At the moment, I am using a single Dell Optiplex 7010 box as a multipurpose server: it runs OpenBSD and a lot of its base applications (relayd
for reverse proxying, httpd
as a HTTP server, pf
as a firewall, etc) and some from the ports tree (like nsd
for an authoritative NS, unbound
for LAN DNS, …). It also runs a single Alpine VM inside that in turn hosts some dockerized apps (like Lemmy :-))
This setup is suboptimal, as OpenBSD’s virtualization support is still in its early stages, so I wanted to make a defining change: move OpenBSD + all base stuff to a separate ‘firewall’ box and dedicate my 7010 to be a docker host (probably installing alpine linux directly).
My question is: what hardware can you recommend for the OpenBSD box? I would want something with low power consumption. It does not have to be beefy, most of the resource-hungry stuff will probably be on the docker box. One thing though: it would be nice to be able to handle gigabit network throughput for the future.
I have been looking at APU2 boards, Raspbery Pi 4B (I am not sure about the OpenBSD support, though), Intel NUCs, and also Dell Optiplex micros and minis. It would be great to get away with a budget below €100. Thanks in advance for any insight!
A Lenovo m720q with a PCIe riser for your NIC. Try to get on with the 8th gen i5. These typically go for ~$100USD on hardwareswap, and a bit more in ebay.
You can also add a m.2 A+E network card to a dell or HP. The 720q is the best IMO over all but if you just need WAN/LAN and some basic routing there are plenty of low cost 1l PC’s.
The m.2 A+E card/adapter replacing the wifi card is new to me. Very cool.
It’s a great and easy way to take a thin client or older SFF 1l PC and turn it into a high performance router for often less than the cost of an SBC. And often has better features like virtualization so you can run multiple applications.
Wow, that’s cool. Is that an Intel based nic, driver support is good?
The 10g sfp+ are mellenox connect x3, the rj45 is a 2.5g realtec. There are Intel based m.2 A+E cards but they are hard to find.
I have not had any issues with realtec on proxmox or PFsense.
Thanks, I haven’t considered ThinkCentres much yet. I should have mentioned that I am located in Central Europe, so I am a bit more limited on options where I can get hardware. I am a bit worried about shipping costs when ordering from abroad.
I found an offer for an M700 tiny with an i5-6500T, 8GB of DDR4 RAM, and an SSD included, for €120. Is that in a similar ballpark as the M720q you mentioned?
Honestly, I don’t think I am likely to find 8th gen i5 boxes in my area (haven’t seen any adverts so far).
With what @infinitevalence recommended I think the M700 is a good inexpensive option if you don’t mind doing some work on the case to hack in another ethernet port. Something like this would even get you 2.5Gbe: https://www.aliexpress.us/item/3256804495748525.html
It’s Realtek, but there appear to be OpenBSD drivers. That exact one will not work with the headers hanging off the back of the card (that end of the card is right behind the power button in the front corner of the PC). But if they were desoldered and replaced with vertical headers it would work perfectly. There might be something similar with different connectors, or a 1Gbe Intel card available.
I have a spare M700 that I just opened up to take some measurements. There is ~4mm space above most of the m.2 wifi card with the drive caddy installed, or ~18mm with the caddy removed. Even with the caddy installed there is that ~18mm open space above the back 5-6mm of the card, so a vertical connector there would work , but would conflict with the install/removal of the drive caddy since it slides toward the front of the case to remove. further modification would be needed to use them together.
At the back there is ~50mm side-to-side space between the fan exhaust and ethernet port. Only 32mm if you only take up the space of the accessory video port. In that width you have ~15mm vertical space (above the row of ports at the bottom), and ~32mm depth (from the inside of the case back to the back of the SATA connector for the 2.5" drive). You would basically just need to enlarge the optional extra video/serial port opening.
You could even fit a multi-port interface at the back, up to 50mm wide. But you wouldn’t be able to use the case screw any more since it’s in that space. And you would need to cut the tab it screws into off the case’s top cover. But the case should still close ok because of the way it slides into place.
Now I’m thinking about ordering that adapter for my own machine to hack in a 2.5Gbe port.
Thanks for the tips and your measurements!
The m700 is a fine box, but doesn’t have the PCIe slot for an add in nic. This would limit it’s utility as a router box. Even a m720q with a pentium would work well as a router box.