6d ago

Hardware Suggestions For A Beginner?

Hello, I've been saying it to myself for a year now, but I'm on summer break rn and I really need to do something with my life. Here's some of the software I plan to host. Goal is to not spend more than $150-200, I do have some gift cards though.

Absolutely Will Run:

Nextcloud & Immich - I want to replace Google and OneDrive

Might do in the near future:

Jellyfin - my mom and I usually just bootleg by using Kodi on our FireTV, so not a major need rn, but might be nice for future purposes.

piHole - better overall ad blocking, so I don't have to use nextDNS on all my devices, and maybe help my mom out.

VPN - I currently pay for Proton, and we use it on the FireTV, the TV app sucks cause it doesn't have killswitch (PC and mobile have Killswitch). I have several devices and profiles that I use, so I was thinking maybe just an overall VPN might be nice

Seeding - I think it would be nice to give back to the community, since I torrent every now and then.

OS Plan: I plan to use Proxmox as I have a little bit of experience using it, and others seem to like it a lot for managing multiple software.

I know I don't need to go full power mode rn, so I wanna stick with something low end that I could maybe upgrade in the future. Should I just buy a used laptop/PC, or get like an Optiplex or ThinkServer? I don't wanna rack up my parent's electric bill. I already got some hard drives a year ago, so but is using an external drive bad?

I know to use the Ethernet ports so my signal isn't shit, but I gotta work out the best spot I can put my server. I do know an okay amount of networking knowledge, and I'm a cyber student anyway so this is like a fun yet educational personal project for me.

When it comes to external access and security of these services, should I stick with Tailscale? Some people have concerns over the proprietary bits and are using headscale instead I guess.

Any guidance is much appreciated!

EDIT: Thank you all so much for the guidance! I've decided to repurpose an old Mac laptop that has a broken screen and use that as the proxmox base (might put better RAM in it if I can) and then start with that. I might get a Pi or thin client in the future for more purposes. I will certainly come back to post when my nextcloud is running!

39 comments

I would recommend putting the pihole and any network management tools on dedicated hardware.
It’s not fun having a random update for Transmission take down your entire internet. Ask me how I know.
- Run two PiHoles. This way you can take one down for maintenance and the other keeps working.
  
  So one pihole would be on the router, while the other runs on another piece of dedicated hardware?
- I actually plan on putting hardware related stuff on an extra pi since I only run a single proxmox node right now. Would be home assistant and nut tools for the ups but I might put pihole and unbound on that as well.
  I am worried about the performance though because of home assistant. And it is pretty comfortable to have everything on one host that is far from being used to capacity anyway.

I'm still a beginner myself, but from my experience I'd say skip Nextcloud at least to start with. I found even the AIO version confusing to set up. Hell, I still do. I have the NextcloudPi image running on a Pi4 but am actively looking for a replacement because it runs like crap on that hardware and I don't need all of the features it offers/tries to cram into one service.
I'm leaning towards FileRun. Yeah, you have to pay for it once. But so far it seems to be the best alternative that doesn't try to do too much. And yes, I tried Owncloud Infinite Scale, before everyone jumps on me :)

I would go for refurb, business line SFF machines. Something like ThinkCentre or Optiplex. Specific form factor based on drive needs but the smaller you go the more power efficient. I have one on the bigger side (internal psu) that runs about 12W idle.
Just double check that it can handle hardware transcoding. Should fit right in your budget!
- Do you think this potential list is appropriate? Other people suggested a minimum of 16 GB RAM.
  
  I would go with 16GB for the kinds of things you listed.
  If you don’t need a 3.5in drive then I would go even smaller to a mini form factor. It will definitely save you money on electricity. I think it’s the main choice here.
- This is how I got started. HP Elite desk Mini. If you want room for full size HDDs then get the SFF version.

You can buy a used office computer from businesses that are upgrading (downgrading) to win11 for less than 50 bucks. They tend to be relatively low power, relatively quiet, lots of PCI slots and USB ports so there are many upgrade options, yet low entry price for a decent computer. If you plan on using as a jellyfin server: either mind the chip now for transcoding capabilities (there's lists out there) or know that if you want that, you'll have to put in a GPU at some point if the onboard can't transcode well.
I have a mix of external and internal SSD's. Some are running way not as fast as they theoretically could, but it all works well enough for me. You can start with what you have, storage is still expensive.

IMO, you want ram more than you want processing power. 16 gig ought to be enough. Most of the time your containers will sit dormant and just consume memory. However since you want to run Jellyfin, get a recent CPU which can do hardware decoding of popular codecs. There's charts online that show what generation can handle what codecs. Ideally you don't want that done by software. You should still be able to find something cheap.
In terms of placement. It depends a lot on noise IMO. If you're running something small without magnetic storage, you're probably fine to stick it anywhere. If you have several data-centre grade hard drives, you will probably want to keep it somewhere where you wont hear it all day.
In terms of upgrading, I'm not sure if its as much of a concern as you might think. I run probably about 30 docker containers off a NUC clone and a seperate NAS, and that has worked pretty well for the last few years. I can always add more drives to the NAS, but otherwise its fine. Also, many of my services scale to zero with sablier+traefik, and I schedule filesharing for low bandwidth times. This makes things pretty manageable.

First question: what will you do about data backup? Nextcloud and Immich both imply important data that you don't want to lose. You say you have some harddrives, so look for some computer that can take more than one harddrive and then setup RAID with snapshots. I'd go for a RAID setup such that you need two drives to fail before you lose data, but there are plenty of debate. We often say RAID is not a backup - you should start thinking about the next step in your backup setup soon.
Used vs new is always the question. In general the newer the system the less power it will use to do the same work. However ARM will almost always use less power than x86 even if the x86 is much newer. I specified work here, your computer will nothing most of the time so idle power matters too.
- I definitely plan to used RAID for my drives.
  To follow 3-2-1, have the working copy, a copy on a SD, and a copy on cloud (encrypted of course). Depending on the size of the snapshot it will go to Proton or Google Drive (Sticking to Google is silly, I know, but I don't have a second location to have secure my data lol). 2 is met by having it on SD and Cloud. 1 is met by saving encrypted snapshot on cloud.
  
  The bigger point about cloud that most miss is make sure you are paying them a reasonably price for the service. So long as you are the customer and not the product the cloud can be good.

Here's what I did: I bought a $50 Dell Optiplex desktop with a 4th generation Intel CPU on ebay. I stuffed in 3 HDDs from ServerPartDeals and a boot SSD I had laying around. This machine draws 50 to 60 watts continuously.
I got caddies for the HDDs from my local used computer parts store. I got 5.25 in to 3.5 in adapters from Amazon.
I added a 10 gig SFP+ card (which isn't fully utilized since my network is mostly 2.5 Gig). Realistically, the onboard gigabit port is adequate.
I got a SATA PCIe card so I can add a 4th drive if needed.
I also bought a Nvidia Quadro P400 graphics card (similar to a GTX 1050, but half the price) for $30 on eBay for Jellyfin transcoding. I couldn't get the onboard Intel GPU to play nice with Jellyfin.
Excluding the cost of the drives, this setup cost me about $130.
Tailscale works pretty well, but I usually use Wireguard to connect to my router remotely. I've had issues getting Tailscale to work well with my reverse proxy, but I suspect that's a me problem rather than a Tailscale problem. I have OPNsense and Adguard running on an ancient Mac Mini that serves as my router. (If you follow this route, make sure you get a Thunderbolt Ethernet adapter, not a USB one.)

VPN - I currently pay for Proton, and we use it on the FireTV, but it sucks cause it doesn’t have killswitch.
I have been using Private Internet Access so long I can't remember when I first started but it's been years. I've had great success with PIA and I never fire up a device locally without it. It does have a killswitch, advanced killswitch, split tunnel, multi-hop with shadowsocks or socks5 proxy, openVPN or Wireguard configurations, and a dedicated IP option.
I've tried other top name VPNs, but imho, none come up to what PIA does.
- Sorry, corrected my post as I have confused several people lol. Proton has killswitch on mobile and PC, just not Fire TVs.
  
  Ahh...gotcha.

get a cheap N100 box. do not overspend.

Do you have any old hardware lying around? Old gaming pc, or an old laptop? Doesn't matter if it has a broken screen or keyboard or trackpad or can't upgrade to win11. Maybe ask around if someone you knows has something similar.
I'd start with that. Then save the money for an upgrade to the old hardware like adding some extra RAM and a big refurbed hdds.
- I think we've got an old MacBook with a broken screen, and a Windows laptop that slowed down because got a virus on it. Didn't think I could use something with a broken screen, but I'll try it maybe.
  Edit: Not sure if I have their chargers though...
  
  Either or both will likely work just fine depending on how broken the screen is. The virusy windows would be easiest (sometimes macbooks are harder to get everything working due to drivers, windows ones typically just work). But the virus will be removed when you install proxmox. I currently have 3 laptops in various degrees of old and broken being used as a proxmox cluster.

Proxmox on a Lenovo micro form factor is probably a good cost effective option. Get a business class ThinkCentre, like an M720 or something similar that's 3-5 years old that a corpo has just upgraded away from, i5 or Ryzen 5 with however much storage and RAM you want. Spin up a container specifically and only for PiHole+Unbound (and consider adding a pi or some other dedicated hardware for DNS later on for redundancy in case your main goes down), and then the rest is however you want to build your environment.
For me, I've got a Pi dedicated to 3 key tasks: PiHole, Unbound, and PiVPN (edit: and Nginx Proxy Manager. It's dedicated to 4 key tasks...). It's basically my filtering interface between the home network the rest of the internet immediately after my router handles the frontline defenses, and then I've got a Proxmox cluster to run most of the rest of my internal services.

Start with a vps so you can ramp up with the software.

How much is a kWh in your parts? Noise, ambient temperature? You can buy very decent refurbished Lenovo tiny PCs with some 16 GB RAM and 6 cores and half a TB SSD which will run Proxmox and are low power and noise. You can go multi-node Proxmox later if you want to expand. k8s and related are also an option.

I'd search ebay for 9500t and get a NUC, its a 6 core processor and can be bought pretty cheaply.

If you really want something upgradeable, used enterprise SFF is the way to go: https://discountelectronics.com/
However, the hardware market is in a weird spot right now; you’ll get far more bang for your buck with an Intel N150. You can find a 16GB DDR5 w/ 1 TB SSD around the $200 mark, and that’s what I’d roll with in your shoes, assuming you don’t mind living without a spinning disk. Your Jellyfin and Immich instances will run far smoother.

Protonvpn has a Killswitch: https://protonvpn.com/support/what-is-kill-switch
A kill switch is available to all Proton VPN users on Windows, macOS, Linux, iOS and iPadOS. Newer versions of Android now have built-in kill switch feature, as explained below.
Please note that our regular kill switch feature can’t protect you if you intentionally disconnect from a VPN server. However, the feature does protect you while switching servers with Proton VPN.
Our Windows and Linux apps now also feature an Advanced kill switch. In addition to protecting you from accidental VPN disconnections, this prevents you from accidentally using the internet without the VPN turned on, and it will persist when you shut down and restart your device. You will not be able to connect to the internet if you manually disconnect the VPN without also disabling Advanced kill switch.
or are you in a different scenario where that doesn't work?
I've configured my router to set up a VPN connection to proton ( wireguard config ). I then decide which devices gonout without vpn and which with VPN. ( Default being with VPN ). If the wireguard tunnel happens to go down, the devices can't surf the web.
- Specifically talking about the FireTV, 99% sure the app doesn't have a Killswitch, I've checked. I use it all the time on PC and Mobile though :)
  Setting up the VPN on the router sounds great, but can home routers (I have Cox) flash VPN software on them (thought they couldn't)? Also is it MAC or IP filtering (would I have to set a device to static IP) for deciding which devices use the VPN tunnel? How good is it about switching servers (like if a server I'm connected to is on maintenance or is overloaded)? Not too worried about the web issues, can always hop back on the regular Wi-Fi and use the app.
  
  I think it's MAC based, but I'm not sure
  Specifically talking about the FireTV, 99% sure the app doesn't have a Killswitch, I've checked. I use it all the time on PC and Mobile though :)
  Ah! I can't get a fire stick here so no experience with that.
  Setting up the VPN on the router sounds great, but can home routers (I have Cox) flash VPN software on them (thought they couldn't)?
  The asus router I have has a feature called VPN fusion. I specifically bought a set of routers for my home that are in front of my ISP router because I wanted a single SSID and wanted to set my own DNS servers without having to specify them per device . They (ISP) keep restricting features on their router ( can barely do anything on them nowadays ). Also switching ISPs became easier as any config is done in my devices rather than theirs.
  Also is it MAC or IP filtering (would I have to set a device to static IP) for deciding which devices use the VPN tunnel? How good is it about switching servers (like if a server I'm connected to is on maintenance or is overloaded)? Not too worried about the web issues, can always hop back on the regular Wi-Fi and use the app.
  I THINK it's Mac based, but I really can't say. I named the devices on my router and they keep reconnecting as the same device. Either that or it uses some combination of info from the device to identify it.
  E.g.: my work MacBook should switch MAC addresses every time it connects to a WiFi, but it's consistently identified by my router.
  Additionally, they have some routers that are supported by custom firmware ( asuswrt-merlin ). Mine don't support it unfortunately. https://www.asuswrt-merlin.net/

I would suggest a used laptop with a gtx10xx GPU and min 16gb RAM. 1 to 2 TB SSD and if there is still room And budget still 4tb HDD for jellyfin Content.

Tailscale is great. Don't believe the bad press. You can always switch in the future if they change their trajectory.
I run all of that on a Dell Optiplex that I bought refurbished in your price range. I couldn't figure out the self-signing certificates to run nextcloud without a domain, so I run OwnCloud, but hopefully you'll have better luck.

If you can get something your local university is discarding due to W10 end. Got my first server this way ( core 2 E-something ) when W7 EOL was anonced and it ran nextcloud very well. If you can't, go for an used pc. The only thing you should buy new are disks.
Even if the hardware is not performant enough to run it can be a 2nd node for promxox.

Bookmarking as I too am interested in this topic.

for Jellyfin specifically, get yourself a cheap x86_64 PC and cheap or used graphics card. (or a cpu with integrated graphics)
for example, my jellyfin is running on an AMD FX-6xxx processor and a GTX 670 just fine.
the raspberry pi will work for Jellyfin as long as you don't have any transcoding to do, but the minute you need transcoding you'll need a GPU or good encoder/decoder chip.

Raspberry pi can handle a lot of those tasks fine and others slowly. They are dirt cheap and need very little space. You can add usb storage easily.
I would start there until you know what you’re doing and know what you want.

39 comments