the built-in firewall functions or a firewall container) between them and the rest of the network.
Connection from outside to my home network is via Wireguard tunnel.

Helper scripts for beginners: https://community-scripts.github.io/ProxmoxVE/
Just give them a look.

I was reading up on Proxmox setup both by consulting official documentation and forum entries, but I haven’t stumbled upon that link so far.
It looks awesome!
And I’m damn sure it will save me plenty of time :)
I found tteck’s helper-scripts (https://tteck.github.io/Proxmox/), but the collection linked by you looks more tidy.

And it seems you are ignoring Proxmox’ LXC. They are one of main reasons to pick that software.

I fear that’s because I hadn’t understood the benefits of LXC over VM, which you made clear very plainly:

As an additional note: I ran about 6 or 7 VMs on a mini PC (Intel N100) with 16 GB RAM. RAM was almost used up and the cpu was at ~15 %.
I then switched mostly to LXC and only one VM. The cpu was now at ~1% and RAM usage went down to 3 GB while still providing the same services as before.
The power of containers, baby! :D

It’s about time to get Proxmox set up and dirty my hands!

Thank you for advising me of your concerns!

• get multiple smaller harddrives and put them into some kind of RAID / zpool with redundancy. the drives will fail.

That’d require moving all to a different hardware platform. I hope to get the risks associated with failing drives mitigated by the Proxmox backup server

• there is absolutely zero reason to have a VM per service when a container will do. There are no advantages. But VMs will take significantly more resources and be harder to right-size. There is no restore/backup advantage using VMs.

That’s good advice! It seems I need to get comfortable with automatic backups of Docker containers and data volumes

• for that reason there is also no reason to use proxmox in the first place, unless you want to learn proxmox. Truenas scale for example comes with pre-installed k3s.

Getting familiar with Proxmox is indeed one of the reasons I switched to that route. My initial plan was to replace the mini PC with the X300 and move all to docker. Then one consideration lead to another. Maybe I need to re-evaluate whether going the Proxmox route is worth the trouble.

• I would get a separate hardware firewall because it makes easier to expand the network later.

I agree that’s another reason for having a hardware firewall besides the security aspects of having one.