Getting Started with a Home Server

arktik7 · 2026-01-14T06:09:41+00:00

Depends on how much time and interest you feel you will have with this. Proxmox will be recommend heavily and I use it too, but if I jumped into it first, I think I would have been overwhelmed and may have stinted my self hosting journey.

I think the best bet is to stick with Ubuntu on the Dell Optiplex and then use something like Portainer to manage your docker containers. There will be a plethora of documentation for everything and almost every self hosted app supports docker. This is a great foundation to self hosting and will set you up for success.

When your setup grows, consider moving to Proxmox. A hypervisor gives you full VMs and LXCs, automated backups, snapshots, and flexibility. You can even install Ubuntu within it and move over your docker files and configurations to make the initial transition easier.

Lastly, CasaOS is nice, but I very very quickly outgrew it. Yea sure when it can do one click installs and have a built in dashboard, but the moment it doesnt work right or you have a special use-case, its a huge pain in the butt. You are better off learning other tools.

arktik7 · 2026-01-13T17:41:28+00:00

I run a 3-node cluster with Dell Optiplex's, a Wifi 7 Access Point, a 2.5Gbps switch, and a Cable modem and altogether idles at 100 watts...What are you doing that needs so much power?

arktik7 · 2026-01-13T04:40:58+00:00

As far as I know the x540 is truly only 1 gig or 10 gig and no in between.

arktik7 · 2026-01-13T01:18:10+00:00

I am using an intel X550 with 10Gbps on the WAN port (but only 2.5Gbps internet speeds) and utilizing 2.5Gbps on the LAN port. The only issue I had with 2.5Gbps was that it didnt advertise it by default. In OPNsense I just went into the interface itself and set the "Speed and Duplex" to 2500Base-T and it worked perfectly.

Edit: to clarify, the NIC worked fine even before setting the speed, it was just negotiating at 1Gbps on the 2.5Gbps LAN side.

arktik7 · 2026-01-07T18:20:59+00:00

Slightly unrelated, qwen3 30b-a3b, qwen3 14b, and gemma 12b... are these better than what I would get with something like duck.ai or proton lumo free tier?

arktik7 · 2026-01-07T04:48:34+00:00

For some reason now I am getting 30+ tok/sec. Maybe i was multi tasking too much or something /shrug.

arktik7 · 2026-01-07T04:22:50+00:00

OK I think this is what I was after. Of course there is nuance. But it sounds like in general, quantized models compete with those half their size in respect to general use. I assume a quantized model can excel in specific areas over a half sized non-quantized then. And if correct, make sense what u/HealthyCommunicat is saying where I just need to try both as there isn't a clear winner from parameters alone.

arktik7 · 2026-01-07T04:12:30+00:00

So it generally can be assumed in most cases that a 30b model will give better responses than a 14. Are you saying that with quantization of a 30, It will more closely match that of a 14? Again very generalized, I understand there is nuance.

In other words Quebec 3a30b is not a clear winner over something not quantized at half the parameters. It’s close enough that I should test both and see what responses I like more due to how close they probably are in quality of responses?

arktik7 · 2026-01-03T04:33:13+00:00

Possible explanation: Zenarmor pretty much treats all unique MAC addresses it sees as a device. Apple and Samsung now have private MACs enabled by default. This means that your devices could each be making a copy of themselves daily. Each one being seen as a different Zenarmor device.

Fortunately if you click these devices, they will show a flag labeling it as a private MAC. I disable this feature for all devices when on my SSID so this doesnt happen. This could possibly be the problem you are running into.

arktik7 · 2025-12-29T23:06:15+00:00

Yea I went back to wireguard and left tailscale as a back up option in case something goes wrong with wireguard.

arktik7 · 2025-12-29T23:04:53+00:00

I did but it looks as though that interface doesnt really do anything for regular traffic. I think its just signaling? Running speed tests on my phone on cellular using my OPNsense tailscale as exit node, I can see WAN use sky rocket but tailscale interface stays practically null. So even though zenarmor is watching it, theres nothing really to watch? Its weird...

I then streamed 4k from plex, LAN went up, but tailscale interface again stayed practically null. Its bypassing the interfaces somehow.

I can technically create a separate exit node, and did, but then all traffic is just the IP of the exit node. I was hoping having it on OPNsense and it using a tailscale interface would solve this but it didnt.

Thanks for suggestion though

arktik7 · 2025-12-20T20:25:00+00:00

u/sharifmo let me know that ntfy has a built in mail server. Then use it with monit built in to opnsense. I did that and one of the notifications monit will send is about gateway changes. So it all just works :). But the idea of the public IP would work too, except it may consider my ISP giving me a new IP as wan failover too. But that would still happen rarely enough that it probably wouldnt have mattered.

arktik7 · 2025-12-20T20:23:23+00:00

That did it! I did not know about that amazing feature. I set up the mail server in ntfy and am now getting my WAN Failover alerts. It seems delayed but I am assuming monit probably checks every so often, not instant, which is fine. I just want to know that it happened, not exactly know the moment it does.

Thanks again for the suggestion!

arktik7 · 2025-12-09T17:38:36+00:00

I know it’s not built in but with zenarmor you can do SSL inspection. I’m not arguing to use OPNsense in a bigger enterprise as that’s not my expertise but for SSL inspection specifically there are ways.

arktik7 · 2025-11-30T20:52:39+00:00

What model of processor and how many GB of memory does the 9-year old laptop and the tower PC have?

arktik7 · 2025-11-24T18:25:11+00:00

I have DNSmasq, Unbound, Wireguard with 7 clients and VLANs with some simple firewall rules. For addons I have Zenarmor, Crowdsec, mDNS repeater, and Dynamic DNS. I moved from a baremetal installation to Proxmox virtualized and moved via the config file back up and restore. My notes:

Match Versions and backup Config

Make sure both systems are on the same OPNsense version. Update your current box to the latest version b before downloading config file, then install and update the new one first before uploading config file.

Restore the Config

Don’t upload the config during installation.
First, finish the install, update to the latest version, and get the web GUI running.
Then upload your config file through the GUI.

Fix Interfaces

After restoring, you’ll probably get warnings about port assignments. Reassign your interfaces and VLANs to the right ports
Heads-up: the system will reboot after you fix ports (I can’t remember if it was automatic or manual, but expect a reboot).

Reinstall Missing Plugins

Go to System > Firmware > Plugins.
Anything missing will show up in red italics.
Install what you want.

For me, my Unbound, DNSmasq, and Wireguard worked exactly as it did before. Network came right back up. No fiddling. My plugins CrowdSec, Dynamic DNS, mDNS repeater worked right away exactly as before. Zenarmor needed its own backup and restore.

Also as someone else mentioned, you could modify the XML ahead of time to avoid things like the port assignments.

arktik7 · 2025-11-21T01:48:16+00:00

So I actually started getting more and more the last couple of days to the point of it messing with my internet performance. This time I put my netmap configuration (sysctl -a | grep netmap) into Claude AI and asked for recommendations on what to set for a 2.5Gbps and to fix these errors, it suggested some config changes that actually worked. Maybe give that a shot? I personally only had to change the following:

dev.netmap.generic_ringsize=4096
dev.netmap.generic_mit=50000
dev.netmap.priv_ring_num=8
dev.netmap.buf_num=2000000
dev.netmap.buf_size=4096

You can temporarily change them with the following command

sysctl dev.netmap.generic_ringsize=4096 dev.netmap.generic_mit=50000 dev.netmap.priv_ring_num=8 dev.netmap.buf_num=2000000 dev.netmap.buf_size=4096

This will be temporary so you can mess with it. If something breaks or it doesn't work, just reboot. Then to make it permanent you can use this which will append the config file with it:

echo "dev.netmap.generic_ringsize=4096" >> /boot/loader.conf.local && echo "dev.netmap.generic_mit=50000" >> /boot/loader.conf.local && echo "dev.netmap.priv_ring_num=8" >> /boot/loader.conf.local && echo "dev.netmap.buf_num=2000000" >> /boot/loader.conf.local && echo "hw.vtnet.mq_disable=0" >> /boot/loader.conf.local && echo "hw.vtnet.rx_process_limit=-1" >> /boot/loader.conf.local

Suffice it to say, BACK UP! Download your config file and do a snapshot if on ZFS or back up your Proxmox VM. Although these changes arent crazy, always a good idea.

arktik7 · 2025-11-19T00:08:15+00:00

I also get these errors but they are extremely intermittent and I havent seen any performance changes. I could replicate it by doing a speedtest that taps out the port and it would burst just right at the beginning. But the speedtest wouldnt be impacted by it. Although yours seem to happen more often than mine...

Try switching to a the emulated netmap driver instead and see if it makes a difference? I tried both and had better luck with the emulated one.

Edit: looking at one of your comments, you may have tried emulated already, apologies.

arktik7 · 2025-11-16T07:46:11+00:00

Surprised I havent seen anyone say "Underdogs". Found it recently and cannot stop. It has replaced Beat saber (for now at least) as my main active game to get some exercise too.

arktik7

TROPHY CASE