6 min read server

Chapter 2: Shopping list, setup plans + testing

Here is the current idea hardware wise:

Category Component Specifications CHF Notes
Case Intertech 4U-4410 130.-
Processor AMD Ryzen 7 7700 8C/16T, 65W TDP 200.-
Motherboard ASRock Rack
B650D4U3-2L2Q/BCM		 ??W, Dual 25GbE 591.-
Graphics Intel Arc A750 QuickSync, ~45W 200.-
Cooling Noctua NH-U9S - 65.-
Memory 64GB DDR5-4800 ECC
UDIMM		 ECC for data integrity 170.-
Power Supply Seasonic Focus
GX-750		 750W, 2x PCIe
8-pin needed		 100.- Gold
or Platinum
Storage
Controller		 LSI 9305-16i 10W 120.- ⚠️ Hard to find
in CH
Boot Drive 2x 500GB WD Red SN700 write speed: 530 MB/s. 108.-

The intertech case would then be built into my Digitus DN-19 16U-6/6 .

I already own a bunch of WD red disks which I can move from the NAS for storage, as well as some managed and unmanaged switches which I will try to leverage.

I would assume this would result in about 130-150W (see watt from table above + 6 (WD red pro) * 4.1) use on low load, which would be similar to my current setup but at much improved performance.

Software wise I'm most likely going with; 

Proxmox 9 (2 cores, 4GB RAM)
 - VM1: Router (Vyos)
   - 2 cores, 4GB RAM
   - SFP28 in (WAN)
   - SFP28 out (LAN)
   - DHCP Server
   - Security (iptables + ntopng)
 - VM2: NAS (TrueNAS)
   - 4 cores, 32GB RAM
 - VM3: Server
   - 6 cores, 24GB RAM
   - Fedora Server, hosting docker containers and else, or maybe check out IncusOS)
💡
I'm still debating whether the VM2 + VM3 split makes sense. Here's my thoughts: If I want access to the RAID drives, then I need to go from VM3 through VM2 through a network layer. This is not ideal, and then I'll end up with two docker stacks again.
I see two possible alternatives:

- Drop VM3: Have all the docker containers run in Truenas
- Drop VM2: Do I even need a GUI interface for browsing data and the other "NAS" features? I might as well just stick with fedora.

In a sense either of these would be more aligned with this "hyperconverged" idea.

Migration Path

1. Build Hardware
2. Router 
3. Switch from 10Gbits to 25 in coordination with init7
4. Migrate NUC
5. Migrate NAS

Hopefully each phase will be planned out well enough, so it takes a max of 0.5 day downtime.

Installing Proxmox

Follow the install guide here:

https://pve.proxmox.com/wiki/Prepare_Installation_Media

Install to disks, make sure you have network connectivity, then add a vyos image.

Installing Vyos

Loosely inspired by this guide:

Running on Proxmox — VyOS 1.5.x (circinus) documentation

1. scp vyos-2025.11.11-0020-rolling-generic-amd64.iso root@192.168.1.20:/var/lib/vz/template/iso/

2. click on pve with right click and select shell

3. cd /var/lib/vz/template/iso/; qm create 200 --name vyos --memory 2048 --net0 virtio,bridge=vmbr0 --ide2 media=cdrom,file=local:iso/vyos-2025.11.11-0020-rolling-generic-amd64.iso --virtio0 local-lvm:15

4. start with qm start 200

5. login via proxmox console and vyos/vyos and run install image

6. after install remove installation iso

7. fix boot order to new installed disk: qm set 200 --boot order=virtio0 – > reboot qm reboot 200

Testing Vyos

I will try buy parts second hand if possible as I'm on a tight budget, so it might take a while before I can start with the router. In the meantime I did some testing.
I have an old Thinkpad T580 sitting around. I take the built-in Ethernet port as WAN and use a dongle to create an outport, this way I can try some tests by connecting my computer to it and have it on run through the Thinkpad. This works quite well, here is my full config so far: 

set interfaces ethernet eth0 address '192.168.1.189/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth0 hw-id 'bc:24:11:a2:c0:ec'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth1 address '192.168.100.1/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 hw-id 'bc:24:11:3c:ed:01'
set interfaces loopback lo
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '192.168.100.0/24'
set nat source rule 100 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.100.0/24 option default-router '192.168.100.1'
set service dhcp-server shared-network-name LAN subnet 192.168.100.0/24 option name-server '192.168.1.2'
set service dhcp-server shared-network-name LAN subnet 192.168.100.0/24 range 0 start '192.168.100.10'
set service dhcp-server shared-network-name LAN subnet 192.168.100.0/24 range 0 stop '192.168.100.100'
set service dhcp-server shared-network-name LAN subnet 192.168.100.0/24 subnet-id '1'
set service dns forwarding allow-from '192.168.100.0/24'
set service dns forwarding listen-address '192.168.100.1'
set service dns forwarding name-server 192.168.1.2
set service https api graphql
set service https api keys id fastapi key '*******'
set service https api rest
set service ntp allow-client address '127.0.0.0/8'
set service ntp allow-client address '169.254.0.0/16'
set service ntp allow-client address '10.0.0.0/8'
set service ntp allow-client address '172.16.0.0/12'
set service ntp allow-client address '192.168.0.0/16'
set service ntp allow-client address '::1/128'
set service ntp allow-client address 'fe80::/10'
set service ntp allow-client address 'fc00::/7'
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vyos-test-router'
set system login operator-group default command-policy allow '*'
set system login user vyos authentication encrypted-password '*******'
set system login user vyos authentication plaintext-password ''
set system name-server '8.8.8.8'
set system name-server '8.8.4.4'
set system option reboot-on-upgrade-failure '5'
set system syslog local facility all level 'info'
set system syslog local facility local7 level 'debug'
set system time-zone 'Europe/Zurich'

I also did some tests with the firewall, didn't commit it though. Works quite well.

Shout out to

Posts - Level Zero Networking
Level Zero NetworkingR C

which has some great getting started sections

Here's some vyos resources + tips:

  • I use the rolling release because vyos licensing is weird for personal use
  • most useful commands are:
    • configure
    • show configuration
    • commit
    • commit-confirm 5 + confirm --> commits so you can try out your changes, and then you need to type confirm to make them permanent. This way you can test without getting locked out
    • save
    • run your_command_here --> use normal shell commands in configure mode

I got tired of typing single commands, hence I setup a deployment file like so:

deploy-vyos.nu
GitHub Gist: instantly share code, notes, and snippets.
Gist262588213843476

Usage

# Export current VyOS config to local file
nu deploy-vyos.nu export

# Deploy configuration (interactive with safety - you need to confirm changes)
nu deploy-vyos.nu

# Show diff between local and remote
nu deploy-vyos.nu diff

# Test SSH connection
nu deploy-vyos.nu test

# Pass custom config
nu deploy-vyos.nu --config-file my-config.txt --host 192.168.1.1 --timeout 10

What's next?

I will go on a long vacation, and check second hand places for sourcing parts. Wish me luck. Might take a while until I have everything together.

Want to help? Let me know if I'm on the wrong path, or how I could improve this setup. Thanks

Published by:

Joris

You might also like...

16
Nov

Chapter 1: Building a hyperconverged router, nas, home-server

2 min read