Which way to go - NUC - Home Assistant

Okey thanks I got some reading to do.

So for me that havent been doing much with Linux-system the best way maybe a HA-image or VM on Windows. But will read on. The NUC isnt ordered yet.

If I like to use Blue Iris its going to be VM, but. There is many buts here and perhaps with the new system MotionEye may serve my needs with 2-3 cameras at the moment.

:thinking:

Better check the hardware requirements for your use case before buying.
Depending on what you want to do with your camera streams (recoding, motion detection, recording, etc.), you may max out the smaller NUCs quickly.

I have my eyes set on either NUC8i3BEK or *8i5BEK with at least 16GB RAM and 500GB SSD M.2 NVMe.

I did the same for my jump into Home Assistant. It was my first VMs : I made it with a VM for Hass.io and a Container (CT) for a Nginx reverse proxy in order to manage accès from outside with a wildcard SSL certificate. All is fine and ready to support other services : Plex, Airsonic, comics libray, ebooks library, and so on.

Some of my useful links (not all because many are in French…) :

Thanks, I use Nabu Casa for external access to HA and don’t expose any other services externally, but post it anyway as it’s always food for future thought.

Most of my links are in French… but this English one is very comprehensive for Proxmox+HA installation :
Installing Home Assistant using Proxmox - Community Guides - Home Assistant Community (home-assistant.io)

You should know that Intel NUC bluetooth component usually not works in Proxmox. I succeded in some way to compile the linux for it but it was not working well inside HA VM and was lost in linux kernel updates. So I recommend to pay a few bucks for a bluetooth USB dongle.

On my Intel NUC, I had also to work on the SD reader driver, but since then it is OK (useful for my strictly local backups).

Reverse Proxy is may be out of your range and useless if you use Nabu Casa. In my case, it is useful as I project to have several services, each one accessible from outside by a different subdomain address (and behind that each one on a different local IP). I don’t know a comprehensive tutorial for this. You might look at this steps:

  • [coming later]

Been reading and found out that people had problems with usb Z-stick and Conbee when moving from Rpi to NUC.
So my question: Will the Z-stick gen 5 and Conbee II work on VM or Debian? Just plug-in and maybe change the hardware device-path or is it much more complicated?

Sorry, not really an answer to your question but a solution there:

I have not such a problem for my Zigbee stuff… because I use a Zigate dongle which is provided with a Wifi component so my dongle is seen as its own local IP such as a Philips Hue Dongle. That works great with my Home Assistant virtualized on my Intel NUC.

I recommend the NUC8i5BEH, you will have room for another drive just to store camera footage

Thanks for the idea.

I do have a Synology Nas (not one that I can do Docker on) that my plan is to store Camera footage on.

So Z-stick/Conbee: VM or Debian?

THE PRINCIPLE

Your home has only one public (IP) address.
The domain provider of your choice will transfer every connection to any of your subdomains exclusively to your proxy machine.
Your proxy machine will manage the distribution of the connections to every service installed at your home according to their respective subdomains addresses (of your choice) and services machines local IPs (to be static in order to be unchanged as you will have to writt these local IPs in the reverse proxy configuration files).
As the reverse proxy machine will manage any entering connection, a SSL wildcard certificate will authentify at once all the subdomains adresses of you domain and thus all connections from outside to any oy your subdomains/service machines will be recognized as compliant https connections.

THE QUITE GENERIC REVERSE PROXY PART

I can publish my config files if there is a demand.

SSL CERTIFICATE PART IN ORDER TO MANAGE SSL CERTIFICATE TO MULTIPLE
OVH SUBDOMAINS=>SERVICES AT ONCE (WILDCARD CERTIFICATE) INSIDE THE PROXY SERVICE

  • I own a domain by OVH for 2€/yr - I can’t tell what to do with other providers… but the principle should be the same… and Google is full of dedicated tutorials.

  • I chose to go for a “DNS challenge” for the certificate, which go through the provider DNS with the help of a provider API, so that to prevent from letting a port opened to enable the challenge check periodically.

  • Here is a quiet comprehensive article for the installation of the SSL certificate on the Nginx Host:
    Get a Let’s Encrypt Wildcard Certificate (florianjensen.com)

  • There is some steps at OVH provider side to manage potential Dynamic IPs from your internet provider but I have only a French link for this:
    Paramétrer un DNS dynamique pour son nom de domaine | Documentation OVH

Comments about why not doing a more simple configuration:

  1. The way I do, the SSL certificate (managed in the reverse proxy container) works for every service/subdomain/machine I use, without ever need to configure anything in these service machines.
  2. One may notice that Hass.io has a Nginx add-on. Nevertheless I wanted to make a more independent and free installation of the proxy service with full control of the OS that host it, moreover managing several services at once and not only Home Assistant access.
  3. One may notice that Hass.io has a Let’s Encrypt addon. Nevertheless I wanted my SLL to manage all my services under as much as subdomains as I want, so again I opted for a more independent and versatile option.
  4. Nabu Casa manages very well every aspect of Home Assistant from outside (domain, SSL, Google Assistant) but again I wanted to build a multiple subdomains solution for multiple services.
  5. One may think that Nginx could be simply installed on Proxmox OS. That’s not false but:
    i. firstly Proxmox OS is quite sensitive to additional installs (I crashed it when attempting other complilationsd in it) so it is recommended to let it alone… indeed there is no gain to install Nginx on the host rather than on a dedicated container (as CT shares the resources with the host);
    ii. secondly I would not be able to separate easily Proxmox service and nginx service when accessing them from outside if I install both under the same machine/IP.
  6. As soon as one personal subdomain+SSL certificate is operational, Nabu Casa is not even necessary for Google Assistant integration, as explained in Home Assistant Documentation.

Depending on your use, such simpler solutions might fit you more than mine. Anyway you have the choice now :grinning:

1 Like

I would repurpose the rpi as a z-wave/zigbee to network gateway and place it where it would get the best wireless coverage and least wifi interference, then place the nuc with the network infrastructure

2 Likes

Did you give any thought to running as a separate VM rather than as a CT? I’ve read some have security concerns over CTs and recommend that the separate VM is more secure, but is it needless overprotection?

I read about this and I considered it. Indeed the installation would be the very same with a VM. But I have got only an Intel NUC with Pentium CPU and 8 Gb RAM so I share it carefully. Moreover it seems to me a quite general security comment more than a strong weakness ; I did not implement the strongest protection (medium I would say) on my global installation anyway ; and there would be other more useful security actions I would take before this one, should I want to increase my security level…

1 Like

I have my home assistant running in docker on lubuntu:

In regards to SSL. I run caddy on my (windows) file/media server to be a reverse proxy for HA and several other services. I then simply run HA as http inside local network.

Okey, thanks for all the input guys.

I setup a VirtualBox on my laptop and tried it out for a bit and got Z-stick to work.
I will also try out Proxmox later when I got my NUC and see which solution I will go for.

More inputs on Z-stick and Conbee. Do they work without problems on VBox and Proxmox?

I recommend the NUC8i5BEH, you will have room for another drive just to store camera footage

Hello - I am also looking to set-up a more powerful option that a RPi4.

Is this still a good option for a HA install on Proxmox. I will also run NodeRed, InfluxDB, Grafana, maybe PiHole and use as a basic file share.

If NUC8i5BEH (or another option?), what RAM and SSD are recommended?

Thanks in advance for any working tips / ideas.

I use a HP Gen8 Microserver with TrueNAS. I run HA, MQTT, Grafana, TasmoAdmin, NodeRedand a couple of others as plugins. TrueNAS is open source, as are all of the others, so the only cost is hardware. Yes, it is more expensive but you get the security of a commercial grade software which uses ZFS software RAID spread over a maximum of four disks. In my case, four terabytes of storage.
All that software does need 16G of RAM and a Xeon CPU but are quite cheap now. The HP is server grade quality hardware.

The 8i5 is still an excellent choice, if you are running multiple DBs and value good DB performance, get a Sabrent Rocket 4 1TB. If you want reliability at the expense of performance, Samsung 970 pro 1TB.

For SSD reliability with database use, never use more than half of its free space, if you need more space for file storage, make use of the SATA slot for an additional drive, Samsung 860 pro 2TB is the best choice there. For write once read many you can go to to 90% use, for constant write (like video surveillance) 80%. The 870 Evo 4TB gives you more space at a similar price but a lower life cycle and reliability rating.

If you need more than 4TB for file storage, you should not be using a NUC, you should use something with a RAID controller or a computer that can do mirrored drives

For RAM I suggest CT2K8G4SFRA266

Thank you for the tip. I have ordered an 8i5 and will get the 2x8 RAM.

I’m still getting to grips with recent specs (been a few years since my last build). Just looking at the SSD. The NUC8i5 m.2 slot is PCIE Gen 3. The Rocket 4 looks great, but will the PCIE not limit the speed? So, would the lower spec SSD make sense? Or, is the Rocket 4.0 just a solid performer regardless? There is a c.40% increase in cost for the 4.0 versions.

Or am I misunderstanding the specs? Any thoughts?

Thank you again