I run my production Jellyfin server and a few other services on a Optiplex sff computer with a thicc hard drive and a low profile GPU.

I want to build two more of these with thicc Hard drives so that my parents and my in-laws can have a local Jellyfin instance that I manage remotely and they just need a box plugged in somewhere at their homes.

Is it possible to make Proxmox build a VPN tunnel on boot so I can just have it in my cluster dash. Like using tailscale or openvpn.

Or am I going to have to go with my original plan and put that on the same box as the Jellyfin server and then just VNC in?

Any tips or ideas?

  • AtariDump@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    2 months ago

    Are you ready to be tech support for when the “weird box in the corner” stops working?

    And there’s no mention of how far away these people live; the further away the less likely I setup something like this. I have no desire to try and fix a bootloader issue from 1,000 miles away just to waste several hours and have to ship them a new X.

    I know this because I’ve done it, and I wouldn’t do it again. If someone doesn’t specifically ask for a home hosted solution (and have some sort of technical knowledge), I never offer a home hosted solution.

    • nagaram@startrek.websiteOP
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      2 months ago

      15 minutes drive to my MIL and 4 hours to my own Mom.

      My dad used to do tech support and wants to learn some of this stuff while he’s recovering from surgery and I’m at my MILs several times a month anyways. So it all works out. Also it’s only fair as the FIL has helped me do so much with my car over the years I wanted to pay them back and he likes movies more than me.

  • pezhore@infosec.pub
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    Speaking as someone who has recently taken on a far-remote (e.g. about 22 hour drive away) support for a MIL, the best thing you could do is set up a VPN.

    1. It works both ways (typically) so you can easily remote in to their system when they’re on the VPN for updates/troubleshooting
    2. it minimizes the hardware “on-site” at their location
    3. Depending on your VPN client, it can have an easy to use GUI, further lowering the barrier if your remote person is tech-inept

    For me, I’m still on Plex with a very old lifetime account with my MIL using a dedicated user account - that access is over the Internet. The VPN is to provide access to Overseerr so that she can do things like request specific movies/TV shows without having to email/call.

    It’s not perfect - one day I woke up to 26 seasons of “Into the Country”, but it works fairly well.

    I sat down with her one day while visiting about a year or so ago and walked her through connecting to the VPN, then getting to the hosted site, then disconnecting from the VPN - basically running drills and making her take notes until she felt she could do it by herself.

    • nagaram@startrek.websiteOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      That’s not a bad call.

      There’s fortunately pretty tech literate people at both locations. I can walk them through most of it with very little a long the lines of finger puppets and crayons.

      • pezhore@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        We were visiting for about a week and I think it took three separate days, about 20 minutes each day before she felt comfortable doing the VPN stuff herself.

        It was definitely painful, but if you’re patient, it’s doable.

        Good luck with whichever option you choose!

  • oldfart@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 months ago

    I like to leave ssh over tor hidden service on remote boxes. It’s pretty resilient and can serve as emergency access for when something happens to the VPN. Not a great primary access method because of the latency.