| 25 May 2023 |
 james | but at some point in the future hopefully i can replace most of that with 3 VMs with my k3s nodes :P | 13:21:52 |
| james | but my kubernetes knowledge is not good enough to migrate | 13:22:12 |
| james | there is also probably much more to say about this topic. this was just a small overview and stuff to think about | 13:23:30 |
 chancem | In reply to @james:jameskitt616.one
i guess you are referring to proxmox.
well there are a couple different ways on how to do id as you said urself. i guess it's sort of personal preference, security, how many resources u got etc.
- for each docker a dedicated vm -> good security -> high resource waste (ram) and ofc also more storage used due system images usually needing more space than the the average lxc image (also depending on your settings you do not have thin provisioning)
- for each docker a dedicated lxc -> lxc's are controversial security wise, also require to run priviliedged and you need to edit some cgroup2 stuff in the lxc config -> extremely light on resources (basically 0 overhead). so you got your docker containers nice and seperate, also can control backup jobs nice and easy, can restore or rollback one single app at a time. this ofc also applies to the vm.
- all containers in a vm -> no need to 'clone your template vm' everytime you wanna host a new service (no brainer tho). you only got one ip address for all docker services, you gotta play with ports a lot here. if one docker might have a exploit and breaks out, all others are compromised. poterial system fuckup or reboot brings down all your docker containers. hard planning on resources like storage, the storage of you vm might not be enough in the future. but since it's in a vm, good seperation from the host os (proxmox) i personally run a mixture of dedicated lxc and dedicated vm for each docker One VM does not limit you to a single IP. Are you saying storage is hard for the base VM or the docker containers? For me these are separate things. | 13:44:30 |
| james | In reply to@chancem:mooreltd.net
One VM does not limit you to a single IP. Are you saying storage is hard for the base VM or the docker containers? For me these are separate things. One VM does not limit you to a single IP
well true, you can assign as many IPs to a vm as you want. i meant to say, you can only use e.g. port 80 once on that machine, so you gotta rebind all your services web ui's, different databased or whatever to different ports | 13:47:00 |
| james | Are you saying storage is hard for the base VM or the docker containers?
for the base VM, e.g. you create a VM with 10 gb storage, but it's not enough. you got extra work expanding it.
at a lxc you just click "add x gb" and done. | 13:48:09 |
| james | if it's an issue for you or not is i a different story | 13:48:21 |
| james | In reply to@chancem:mooreltd.net
One VM does not limit you to a single IP. Are you saying storage is hard for the base VM or the docker containers? For me these are separate things. ofc storage and ip assignment are different things. never said sth else | 13:48:52 |
| chancem | In reply to @james:jameskitt616.one
ofc storage and ip assignment are different things. never said sth else Right I meant storage for the Containers is separate from the host VM. Not storage vs IP. | 13:50:45 |
| james | ah | 13:50:52 |
| james | the storage point also depends on your setup, if u got some centralized place e.g. network storage, it doesnt matter as much | 13:52:26 |
| chancem | In reply to @james:jameskitt616.one
One VM does not limit you to a single IP
well true, you can assign as many IPs to a vm as you want. i meant to say, you can only use e.g. port 80 once on that machine, so you gotta rebind all your services web ui's, different databased or whatever to different ports True, I prefer to not expose the containers directly but through a reverse proxy. Sorry not trying to be contrariwise just trying to help further discussion in the hope of helping out the original poster. | 13:55:17 |
 Oscar | In reply to @rails11326206827:matrix.org
For docker people, do you have a linux VM that runs and stores all docker containers? Or do you have multiple VMs (or maybe LXCs) and each one of those has a docker container inside? I'm just running on bare metal, but using different network namespaces for different containers (some go to the generic services VLAN, some in IoT vlan...) | 13:59:07 |
 Tremor | Thanks for the insight guys! Maybe I'll look into separating my "exposed" apps like gitea and jellyfin,emby to a their own LXC or VM as if they got hacked I don't want them to spread. | 14:35:40 |
| Tremor | I was also thinking of using a SSD drive just as a storage drive for the docker containers data. In theory, I could make snapshots and backup that SSD easier than backing up a whole VM's disk each time | 14:36:58 |
| Oscar | if you don't put the exposed apps into their own networking namespace it doesn't matter if they are lxc or vm or containers in general, then they will be able to contact other parts of your network.
I've divided my network into a bunch of small VLANs with strict firewall rules for forwarding between them, but also have the lazy vlan for my generic services which aren't exposed outside of my lan | 14:43:09 |
|  @fascinated:matrix.fascinated.cc left the room. | 19:44:03 |
| 27 May 2023 |
|  climate_1900 joined the room. | 14:21:58 |
| 29 May 2023 |
|  teak joined the room. | 13:54:59 |
| 30 May 2023 |
|  Variant #507 joined the room. | 07:07:23 |
|  DJetelina joined the room. | 12:19:04 |
| 31 May 2023 |
|  FloVie joined the room. | 08:25:31 |
| Oscar set a profile picture. | 11:54:15 |
|  hdhog joined the room. | 19:10:05 |
 ifiguero | So I have share point/one drive storage to backup. Any chance anyone knows of a Linux tool thst allow to upload backup files using a Microsoft storage solution | 23:30:02 |
| 1 Jun 2023 |
 🍄 HB|A+,Net+,Sec+,ECES,ITILv4,SSCP,MCP,MCSE|🌿 | rclone or duplicity maybe | 00:19:12 |
 megashinyserperior | Yep. Rcone or Rsync | 00:19:35 |
| ifiguero | Nevermind, it gives more errors than desirable. | 01:14:09 |
|  ruby changed their profile picture. | 07:08:17 |
| ruby changed their profile picture. | 07:34:39 |
