::: navbar
<div>

[Home](../index.html)

</div>

<div>

[Blog](blog--01.html)

</div>

<div>

[Git](https://renraku.dingo-bramble.ts.net/clement)

</div>

<div>

[CV](../files/CV.pdf)

</div>
:::

------------------------------------------------------------------------

<div>

# LXC and Friends

</div>

With Proxmox in place, I started work on LXC containers. They really are
wonderful. Fast to start up, way lower memory footprint, and much easier
configuration in general. Without the long wait for VMs to fully
install, I have a lot more motivation to set up some stuff I\'ve been
planning.

First up is Wireguard. Wireguard required some fiddling because
Proxmox\'s Linux kernel has not integrated the kernel module. While I
could\'ve achieved this on a virtual machine without altering my
hypervisor, I felt Wireguard was worth it. Wireguard is so easy to set
up and comes with an extremely low latency cost. Now that my Android
device is always routed through Wireguard, I have a lot more options to
secure and experiment with its networking.

Next up is a popular favourite, Pi-Hole. I\'ve always been hesitant
about installing Pi-Hole on a physical device like a RPi or a VM because
it felt like overkill for such a simple application. A containerized
environment is just perfect. I\'ve also wired devices connected to my
Wireguard instance to use Pi-Hole as the DNS server. It was enlightening
knowing what my devices are doing. Side note: Firefox\'s telemetry
service is pretty aggressive if you leave it on.

The last application is Apache Guacamole. This is a rather \"heavy\"
application because it runs on Java Tomcat, but Guac is seriously
amazing. If you\'ve always been worried about securing entry to your
devices, fear no more. With Guac, you can use your browser as the remote
gateway to your internal network. I\'ve never wanted to expose my SSH
jumper to the ravages of the Internet, so Guac allows me to have
2-factor authentication and easy access to my internal network while
I\'m not at home. Why not connect to my Wireguard instance you say?
Mainly because I have not automated adding devices to my Wireguard
instance, so the manual work is still slightly cumbersome. Also, Guac
does not require any specialized remote tools such as OpenSSH or PuTTY;
It only requires a browser that supports SSL.

## The Drawbacks

Perhaps the largest drawbacks of LXC containers when compared to Docker,
is the \"full Linux stack\" available in each container. While some
container templates (Alpine) are slimmer than others, most of my
containers run on Debian. There is work needed to keep them up-to-date,
so this perfectly sets up the environment for me to pick up more
advanced config management. Ansible Level 2, here I come.

------------------------------------------------------------------------

::: navbar
<div>

[Prev](blog-010.html)

</div>

<div>

[Next](blog-012.html)

</div>
:::

> Do not pity the dead, Harry, pity the living. And above all, those who
> live without love.\
> - Albus Dumbledore