I use OpenWRT as a router to route traffic for the VMs in the different VLANs i assign them to. I want them to have their own isolated network, but also be able to access the internet.
Im in the process of learning more firewall rules and restricting them further.
Since I want to connect to my homelab from outside my house, but dont want to expose neither of the proxmox dashboards, I'll only expose a VPN tunnel. That way, it will be as if I'm on my usual LAN network inside my house and dont need to expose anything to the Internet.
I bought a simple Raspberry Pi 4 with only 1Gb to serve as the VPN server, which is running Wireguard and is connected to the same switch as the mini pc's. Its running Raspberry PI OS Lite headless, using 90Mb of RAM on idle. I installed the Wireguard VPN via PiVPN. Im still debating on wether to install WGDashboard to have a prettier interface to manage the VPN, although it doesnt need much GUY management at all.
I've yet to measure the power draw from both the minipc's on idle when they are turned on but with no VMs running.
Either way, they will for sure consume less energy if they are in a Wake on LAN mode.
That basically means that when I'm done with them I'll just shutdown now them, but they'll be able to be powered ON by another device.
That device will be the Raspberry Pi running the VPN, since he will be on 24/7. On it, I just have to run wakeonlan device:mac:address and the mini pc will boot.
Wake on LAN utility
Setting up the devices to be Wake On LAN ready is pretty straightforward. I just referred to Dell's user manual. Keep in mind to disable the options they tell you to disable. Optiplex Wake On LAN
In an attempt to reduce the effective power draw form the CPU, since im not focused on very performant scenarios/deployments, I've used the scaling-governor script to my cpu scaling mode to powersave.
For a while i thought about implementing a fancy prometheus or influxDB (which is natively by proxmox) metrics collection system to then display in a Grafana Dashboard.
That is way overkill. I'm really only interested in the temperatures of the CPU. The homelab will not be serving anyone besides me and my VMs. I just dont want the house burning down.
I just grabbed from the Internet an awk script which basically colors my sensors output, and leave it running in a tmux window which i check periodically. In the future i'll make the window flash something to grab my attention immediately.
The script is here
Grabbing temperatures every 5s: watch -n 5 -c 'sensors | ./color_sensors.awk'
Up until recently I was using no-ip Dynamic DNS service to map a domain to my router's IPv4/6 addresses. My router's ISP even had a dedicated DDNS page to input no-ip credentials.
Anyway, with no-ip you have to manually confirm your DDNS subdomain every 30 days and you can only have one. Very tiring.
Since I had a Cloudflare domain of my own (tiagobarros.xyz), I created two more subdomains for my IPv4/6 addresses there (ex: v4.tiagobarros.xyz) and then used a script to update the addresses that those subdomains point to.
The script is not mine and is available here: cloudflare-ddns-updater
To have this script running all the time, I setup a systemd service and timer. Those files are here. It simply runs the script 1 minute after boot and then every 5 minutes.
The cloudflare update scripts were placed in /usr/local/sbin. Edit those accordingly to your case.