Hello everyone! During one of those illuminated evenings, I got the idea to move my small server in Scaleway to some more powerful server in Hetzner. If I will make the move, I am thinking of splitting the server in various VMs, to host different services that belongs to different trust boundaries, for example:
- A Lemmy/writefreely instance
- Vaultwarden/Gitea
- Wireguard tunnel to my home infrastructure
- Blogs, and other convenience services
In order to achieve the best level of separation, I was thinking of using VMs. My default choice would be Proxmox, because I used it in the past, and because I generally trust it, however I am trying to evaluate multiple options, and maybe someone has good or better experiences to share.
Other options I thought about are:
- Run everything in Docker. I am going to do this nevertheless, but Docker escapes are always possible, especially with public facing images that I did not write myself and/or that require a host volume.
- KVM directly? I am OK even without a GUI to be honest. I am not aware if there is some ansible module or even better Terraform provider for this, it would be great. (EDIT: I found https://registry.terraform.io/providers/dmacvicar/libvirt/0.7.1 which seems awesome!)
- ESxi? I have no experience with this solution.
Any idea or recommendation?
I use libvirt and never found a reason to switch to something else. Easy to script, easy to manage with the gui
Do you use just plain bash to script it? I saw that there is a Terraform provider and that looks actually interesting to me basically similar functionality to proxmox, but less software.
Not parent commenter, but I use ansible + plain bash scripts/virsh/XML definitions to manage my libvirt instances/“cluster”, it just works.
I have been running Proxmox on the side/at work, I like it as well but never took the time to dive in the API/automation side of things. libvirt is simpler but still powerful.
Oh right, there is the XML aspect that I didn’t consider.
I have to say that I very much have a preference for the declarative terraform strategy vs ansible, and I saw that the libvirt terraform provider is quite mature. I have seen that there are even some providers for proxmox (but less mature in my opinion), so it seems that either way the machine definition could be codified and automated. But the thing is, if the machines are all in Terraform code, basically there is no much use of proxmox (metrics are going to be in node exporter, maybe just backups and snapshots?).