this post was submitted on 18 Sep 2023
53 points (92.1% liked)

Selfhosted

40858 readers
1085 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I have friends and relatives that would like to do some memory and compute intensive tasks, but lack the hardware locally. I have loads of ram doing nothing and a little compute to spare. Is there a way for me to set up some service accessible to them that would allow them to spin up VMs, similar to Linode or DigitalOcean? I know letting outside access to a proxmox server would be disastrous. I guess I could setup a VPN server into a virtualized proxmox server? Would rather find a way to point them to a url with a username and password and have them able to use my server as their vps like AWS or Linode.

all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 28 points 1 year ago (1 children)

This is opening a can of worms. Are you going to be their support person? What if one person destroys the environment and someone elses work?

[–] snekerpimp 7 points 1 year ago (3 children)

Exactly, I can’t let two users into the same VM server as administrators, like you said, they could manipulate other user’s resources. The front end to online VPS sites kinda give each user a cordoned off sandbox of resources to play in. Maybe if I gave each their own virtualized proxmox instance they could VPN into?

[–] [email protected] 8 points 1 year ago (2 children)

You might want to try Openstack. It is set up for running a multi-tenant cloud.

[–] snekerpimp 2 points 1 year ago

Heard of this. Need to look into devstack. Thank you for putting it back on my radar

[–] [email protected] 1 points 1 year ago

This is the way.

[–] [email protected] 3 points 1 year ago (1 children)

It can be done. It's not worth the work involved. You could firewall off the two proxmox instances from each other and your own network. Then allow VPN access into the environment. You'll have to allow the machines access to the Internet to get software updates. The moment you do that you're opening the door to them making an outbound tunnel to make services publicly accessible. Then you've got every bot on the internet scanning your services for vulnerabilities/exploits.

[–] snekerpimp 1 points 1 year ago

Access to the outside world is where I start to not know what to do. If this was just locally run, I know how it would try and attack it, but the fact they they have to have access to the internet, that’s a hurdle I do not know how to get over.

[–] [email protected] 1 points 1 year ago

I mean you could. Shell accounts did this back in the day but yes users could still abuse the system.

[–] bfg9k 28 points 1 year ago (2 children)

The moment you start charging for access to your hardware you have to start signing SLAs, have documented backups available, have a support team on hand, it's just a nightmare. Would not recommend.

[–] Molecular0079 19 points 1 year ago (1 children)

OP might not be looking to make a full paid service considering he's just doing this for friends and relatives.

I get the sentiment though. I run a Jellyfin server that I share with a few friends and some of them have flat out told me that I should start charging for it. I refused because getting paid for it just sets up an expectation that it will be reliable and have all the stuff that they want. Personally, I don't want that kind of pressure. I want to be able to tweak the server and install new things / updates without worrying about uptime.

[–] [email protected] 7 points 1 year ago

I tell my friends that my SLA for my media server is Shit's Likely Available just so they understand that I give it out of generosity and don't want anything in return. The bonus is that keeping brutally honest upfront likely means less risk of me ruining someone's Friday movie night.

[–] snekerpimp 6 points 1 year ago (1 children)

Was not looking to make a paid service, was just trying to help my dad out and my friend learn without them paying a VPS company.

[–] [email protected] 1 points 1 year ago

i understand they don't want to pay, but would $12.00 for a full year be cheap enough to consider? ovh has a new customer deal going for 2gb ram/20gb storage vps. $0.97 a month for the first year, and you can add up to ten of those to a single new account.

[–] [email protected] 6 points 1 year ago

I know you're trying to go full self service but that's likely overkill and given your limited resources you should maintain some control.

How about setting up resource pools in proxmox? You can permission accounts so that your dad and your friend only have access to manage the vms in their resource pool. You would need to create the vms/containers for them and assign to the pool but that would be the extent of your involvement. But that would allow you to maintain a certain level of control over your environment.

To be clear you'd just be creating the vm. They could do the actual os installs and whatnot provided you permission the pool properly.

[–] [email protected] 5 points 1 year ago

I would just set up a separate VM for each of them and let them SSH/VNC in. Don't think they'll be doing anything that requires them to destroy and recreate their Virtual Machines constantly right?

[–] [email protected] 3 points 1 year ago

Give them a user account and let them ssh in.

[–] thefactremains 1 points 1 year ago

Maybe caprover gets you close to this?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
SSH Secure Shell for remote terminal access
VNC Virtual Network Computing for remote desktop access
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

4 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #145 for this sub, first seen 18th Sep 2023, 11:55] [FAQ] [Full list] [Contact] [Source code]