Building a Home Mini Host Service: Practical Experience (Part Two)

Preface#

This article only introduces how to meet my own essential needs mentioned in the first article. Messing with routers often ends "without a diagnosis" (the usage here is not correct, but it roughly means that), what suits you is the best.

The OpenWRT firmware continues to be updated intensively on some well-known Entware Forum.

Underlying Virtual Machine System#

Bare-metal virtual machines: Virtual machines installed directly on physical hardware, including VMware ESXi, PROXMOX, Microsoft Hyper-V/Windows Hyper-V.

Common bare-metal virtual machine comparison chart, source from the first reference link

Hosted virtual machines: Virtual systems running on a host machine, including VirtualBox, VMware Workstation.

I came here to tinker, and since PVE is developed based on Debian, I chose PVE.

The basic services, which are the installation of PVE+iKuai+OpenWRT+LXC, mainly refer to the video N100 Install PVE8.0, Integrated Graphics SRIOV, Integrated Graphics HDMI Passthrough, All In One Caregiver Tutorial, iKuai+OP+Black Synology+Win11+Private Streaming.

PVE#

The reason I mention this is that I didn't know that PVE is now developed based on Debian 12. My essential need, 1Panel, also needs to be installed based on Ubuntu/Debian, so whether to install 1Panel directly on PVE became my first dilemma.

After consulting the 1Panel group chat, I got the answer: use LXC to achieve a minimal installation of Docker.

LXC containers are generally considered to be something between chroot and fully mature virtual machines. The goal of LXC is to create an environment as close to a standard Linux installation as possible, without requiring a separate kernel.
LXC is a lightweight virtualization technology that allows multiple independent systems to run on a single physical machine, each with its own processes and network space. Unlike traditional virtual machines, it does not require hardware emulation, making it more efficient and consuming fewer resources.

In the actual operation of PVE, select the template button in the CT template of the data center-pve-local(pve), and you will see it.

iKuai Flow Control + OpenWRT Dual Soft Router#

iKuai is very stable and simple, but its ecosystem is not as rich as OpenWRT.

The N100 host device has two network ports connected to the router, one for the fixed management port and one for connecting to the network.

The management address of PVE, the backend management address of iKuai, and the management address of OpenWRT can be fixed through MAC binding in the router's management interface.

The iKuai gateway is set to the original router gateway, and the DHCP server is set up to manage the IPs in the local area network. The OpenWRT gateway is set to the iKuai address, and the DHCP service is turned off.

In actual testing, it was found that using OpenWRT for all devices to achieve scientific internet access was inconvenient and prone to problems, so two DHCP servers were finally set up to achieve a division between scientific and non-scientific access.

The gateway for the scientific network segment points to the OpenWRT address, while the non-scientific network segment gateway points to iKuai. The number of available IPs in the scientific network segment matches the number of devices needing internet access, so new devices joining will not accidentally gain scientific access.

When needing to add or reduce devices, simply modify the IP at the junction of the two DHCP segments.

The effect that can be achieved here is that specified devices can connect to the world directly without opening any VPN software. Although other household devices go through iKuai once, the actual impact is minimal.

1Panel#

Most services that one wants to tinker with can be installed through the 1Panel panel. In the PVE 8.1 Debian 12 LXC template, after booting, you only need to install curl to perform a one-click online installation.

apt-get update -y && apt-get install vim curl -y && curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && bash quick_start.sh

Here, I note that I was too foolish; I forgot to replace and open the 1Panel panel port when installing the UFW firewall, and couldn't access the 1Panel panel, having to reinstall several times. It was really silly.

At this point, the Qinglong and qd-qiandao mentioned in the first article can be easily deployed. The migration of the qd sign-in framework is a bit tedious and requires some tinkering.

Collected Tinkering Ideas#

Below are some "possibly okay" home services collected from various sources, mainly from v2, organized by AI. The content has not been checked in detail and is for reference only.

The next article will share some fun and stable home services, which will be published only after at least two weeks of stable use.

OpenWRT: Open-source router firmware, includes V2ray Server, OpenClash, AdguardHome, MosDNS, Caddy reverse proxy, UU accelerator, KMS, WOL, and more.
V2ray Server: V2Ray, an excellent open-source network proxy tool that helps you enjoy the internet, aiming for a better network.
OpenClash: OpenWRT client for Clash, used for network proxy.
AdguardHome: Home network ad and tracking protection tool.
MosDNS
Caddy Reverse Proxy: Using Caddy for reverse proxy.
Transmission + PT Seeding + Flood + Transmission-Tracker-Add: These tools work together to provide a complete PT download and management solution. Transmission is used for downloading, PT Seeding for automatic seeding, Flood provides a beautified UI, and Transmission-Tracker-Add is used to add trackers.
Alist + Xiaoya: Alist is a cloud storage tool based on Alibaba Cloud Drive, and Xiaoya is a movie resource library based on AList. Together, they can provide a complete movie resource solution.
Aria2 + Ariang: Aria2 is a download tool that, when paired with Ariang, can provide a complete download and management solution.
Bitwarden + Vaultwarden: Bitwarden is a password manager, and Vaultwarden is the open-source implementation of Bitwarden. Together, they can provide a complete password management solution.
Trilium: Note-taking tool.
Gogs + Soft-Serve: Gogs is a tool for managing git repositories, and when paired with Soft-Serve, it can provide a complete private Git service solution.
Pastebin: Tool for pasting code and logs.
Portainer + Harbor: Portainer is a tool for managing Docker services, and when paired with Harbor, it can provide a complete local Docker hub service solution.
MT-Photos: Lightweight photo management tool.
NAS-Tools: Automation media download scraping and hard link tool.
Plex + Jellyfin + Emby: Plex, Jellyfin, and Emby are all media center tools, choose based on personal preference and needs.
Lychee: Photo album tool.
iCloudPD: Tool for backing up iCloud.
Restic + Rsyncd + Rsnapshot: Restic and Rsyncd are both backup tools, and when paired with Rsnapshot, they can provide a complete scheduled backup solution.
VerySync: File synchronization tool.
Rclone: Cloud storage synchronization tool.
Cloudflared + Tailscale + Bind + Gaoyixia + Frp + Snowdreamtech/Frps: These tools work together to provide a complete internal network penetration and networking solution. Cloudflared relies on Cloudflare Zero Trust, Tailscale provides internal networking, Bind is used for internal domain name resolution, Gaoyixia provides internal penetration services, and Frp and Snowdreamtech/Frps work together to provide remote control and internal penetration.
Adguard Home: Iptables hijacks DNS, its upstream is then DNS over HTTP, preventing hijacking by ISPs.
MosDNS: Tool for doing DoT/DoH/DNS shunting.
Pi-hole: DNS service tool.
Wireguard + Stilleshan/DDNS-Dnspod: Wireguard is a VPN tool, and when paired with Stilleshan/DDNS-Dnspod, it can provide a complete VPN and DDNS solution.
ROS: Dial-up, DDNS, DHCP, Wireguard, OpenVPN, DNS shunting, and other functions.
Traefik: Reverse proxy gateway, digestAuth, automatic SSL.
Speedtest: Internal network speed testing service.
Dendrite + Element-Web: Dendrite and Element-Web together can provide a complete LAN IM solution.
AliyunDrive-WebDAV + Rclone Serve WebDAV: Alibaba Cloud Drive WebDAV service, paired with Rclone Serve WebDAV can provide a complete file sharing solution.
NocoDB: Tool for quickly generating REST APIs.
Uptime-Kuma: Monitoring (network latency/SSL certificate) tool.
Grafana + Prometheus: Grafana and Prometheus together can provide a complete monitoring metrics visualization solution.
Shinobi: NVR tool for monitoring plant status (like mice/birds).
Cockpit: Server monitoring tool.
Navidrome: Music listening tool.
OSSRS: Open-source streaming media server.
Nginx Proxy Manager: Gateway entrance, proxy server tool.
Gost: Proxy tool.
NPS: Internal network penetration tool.
OnlyOffice: Online office suite.
UrBackup: Open-source network backup system.
ChineseSubFinder: Tool for automatically downloading Chinese subtitles.
RustDeskServer-Relay + RustDeskServer-Server: RustDesk's Relay server and main server together can provide a complete remote control solution.
Overseerr: Tool for requesting and discovering new content.
Prowlarr: Aggregator for Usenet and Torrent indexers.
Radarr: Movie downloading tool.
Sonarr: TV series downloading tool.
Tautulli: Plex monitoring tool.
Trojan-Go: Go implementation of the Trojan protocol.
Etherpad: Real-time collaborative editor.
H5ai: Modern file indexing tool.
Laravel+React+Octane+Soketi: Laravel's WebSockets server.
MediaWiki: Open-source wiki software.
VNStat: Network traffic monitoring tool.
Drone: CI/CD platform.
ZeroTier/Ztui: Command line interface for ZeroTier.
Jenkins: Open-source automation server for implementing CI/CD.
Open Media Vault: Open-source Network Attached Storage (NAS) solution.
Javtube/Javtube-Server: Javtube and its server can provide a complete adult content solution.
Boredazfcuk/iCloudPD: iCloudPD is a tool that can automatically download photos from iCloud to local storage, suitable for users needing to back up iCloud photos.
Oznu/Homebridge: Homebridge is a tool that allows non-HomeKit devices to support HomeKit, suitable for users with smart home needs.
BroadlinkAC/Broadlink_AC_MQTT + Koenkk/Zigbee2MQTT + Eclipse-Mosquitto: These tools work together to provide a complete smart home solution. The MQTT interface of Broadlink AC devices and Zigbee devices can communicate through an MQTT broker.
QBittorrent + MKVToolNix: QBittorrent is a magnet download tool, and when paired with MKVToolNix, it can provide a complete video download and processing solution.
Samba + Calibre-Web: Samba is a file sharing tool, and when paired with Calibre-Web, it can provide a complete eBook management and sharing solution.
Home Assistant + Frigate: Home Assistant is a smart home tool, and when paired with Frigate, it can provide a complete home monitoring solution.
Unifi Controller: Unifi Controller is a tool that can control APs at home, suitable for users with multiple AP devices.
PagerMaid_Pyro: PagerMaid Pyro is a Telegram anti-spam bot, suitable for users needing to manage Telegram groups.
Octoprint: Octoprint is a tool that can control 3D printers, suitable for users with 3D printing needs.
FlightRadar24 + FlightAware + ADSB Exchange: These tools work together to provide a complete flight tracking solution.
GPS-based NTP Server: A GPS-based NTP server can provide a high-precision time source, suitable for users needing accurate time.
Icecast: Icecast is a web radio tool, suitable for users needing to create a web radio station.
Plex + Plex Server + Tautulli: Plex is a media center, and when paired with Plex Server and Tautulli, it can provide a complete media service and monitoring solution.
Jellyfin + Emby: Jellyfin and Emby are both media center tools, choose based on personal preference and needs.
RustDeskServer-Relay + RustDeskServer-Server: RustDesk's Relay server and main server together can provide a complete remote control solution.
RSSHub + Tiny RSS + DIYgod/RSSHub + TTRSS + FreshRSS + Miniflux + Yarr + RSS-Bridge: These tools work together to provide a complete RSS subscription and reading solution. RSSHub is used to generate RSS, while Tiny RSS, TTRSS, FreshRSS, Miniflux, and Yarr are RSS readers that can be chosen based on personal preference and needs. RSS-Bridge is used to generate RSS feeds.
LinuxServer/Smokeping: Smokeping is a network latency monitoring tool, suitable for users needing to monitor network quality.

Some Installation Process Notes#

Integrated Graphics: Refers to a technology that integrates the graphics card within the CPU.
Integrated Graphics (IGP): Refers to graphics integrated on the motherboard's northbridge, commonly seen in older computer motherboards, with lower performance, now mostly obsolete.
Dedicated Graphics: Refers to graphics cards with independent chips, commonly used in modern computers, with strong performance but also high power consumption.
The theoretical power consumption ranking is dedicated graphics > integrated graphics > integrated graphics, while the performance ranking is dedicated graphics > integrated graphics > integrated graphics.
Integrated Graphics SR-IOV, etc.

肥皂的小屋