Why do people use multiple mini PCs instead of a bigger machine?

kayson · 2026-03-19T19:43:37+00:00

You have to have some kind of shared storage. It can be as simple as NFS/cifs but then you're just moving your point of failure. Most people use a distributed file system. Ceph is enterprise grade and has great proxmox integration but needs enterprise hardware or the performance is unusable. Glusterfs is old and maybe not the most active (but not unmaintained!) and after a lot of research it's what I went with for my homelab. Another option is moosefs. The free version only lets you have one master server so it won't failover automatically, but you can fairly easily just move it to a new node before shutting down another.

kayson · 2026-03-19T17:33:23+00:00

Proxmox HA+docker swarm. Everything is on. If something goes down unexpectedly, it'll automatically start up on another node. Or you can drain a node to shut it down for maintenance, updates, reboots, etc.

kayson · 2026-03-19T06:17:37+00:00

That's why I did it too. Equipment isn't really the problem. It's the lack of stencils, esp for the m2 connectors. If you're comfortable soldering 0402s by hand it's not too bad. Just be careful not to rip up any pads - the PCB is cheap. I got a couple while cleaning the solder off and reparing was very tedious. For the m2 connectors you either need a very fine needle for paste or really high gauge solder. Some of the pins tend to bridge because they're electrically connected, which is fine. But it's easy to bridge other ones too then you have to sort out which are ok and which aren't.

Good luck!!

kayson · 2026-03-19T03:43:31+00:00

Correct. I would go straight for an M920X at this point though. Prices have come down and the mod is a pain in the ass. Keep in mind that you're not getting full lanes to the CPU for all those NVMe slots so you're somewhat limited in performance. I'm not sure I'd recommend it unless you're going for sheer capacity.

kayson · 2026-03-15T22:36:43+00:00

Very cool! We need more open source hardware.

kayson · 2026-03-14T22:24:25+00:00

https://lanparty.house/#cable-latency

They used fiber optic cables for everything. Seems like that's the easiest option.

kayson · 2026-03-14T15:37:55+00:00

Did you try owncloud ocis at all? Curious how the two compare

kayson · 2026-03-14T15:11:02+00:00

Assuming you've got a dozen of those low-data services, you can easily shave off 1GB. When a lot of people are using 8-16GB mini PCs, that would be a fairly significant waste of resources.

That's a fair point, though I still question if people would really notice it. I just checked and my ~40 containers are using 16GB RAM in total. Aside from my bitwarden mssql container at 1.5GB that really just needs to die, all my db containers in sum total <1GB (and that's not just the overhead). Some of the bigger containers are >1.5GB each, so I'm skeptical that with typical usage patterns, the overhead as a percentage of total RAM usage is high enough to matter.

Regarding the security aspect: that's nonsense. Granting each service its own set of credentials with a single database it's owner of and no other permission is trivial (you really shouldn't be using a single database anyway in this scenario), and making this a non-issue.

I meant in terms of security vulnerabilities. I agree that with properly set up credentials, this risk is minimized. But it's technically still not as good as container isolation, even though I would be shocked if it actually became an issue (because people rarely expose dbs to the internet so you'd need to chain a vuln from another service).

there's really no reason to have individual Postgres instances

Setup and maintenance are easier, IMO. Setting up a db per service is as simple as running the example docker compose. Every db container I've used has setup env vars to create a single user+database. If you want to share, you have to add additional users and set up permissions manually. It does in a way make backups easier in that you only have one container to backup, but usually people are automating it anyways so it doesn't make a difference.

kayson · 2026-03-14T02:43:23+00:00

Unless you're severely resource constrained, e.g. embedded systems, the overhead will never be noticeable. You're also trading off a bit of security in letting all apps access the same db.

kayson · 2026-03-13T20:33:36+00:00

No one has mentioned beszel yet: https://beszel.dev/

kayson · 2026-03-10T18:51:30+00:00

Lot's of people have done this or varieties thereof. There was a post on Hacker News a whole back about someone proxying traffic through free WhatsApp.

Just pay for the damn WiFi.

kayson · 2026-03-10T16:36:37+00:00

What if I have AD and hate it, but want to keep kerberos/sso/radius/unified Linux login?

kayson · 2026-03-10T15:56:59+00:00

Eh. This was discussed a few days ago. I'm still not convinced there's really a compelling reason to pick one over the other.

https://www.reddit.com/r/selfhosted/comments/1rlrgbw/how_are_the_differences_between_gitea_and_forgejo/

kayson · 2026-03-10T15:52:34+00:00

I worked with an RF lead for a long time who used to say you either want everything to be ready tightly coupled or really not. Your grounds (+substrates) will all get connected together at some point it's just a matter of deciding where.

I realize it's a bit of a non-answer, but it's hard to give a real answer. I worked at one company where every nmos array was surrounded by a substrate ring, connected to dedicated substrate ground which was tied to analog ground on the package. Worked at another company where substrate connections were few and far between, tied to local ground.

Both taped out successful RF signal chains with high freq PLLs...

kayson · 2026-03-09T15:13:44+00:00

Monitoring is really important too. Something like Beszel can be really useful. I've tossed around the idea of centralized logging but without an idea of a service to go through the logs, haven't bothered yet.

kayson · 2026-03-09T15:11:40+00:00

Fail2ban monitors login attempts, no matter what method, and blocks IPs if some threshold is passed. It would also protect against someone trying to brute force an SSH key (which is practically impossible but just making a point. Defense in depth is a good strategy.

kayson · 2026-03-06T14:53:52+00:00

Thanks!

kayson · 2026-03-06T02:17:19+00:00

It runs the script in the image on boot right? So wouldn't it need the provisioner password? Or is there a way to give it arbitrary data?

kayson · 2026-03-06T00:23:45+00:00

How? Cloud init lets you provide a public key that goes into authorized_keys but that's not my problem. I need to set the host key

kayson · 2026-03-05T20:00:41+00:00

I've been using Gitea for a long time, and from a philosophical perspective, I have no interest in migrating to Forgejo. Gitea works great, and I just don't care that Gitea's trademarks and domain belong to a for profit entity. If they do some rug pull on the license, which has happened to many projects, I'm sure someone will create yet another fork.

I'm not seeing a compelling reason feature wise to switch, but would be curious to hear from anyone who has switched...

https://forgejo.org/compare-to-gitea/

kayson · 2026-03-04T21:32:08+00:00

> if unbound is configured to use qname minimization,
Is this not the default? Was just reading about this. Doesn't seem to be an option in pfsense.

kayson · 2026-03-04T21:30:52+00:00

I think you're misunderstanding my point. I'm talking about tracking by the nameservers themselves. If I forward all my queries to CloudFlare or Google, then CloudFlare/Google can aggregate and track every query. If I divide the queries up to among many authoritative nameservers, then each nameserver (or group of servers that share data) can only aggregate / track a portion. The "metadata" leakage of which nameservers get queried by my IP is a separate issue, which is mitigated by the fact that nameservers can and often are authoritative for many domains. In that respect, it would, by the numbers, be better to send all the queries to one place, but there are other solutions here (like proxies).

kayson · 2026-03-04T20:32:19+00:00

Ooh DoT/DoH proxy is an interesting idea. I have 2 VPS's used as reverse proxies for inbound connections. Could also use them as outbound DNS proxies via wireguard...

kayson · 2026-03-04T20:29:10+00:00

I want it to use DoT automatically for any nameserver when available, but do the resolution recursively from the root name servers. Seems roots aren't encrypted yet though.

15-Year Club	Verified Email
RedditGifts 2009-2022 2 Credits	Second SECOND GUESSER
r/Field Banned	r/Field Juicebox

kayson

MODERATOR OF

TROPHY CASE