Adding Infrastructure to Proxmox
In a previous post, I talked about the “AK-fortyserver”, a cheap NAS appliance that I added Proxmox VE to. I named mine “Scratchy”.
I got my Synology NAS backed up to Scratchy, so that I could remove the disks in it and replace them. I was buying 8tb disks for it, but I decided to go in another direction. I will discuss the that larger project in another post. Right now let’s focus on the apps I am setting up on Scratchy.
The importance of NFS#
I prefer to use the old Unix Network File System on Linux servers, rather than the newer Server Message Block file system that I use on Windows. Honestly, it’s probably a bias that I have from working with both Unix and Windows for a long time. Unix systems mount network shares into the filesystem and don’t care where. You can mount a file system to /home and Unix won’t care. You can mount it to /nfs/remote-server and Unix won’t care. You can do all sorts of group policy things to fool Windows into thinking a network drive is just part of the C: drive, but the NFS method is superior, in my opinion.
Yes there is a bunch of stuff that you can do with Proxmox to run NFS on containers, but in the end, it’s just easier and more portable to use VMs. So the first thing I did was rebuild my NAS as a VM.
Scratch-NAS#
Scratchy has room for 4 drives: 2 NVME drives and 2 SATA drives. One NVME is currently used for the Proxmox VE system drive where the boot drive for the Scratch-NAS VM resides. I originally planned to do ZFS for the SATA drives and use mountpoints for containers. But since the NAS is now a VM, I figured I would just pass the SATA drives to the VM and use NFS and Samba to make them available to other VMs.
I elected to use the Turnkey Linux File Server again, but this time I went with the ISO. One of the SATA drives is 16TB in size, the other is an old 2TB drive that I had laying around.
The 16TB is the main place for backing up data from my Synology. The other drive I will use for Bittorrent. It’s been my experience Bittorrent kicks the crap out of harddrives, so don’t use an expensive drive, and definitely don’t use a raid array.
snARRf#
For my piracy operation, I use a series of docker containers from LinuxServer.io. I use Transmission for downloading files, and various automation tools (RadARR, SonARR, LidARR, etc.) for doing piracy hands-free. I use NFS to mount a disk for keeping torrent files, and one for the final destination for those files. Also, I have found that a VM running Docker containers is easy to backup and restore, as well as move from host to host.
When you are working with Docker, do all of your operating system shit on the Docker host VM, not on the containers. I put the NFS mounts on the host, and then use bind mounts to make the NFS folders available to the docker containers.
Yes, I know that running containers on a VM that is running on a tiny Linux machine is kind of Inception-esque but it’s also kind of cool.
LXC networking tools#
I have a few different networking tasks that I like to run on my homelab:
-
Bastion Host- Getting safe access to your internal network is important. My usual tool for access is an overlay network. A secondary/emergency tool I also use is a bastion host, or a stripped down Linux server that is accessible via SSH directly from the Internet. I will go into greater detail about it in another post, but think of this container as the emergency entrance to your fortress.
-
Swedish Internet Router- In order to run Bittorrent without getting busted, I use a VPN client. I have several VMs, containers, and other things that want to use that connection, so I have a Linux container that serves as a kind of router to push traffic through a VPN tunnel to Sweden. There is a bit of work to be done for an unprivileged container to get access to the /dev/tun device on the host, which, you guessed it, I will go into detail about later.
-
Overlay routers- Ultimately I want to have servers in a few locations that I can access from anywhere via Zero Trust overlay networking. But for now I am just using Tailscale. Tailscale does a bunch of cool things, but two I am going to talk about first are exit nodes and subnet routers. An exit node lets traffic from inside your overlay network use the exit nodes network link. This is really handy for securing your Internet traffic. Subnet routes do something similar, which is make the local LAN available to your overlay network.
I use my VPS as a Tailscale exit node, which lets me secure traffic for devices on nosy or shady networks, like work or a coffee shop wifi. The VPS is pretty much always available and has a fast link to the Internet so it’s a good candidate for general purpose routing.
Another exit node that I deploy is a Linux container on Proxmox. For the network configuration on this container, I use the Swedish Internet Router as the default gateway, that way all of the traffic out of the container gets routed to Sweden. I then configure Tailscale and an exit node, so that when I use that exit node, all of the traffic goes thru Sweden. This set up is incredibly slow, so I do not recommend it for anything other than emergencies. I am thinking about installing Tailscale directly on the Swedish Internet Router, but I haven’t done the experiment yet.
The last Linux container that I employ is a Tailscale subnet router. I configure routing on this container to make my DMZ network available to all of my TS nodes. This simplifies server configurations because I don’t have to install TS on every container and server I am hosting, as well as my Proxmox VE hosts. I can just run a couple of containers and access everything. This is the node that will connect your Proxmox containers and VMs to the Internet thru a reverse proxy.
So there you have it, 1 storage VM, 1 Docker VM, and 3 Linux containers for specialty networking. There is still work to be done to connect the NAS appliance to a your hosted VPS, but the overlay network has to be in place first.
An optional 3rd VM is Plex. I use NFS to mount my media libraries from my NAS. The VM is severely underpowered at the moment, but once I get a second Proxmox server set up, I can run more intensive workloads, like desktops and streaming servers. Plex is fine for streaming locally to my LAN, but it complains about CPU power when it refuses to stream over the Internet.
Chrizzle23.com and all blog posts © 2025 by Chris Anderson is licensed under CC BY-NC-SA 4.0