Hello everyone! During one of those illuminated evenings, I got the idea to move my small server in Scaleway to some more powerful server in Hetzner. If I will make the move, I am thinking of splitting the server in various VMs, to host different services that belongs to different trust boundaries, for example:

  • A Lemmy/writefreely instance
  • Vaultwarden/Gitea
  • Wireguard tunnel to my home infrastructure
  • Blogs, and other convenience services

In order to achieve the best level of separation, I was thinking of using VMs. My default choice would be Proxmox, because I used it in the past, and because I generally trust it, however I am trying to evaluate multiple options, and maybe someone has good or better experiences to share.

Other options I thought about are:

  • Run everything in Docker. I am going to do this nevertheless, but Docker escapes are always possible, especially with public facing images that I did not write myself and/or that require a host volume.
  • KVM directly? I am OK even without a GUI to be honest. I am not aware if there is some ansible module or even better Terraform provider for this, it would be great. (EDIT: I found https://registry.terraform.io/providers/dmacvicar/libvirt/0.7.1 which seems awesome!)
  • ESxi? I have no experience with this solution.

Any idea or recommendation?

  • MigratingtoLemmy@lemmy.worldEnglish
    1·
    1 year ago

    Personally, after looking at what the industry wants; I would start my homelab trying to automate it with Ansible/Terraform. libvirt should be decent, and if you want to go over to BSD, I think ansible supports bhyve? If not, libvirt definitely runs on BSD so you could just automate that

    • sudneo@lemmy.worldOPEnglish
      1·
      1 year ago

      I work in security, so there is no really devops/sysadmin prospect for me. That said, I use ansible and (mostly) terraform professionally and for my lab, so that’s a good idea nevertheless. I don’t have much BSD experience, what do you think are the key reasons to go that route instead of Linux?

      • MigratingtoLemmy@lemmy.worldEnglish
        1·
        1 year ago

        For me, it’s a personal decision. I find BSD more cohesive. That is subjective and has been debated for a decade now. I also find bhyve a bit easier to use, albiet the features are newer and more in number in KVM (for example: bhyve until very recently didn’t have VirtIO drivers, so Windows machines would be useless on it).

        I’m interested in working in Security myself. Would you be able to tell me a little more about your work? Also, what role/path in security would you recommend for a Cloud admin/System Admin?