Colin Dean (Nov 02 2024 at 18:51): Colin Dean (Nov 02 2024 at 18:51):My RPi 4-based PiHole DNS system is not performing adequately. Lookups are fine, although running Unbounded as a local resolver can be frustrating because of the time delay inherent in a more privacy-focus DNS configuration. Ultimately, using the admin tool — something I've had to do frequently, frustratingly, because of the slowness issues and incorrect lookups creating HSTS errors — is painful. The log pages take too long to populate and search almost doesn't work.
I'm considering replacing this w/ an Intel Atom N95-based SBC, already acquired & in testing, running Proxmox with a DietPi VM configured with PiHole.
I anticipate the SBC not doing much beyond DNS. Should I ditch Proxmox and install DietPi to the metal? This is my first experiment with Proxmox and it's going _okay_ so far.
I'll probably keep the Raspberry Pi PiHole around as a secondary/fallback in any case. I don't have much of a use for it otherwise at the moment. I might sell it and another RPi4 in a SmartiPi case with display to fund the purchase of a RPi 5 for use as a desktop control panel / monitoring device as I used the RPi4+SmartiPi in the past (its virtual kbd was too cumbersome; this was fixed in the most recent RaspPiOs release!).
Public fediverse thread with this quandary: https://mastodon.social/@colindean/113414533649947543
Thoughts?
Konrad (Nov 02 2024 at 19:34):I have a similar setup inspired by this video:
https://youtu.be/hPfk0qd4xEY?si=j9DO7-1b4-WbXJMD
Basically, I run Proxmox on an old laptop and installed my primary pihole on that inside a VM. That allows me to use the hardware for multiple purposes, but it also provides an easy way to backup the pihole instance by sending a VM backup to my NAS.
My secondary instance is running on a RaspberryPi. If I reboot my proxmox host, keepalived switches the IP to the Pi. If it comes back, the IP switches back as well.
I mainly use the piholes for ad blocking and DNS resolution in my LAN. Ad blocking does not require syncing. The DNS records are synced via Github actions by copying /etc/pihole/custom.list to the target systems and executing pihole restartdns reload.
Overall, the setup works quite well. My router uses the floating IP of the pihole setup for the DHCP responses so that all my non static devices get the right nameserver setups automatically.
Konrad (Nov 02 2024 at 19:37):Besides having redundancy, it also allows to test pihole upgrades on one instance, and if things would break, there would still be the secondary instance. On proxmox, you can even create a snapshot and rollback if necessary.
Raúl (Nov 05 2024 at 17:18):My suggestion: skip Proxmox and VMs for everything you can and use simple containers instead in whatever Linux distribution you feel comfortable with. VMs just add a layer of wasted CPU cycles and memory, are much slower, and a ton more work. I never understood why VMs in Proxmox seem to be the default solution people reach out to. With a VM, you're running an entire operating system, with all the resource consumption and maintenance overhead it entails, and without any real benefit. I have an Intel nuc running more than 20 services with Docker Compose, including pi-hole and adguard home. I cannot imagine having to manage 20+ VMs, with updates, configuration, individual backups, etc.
More to the point of your RPi not performing adequately, unless you have a very large amount of DNS traffic, I'd say something else is wrong there. I have a RPi 2 running pi-hole and it there's no slowdown whatsoever. If you have a 4 and it's performing poorly, I'd say there's probably another bottleneck somewhere. SD card, perhaps?
Raúl (Nov 05 2024 at 17:20):If you try the containers route, this will be useful: https://www.linuxserver.io/
Alex Barnes (Nov 06 2024 at 18:47):Until recently I followed similiar route and just had everything running in docker on an Odroid. But after having to reset up the whole thing multiple times, due to random crashes and updates. I decided to give proxmox a try, and wouldn't go back now.
I have a single VM with docker running and all same containers as before. But I have nightly backups scheduled. So if I encounter an error I can restore from backup extremely easily.
Also like the fact I can quickly spin up and new VM to try stuff out, without affecting the setup that is running all my services in docker.
Adam Stacoviak (Nov 06 2024 at 19:55):Yup VMs are nice for backup and moving around. I have backups going to TrueNAS and can restore a VM on any Proxmox machine on the network that has access to that backup store. Don't hate on VMs.
I can also easily spin up a new VM based on a template that's already primed with a set Ubuntu version, ssh key, Docker, etc.
Raúl (Nov 10 2024 at 09:47):But you can also automate backups with containers.
The only advantage I can see on the Proxmox side (and that's Proxmox only, not VMs in general) is the convenience of clicking a few buttons and having a backup done (which can still be achieved for containers by using one of the many backups softwares available). But that means you're backing up the entire VM, OS included, which is hundreds of orders of magnitude larger than what you need for many (I would even say most) of the workloads you run.
With containers, you mount a directory onto the container as a volume containing the configuration files for the software in the container, perhaps another one for any user-created files, and you just backup those directories. Some of those backups are not even 1 MB. Compared to a few GB for backing up a VM that does exactly the same thing, it just doesn't seem to make sense. Sure, some backups, even if just capturing the mounted directory, will be several hundred GB or even TB, if we're talking about audio or video - but how many of those do you have, versus how many of the config-files-only?
If what you want is the convenience and ease of use of proxmox, there are some backup software that makes it as easy for regular backups, and you just need to select the directories you want.
As for moving VMs around, you can also do it with containers. Just move the mounted directories and possibly a docker-compose.yaml file. That's one of the beauties of containers, they're (mostly) idempotent and fully reproducible with ease.
So by using containers, you'll be saving on disk space, external storage costs (you are keeping a copy of your backups elsewhere, right?), CPU usage by not running a full OS on top of the host OS, and time not spent managing a fleet of virtual machines. This translates to both money savings, and environmental savings. I just don't get it.
Raúl (Nov 10 2024 at 09:51):As for the templates, that would be a docker-compose.yaml file. A few Kb. Also much easier to manage than a full disk image of a VM. And if you want a visual tool to manage it like Proxmox, you can use Portainer or one of the various alternatives.
Last updated: Dec 12 2024 at 16:47 UTC