At the moment, I am using a single Dell Optiplex 7010 box as a multipurpose server: it runs OpenBSD and a lot of its base applications (relayd
for reverse proxying, httpd
as a HTTP server, pf
as a firewall, etc) and some from the ports tree (like nsd
for an authoritative NS, unbound
for LAN DNS, …). It also runs a single Alpine VM inside that in turn hosts some dockerized apps (like Lemmy :-))
This setup is suboptimal, as OpenBSD’s virtualization support is still in its early stages, so I wanted to make a defining change: move OpenBSD + all base stuff to a separate ‘firewall’ box and dedicate my 7010 to be a docker host (probably installing alpine linux directly).
My question is: what hardware can you recommend for the OpenBSD box? I would want something with low power consumption. It does not have to be beefy, most of the resource-hungry stuff will probably be on the docker box. One thing though: it would be nice to be able to handle gigabit network throughput for the future.
I have been looking at APU2 boards, Raspbery Pi 4B (I am not sure about the OpenBSD support, though), Intel NUCs, and also Dell Optiplex micros and minis. It would be great to get away with a budget below €100. Thanks in advance for any insight!
The PC Engines APU2 boards are really great for this in terms of routing performance per watt, but the prices are up. If you can find a used one it might be possible. I use one for routing and a Lenovo ThinkCentre M700 tiny as a server. The M700 is around double the power consumption at idle, but they are both pretty low power. On 120v the APU2 is ~5w, and the M700 is ~10w when idle.
There are a couple of Celeron N2830 fanless mini-pc router options on aliexpress for under €100. It’s 2 core vs the APU2 4 core CPU, but it’s faster per-core, so it should do basic gigabit routing without too much trouble (the APU can do it with OPN/pfSense, but only with some tuning).
And that’s where I think you may have some trouble. I expect OpenBSD will be slower on the network than those FreeBSD-based distributions. And they max out at gigabit on the APU2 platform. But you could always decide later to switch the OS if you need gigabit performance.
Thanks for these insights! Gigabit is of secondary priority at the moment, just a nice to have. Maybe in the future I would break things up even more and have a dedicated firewall with minimal resources, then this machine I am planning on getting now would be a dedicated OpenBSD based server for proxying, load balancing, etc (basically everything I can do easily on OpenBSD without docker) and finally I would also have a stronger box for several docker services.