AIO Ep16. Migrated Back from unRAID to PVE Again~

It’s actually been over three months since I migrated from unRAID to PVE, and I’m only just now writing about it.

A few days ago, I accidentally broke my laptop (foreshadowing: here when I was tinkering with hardware, due to the ridiculously bad design of a PCB someone else designed, I accidentally fed 12V into a USB port… and poof, it wouldn’t boot anymore…)

Thankfully, my trusty HomeLab—having served me faithfully for over two years—saved the day. I haven’t been too severely impacted (currently making do with a Linux single-board computer in my dorm; this blog post is being written on it, in fact).

Back to the main topic: the reason I switched systems was that right at the start of summer break, SSD prices dropped unexpectedly—and then quickly rebounded. I took the chance to grab a WD SN640 enterprise-grade SSD with official Chinese warranty and 5-year coverage. First time I successfully timed the market—I was so emotional. Given that my old PE4010 was somewhat of a deathmobile, I quickly offloaded it on Xianyu (a Chinese secondhand marketplace).

However, unRAID’s array mechanism severely limits the performance of modern SSDs. The newly introduced “exclusive access” feature in unRAID 6.12 bypasses the array’s FUSE layer to partially alleviate this, but it still comes with quite a few bugs. Plus, using btrfs or zfs on unRAID completely sacrifices the original array’s flexibility. unRAID’s webUI also offers poor support for zfs.

As my needs grew, Slackware-based unRAID began to fall short in many areas. Installing additional packages was a hassle, and unRAID’s security left much to be desired. I ended up relying on a bunch of ugly scripts to set up firewall rules and other customizations. No 2FA login, no permission control for plugins, and the whole system didn’t leverage Linux’s permission management at all. Eventually, I decided to switch to Debian-based PVE.

Installation and Initialization

My first impression after installation? So many configuration options, lol.

The built-in features immediately solved several pain points I had with unRAID: automatic SSL certificate issuance and renewal, 2FA support (including WebAuthN), built-in backup and VM snapshots, extremely detailed VM settings and customization, comprehensive firewall configuration, LXC container support, and more.

Storage Arrays

One of my HomeLab’s key roles is as a NAS. I originally chose unRAID mainly for its flexible array system and the ease of running Docker & VMs simultaneously.

Now, considering SSD TRIM support, future expandability, and various advanced features, I decided to format the SN640 as a single-disk ZFS pool within PVE. Took the opportunity to get more familiar with ZFS command-line tools.

I kept only two 4TB mechanical drives, which I set up in RAID0. A weekly script uses zfs send and zfs receive to back up data from the SSD pool to the mechanical drive pool.

Of course, I still have cloud backups—the process here hasn’t changed much, so I won’t go into detail.

Containers and Services

A HomeLab wouldn’t be complete without running various services and code snippets.

Virtual Machines

I simply imported my old VM images into PVE—after some basic configuration, they were up and running.

I initially thought GPU passthrough (especially iGPU) would be tricky in PVE, since unRAID used to shine in that area. Surprisingly, passthrough for the UHD630 on my 10100 worked smoothly, and Windows 10 recognized and installed the driver without issues.

Containers

I took this migration as an opportunity to move many of my Docker containers over to LXC. Using bind-mounts, I can still mount host storage into LXC containers. However, note that the root user inside LXC isn’t the same as the host’s root—UID mapping needs to be handled carefully.

Each LXC container now has its own IP, eliminating the need for messy port mappings and making firewall rules much easier to manage (e.g., preventing container-to-container access to reduce lateral movement risks).

This also solved the annoying issue I had with unRAID, where Docker containers had to be configured through the unRAID webUI, resulting in a proprietary, ugly XML config file. Otherwise, any container update would overwrite your custom settings.

That said, even with LXC, some use cases are still better suited for Docker, so I still needed a Docker instance.

Although the official recommendation is against running Docker inside LXC (due to shared kernel risks during upgrades or clustering), I decided to install Docker inside an LXC container anyway—mainly to avoid the filesystem overhead of running it in a full VM.

Worth noting: if you don’t want to run the LXC container in privileged mode, you can enable nesting and fuse, then configure the Docker daemon to use rootless overlay-fuse—this allows Docker to run smoothly even in unprivileged LXC containers.

Summary

Overall, the migration went pretty smoothly. After a few rounds of iteration, the system is now quite stable. Switching to Debian-based PVE has made my HomeLab much more customizable and secure.

Here’s a screenshot of the final setup:

PVE Final Configuration