All-in-one home server by TrueNAS Scale

P

phamthinh1368

Cadet
Joined
Oct 10, 2023
Messages
7
Hi all,

I'm owning an old HP Z210 server with 16GB ECC RAM, an EPYC server with 32GB ECC RAM, 2 Gigabit NICs and 26 of 500GB HDD 2.5 inch. I'm planning to build an all in one home server for several purpose below:
- NAS for my family file storage.
- Cloud server for replacing OneDrive Family and Mega Team that I'm still paying 24.6$ per month for both.
- Hosting for my personal website server with around 1000 per month and can grow up in the near future.
- Reverse proxy for better hosting security.
- Ad-block for whole my home.
- Smart home hub for around 30 devices and sensors.
- Video recording for around 3 FHD IP cameras.
- Running some decentralized marketplace for computing power, storage and bandwidth services.
- Multimedia server that I can use while take some rest in my business trips.

I'm also planning to build an independent solar energy system with backup battery. My local electricity price is around 0.13$ per kWh so a 3-4.5k$ for 5kWh solar energy system with backup battery will get ROI around 4-6 years.

I have done some research and designed a layout for the whole TrueNAS Scale system as image below.

Diagram.drawio.png


But, until now, I still have a few unanswered questions:
  1. As image show that all service of TrueNAS Scale (include SMB share of my datasets) stand after pfSense. I think I will assign WAN and LAN interface of pfSense to 2 separate NICs, then assign default gateway of TrueNAS Scale to LAN IP address of pfSense. So if the system start, the whole system will disconnect to internet until pfSense complete booting. Is my solution possible? Does the TrueNAS Scale gateway address need to be connected to the internet first?
  2. In the case of TrueNAS Scale gateway address need to be connected to the internet first, so that is there anyway to assign all services and SMB share after pfSense?
  3. How about computing performance of VM inside TrueNAS? I tested Windows VM on Proxmox so that the computing performance can reach around 96-98% if comparing with the same test on bare Windows.
  4. Is there any solution that backup main OS in case of the SSD that contain TrueNAS Scale fall down? My mainboards don't have hardware RAID function.
  5. Is it crazy if I just create a single raidz3 pool from 20 disks for all services and VMs? I will get around 7.7TB capacity and have ability to survive damage to up to three disks.
  6. Can anybody suggest VLAN layout for my whole system, except public devices group? I think I will separate the system into 4 groups: home devices & services, DMZ, IoT and camera.
  7. How about anti-virus and anti-hacking from secondary side devices? For example, how to prevent virus and attacking from my wife laptop to my NAS?
Let's start to discuss about an all-in-one server system. Thank all you guys read my super-long post to this line.
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
@phamthinh1368

Sounds like an exciting and green project. Looking forward to hearing your progress.
  1. Does the TrueNAS Scale gateway address need to be connected to the internet first?
    1. No.. it can run airgapped. However, you will need a way of accessing TrueNAS as a local administrator without going through the pfsense gateway first. We generally recommend a separate firewall, but would like to hear whether this works well for you.

  3. How about computing performance of VM inside TrueNAS?
    1. its KVM.. same as Proxmox.
  4. Is there any solution that backup main OS in case of the SSD that contain TrueNAS Scale fall down?
    1. Yes.. can mirror boot devices.
  5. Is it crazy if I just create a single raidz3 pool from 20 disks for all services and VMs?
    1. A little crazy.... its a very low performance config. I'd suggest 2 x RAIDZ2s + a spare.
  6. Can anybody suggest VLAN layout for my whole system, except public devices group?
    1. Whatever works for you.... but remember the administrator.
  7. How about anti-virus and anti-hacking from secondary side devices? For example, how to prevent virus and attacking from my wife laptop to my NAS?
    1. Get a solid prenup...:smile: Most of the virus attacks or on the client/Windows side. You can use Open Source ClamAV or scan the NAS shares from a client. Use snapshots to protect against client machine encrypting or deleting files due to ransomware virus or you forgetting your anniversary date.
Its quite a lot of functionality in 32GB, especially with many VMs. Apps/containers are more DRAM-efficient.

Good luck!
 
P

phamthinh1368

Cadet
Joined
Oct 10, 2023
Messages
7
morganL said:
@phamthinh1368

Sounds like an exciting and green project. Looking forward to hearing your progress.
  1. Does the TrueNAS Scale gateway address need to be connected to the internet first?
    1. No.. it can run airgapped. However, you will need a way of accessing TrueNAS as a local administrator without going through the pfsense gateway first. We generally recommend a separate firewall, but would like to hear whether this works well for you.

  3. How about computing performance of VM inside TrueNAS?
    1. its KVM.. same as Proxmox.
  4. Is there any solution that backup main OS in case of the SSD that contain TrueNAS Scale fall down?
    1. Yes.. can mirror boot devices.
  5. Is it crazy if I just create a single raidz3 pool from 20 disks for all services and VMs?
    1. A little crazy.... its a very low performance config. I'd suggest 2 x RAIDZ2s + a spare.
  6. Can anybody suggest VLAN layout for my whole system, except public devices group?
    1. Whatever works for you.... but remember the administrator.
  7. How about anti-virus and anti-hacking from secondary side devices? For example, how to prevent virus and attacking from my wife laptop to my NAS?
    1. Get a solid prenup...:smile: Most of the virus attacks or on the client/Windows side. You can use Open Source ClamAV or scan the NAS shares from a client. Use snapshots to protect against client machine encrypting or deleting files due to ransomware virus or you forgetting your anniversary date.
Its quite a lot of functionality in 32GB, especially with many VMs. Apps/containers are more DRAM-efficient.

Good luck!
Click to expand...

1/ You will need a way of accessing TrueNAS as a local administrator without going through the pfsense gateway first.​

I think I can access TrueNAS via any device in the same network layer and same VLAN.​

3/ Computing performance of VM inside TrueNAS -> same as Proxmox​

I found this link: PROXMOX VS TRUENAS SCALE: VM PERFORMANCE SHOWDOWN. A little bit slower, I will consider this again.​

4/ Mirror boot devices​

Tks you. This problem has been solved.​

5/ Suggest 2 x RAIDZ2s + a spare​

I will consider this layout. I haven't considered about performance, until now.​

6/ Remember the administrator​

Tks you. This is the most important key point.​

7/ Use open source ClamAV, scan the NAS shares from client, use snapshots.​

Tks you. Belong to ClamAV and snapshots, I will request all user install at least a free AV on their devices.​

8/ RAM.​

16GB/2666 just 18.5$/stick in my local marketplace and can be lower if I spend a little time for seeking. I will upgrade the system memory soon.​
 
MrGuvernment

MrGuvernment

Patron
Joined
Jun 15, 2017
Messages
268
Personally - find a cheap SFF HP or Dell system with a 4th gen or faster cpu and throw pfesense on that. Keep it physical and separate, this way if you need to work on your TrueNAS, reboot it, or do what ever, you are not taking down internet for everyone...

Just think of a time when your TrueNAS goes down for what ever reason and you have the wife and family complaining they have no internet...save the headaches ;)

Also, that is a lot to run on 32GB of ram and using 26 x 500GB 2.5 drives? Also, most 2.5" drives arent designed for heavy workloads..(assuming these are off the shelf normal laptop drives...)

VLANs - if you want better security, segmentation segmentation segmentation!

How deep you go, well that can get ugly.

1. Internet facing services like websites / reverse proxies - DMZ VLAN (you could just use HAProxy in PFSense)
2. Storage systems - own vlan
3. IoT devices - own vlan
4. End user devices - own vlan
5. Management network - own vlan...

It can be messy quick. Then doing proper rules of block all by default, and only allowing access between VLANs for what is required (source/dest/port/protocol)

Also, how much traffic do you plan to put through the network, PfSense is good up to about 10Gbps then FreeBSD starts to show slowdowns, ideally you use a managed switch and let it handle your routing and get wire speed between vlans.
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
phamthinh1368 said:

1/ You will need a way of accessing TrueNAS as a local administrator without going through the pfsense gateway first.​

I think I can access TrueNAS via any device in the same network layer and same VLAN.​
Click to expand...

Just make sure its direct and not via pfsense...... if the pfsense VM has a problem, how would you fix it?
 
You must log in or register to reply here.

Similar threads

DaSnipe
Tunables inside TrueNAS Scale - Need to modify rc.conf for OpenVPN server access to local network
Replies
11
Views
5K
newguy123
N
R
True NAS Scale with Traefik K8s Gateway combo behind another proxy
Replies
4
Views
2K
truecharts
truecharts
F
Does Scale have a "full backup" like Home Assistant? (Including all apps?)
Replies
6
Views
2K
majorgear
M
F
TrueNAS SCALE server crashing (suspected Kernel Panic)
Replies
0
Views
135
felix920506
F
chk
SOLVED How to configure TrueNAS Scale as home NAS with HDD spin down
2
Replies
35
Views
30K
joeschmuck
joeschmuck
Top