What type of hardware are you using: Old laptop or computer What YunoHost version are you running: latest How are you able to access your server: SSH
Describe your issue
I will be installing Yunohost on a Proxmox VM instead of a container, as recommended by some of the forum members. I know YunoHost itself is secure enough to a certain level and there are a lot of tweaks to improve it. However, when running the OS on top of Proxmox, does it mess with the security?
I would like to know:
What are the necessary steps to harden a configuration like this (yunohost on a proxmox vm)?
Is this setup even worth doing or should I just install YunoHost on bare metal like itās intended to?
The sole reason I want to install YunoHost on top of proxmox is compartmentalization. For example, I made a script that needs to be run 24/7 and for that I made a docker container. From my knowledge, YunoHost uses bash scripts instead of docker containers, so I donāt want to interfere with that. Itād also be nice to have some extra VMs for miscellaneous things, as long as I can harden the system to a good level.
To throw a monkeywrench in your plans: Iāve been running Yunohost for over five years in containers (also on Proxmox) with no problem.
I see no benefit in running a VM for Linux installations on Proxmox: it only takes more resources from your host machine.
If you still go the VM route: once āinā the VM, it is just like any other Linux installation. Regular security advice applies.
I do think that using either a VM or a container has benefits as opposed to running bare-metal, but that also depends on the resources your machine has (a machine with 1 GB of RAM and two CPU cores will run Yunohost, but is less suitable for running containers/VMs than a machine with 16 GB of RAM and eight cores)
If I understand correctly, if I go the VM route, and I install Yunohost on a Proxmox VM, then Iāll only have to worry about securing Yunohost, not Proxmox.
Regarding your tip, I will consider running Yunohost in a container, and see if it still fits my needs.
Iām new to this game and I donāt really understand how Proxmox works, but Iām eager to learn and improve my skills.
The sole reason I want to install YunoHost on top of proxmox is compartmentalization.
Do you want to have Yunohost separate from (several) other processes, or do you want to seperate out things in Yunohost as well? I ask, because Yunohost tries to ātightly integrateā the offered packages, as seen with SSO for example.
Would that match with your vision of compartmentalization?
In Yunohost Iāll be installing apps that are available in the app store. For apps that are not available in the app store, I thought, a different VM or container could be a good solution to avoid thinkering with Yunohost much.
Yes, that seems reasonable. Yunohost runs on āplain Debianā; as such you could install any software, mostly without harm to Yunohost and its packages.
Doing it the way you propose, youāll be sure there is no risk of ācontaminatingā Yunohost, and possibly interfering with upgrade scripts and what all.