It’s been a while since posting anything overly technical, so I figured I’d drop a couple posts over the next few weeks about the new addition to the basement, a home server.
It’s been a while since I’ve had a home server, but dabbling in HomeAssistant desires to cut down on our streaming services led me back down the rabbit hole of building an all in one box for home use. I was able to snag an HP Elite Desk 800 G3 Small Form Factor about a month ago for $360 shipped with the below specs:
Intel Core i7 7700
16GB DDR4
256GB SSD
I ditched the 256GB SATA SSD and threw in a 512GB NVMe drive along with a 4TB Samsung 870 EVO SATA drive that we picked up for very little money, and threw Proxmox on it. The rest has been a lot of fun figuring out various technologies and working to build something that “just works”. My first fun project was redundant whole home ad-blocking with a few pi-hole instances! I run one in a Debian container on the Proxmox host itself and the other is running on my Raspberry Pi 3b+ that was previously used for my Home Assistant install.
The above diagram is a quick overview of how the install works currently. Some notes:
All Docker containers are running on non-root UIDs and GIDs.
Diun and the Docker Socket Proxy are on their own network, and the proxy is only exposing the required parts of the socket to Diun.
Diun notifies of image updates by throwing a notification to Discord every Monday at 10AM.
The primary and secondary Pi-holes are setup with Gravity Sync to ensure allow and block lists along with local DNS is kept in sync between the two nodes.
Duplicati is backing up the config directories for the containers on host daily to OneDrive.
Locally on the primary Pi-hole container a cron job is run to update the allow list daily for URLs that are known to be safe.
The Pi-Holes are subscribed to a number of block lists to ensure a wide swath of trackers, malicious content providers, ads, and suspicious content is blocked.
The whole thing is very easy to tear down and spin up quickly, and updates are all completed with a quick docker compose pull && docker compose up -d. I can update on a per-node basis too, staggering things to ensure there’s no ill effects.
A couple of things I want to switch out though:
I want to replace Duplicati with Restic or something similar running on the hosts. I’ve read some horror stories of Duplicati restores.
I’d also like to do daily backups to OneDrive and monthly backups to Backblaze B2 or Wasabi, once I get that up and running for my photo backups.
I’ve recently moved to Pushover for push notifications, so I’d also like to move from Discord to Pushover for my Diun notifications. It’s fairly trivial to tie Pushover into shell scripts as well (I’ll detail this in a future post), so any job running that’s deemed important I’d like to integrate push notifications into.
Overall so far I’ve been pretty happy with the performance of the Pi-hole stacks and getting more familiar with Docker has shown me just how powerful the platform can be for building out solutions quickly. It’s also great to get user feedback when they start noticing there’s no more ads in their Android games!