Self Hosted - Self-hosting your services.

14519 readers

24 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate. This is strongly encouraged!

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 4 years ago

MODERATORS

Zoe8338@lemmy.ml

dogmuffins@lemmy.ml

testman@lemmy.ml

[Question] For running Samba on a Debian host, what's the better solution? Native, LXC container, or VM? (lemmy.sdf.org)

submitted 11 months ago* (last edited 11 months ago) by xapr@lemmy.sdf.org to c/selfhost@lemmy.ml

10 comments fedilink hide all child comments

My environment is a (freshly installed) Debian server with ZFS pools. I would like to store files in ZFS and share them using Samba.

My question is which is better from efficiency, effort, and security (for the host) perspectives? Running it natively on the bare-metal Debian host, running it in an LXC container, or running it in a VM? Why do you think one way is better than the others? I'm pretty familiar with VMs, but don't have much experience or knowledge of containers.

This is what I'm thinking at the moment, but I would appreciate any feedback:

Natively: no resource overhead, medium admin overhead (manual Samba configuration), least secure(?)
LXC: small resource overhead, least admin overhead (preconfigured containers and/or reproducible configs), possibly more security than native(?)
VM: most resource overhead, most admin overhead (not only manual configuration, but also managing virtual disk [including snapshots, backups, etc]), most secure

you are viewing a single comment's thread
view the rest of the comments

[–] HybridSarcasm@lemmy.world 2 points 11 months ago (1 children)

Right. You kind of want your bare metal OS as vanilla as possible. If you need to nuke and pave, you don’t need to worry about re-applying various configs. Additionally, on a theoretical level, if there’s a bug in something on the bare metal OS, the separation provided by VMs and containers should mean it doesn’t affect the the apps in those VMs / containers.

That seems easier - at least to me - than keeping track of configs in text files or even Ansible playbooks.

[–] xapr@lemmy.sdf.org 1 points 11 months ago

Thank you, that makes sense. I figure that separation provided by VMs and containers is also a security advantage, in case the software in them has vulnerabilities.