cjtibule/MyPlaygroundBlog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cbe02a14a29d13261d0fd378982121edc59c89ca
MyPlaygroundBlog/content/posts/soha-2024.md
Carl Tibule cbe02a14a2
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Details
Fixed typo in About Me page, released 2024-09-29 post
2024-08-30 00:03:49 -05:00

74 lines
8.3 KiB
Markdown
Raw Blame History

+++
title = 'State of the Homelab Address - Part 1'
date = 2024-08-28T22:59:00-05:00
tags = ["homelab", "soha"]
+++
<!-- Sections
- History
- Current Setup
- Hardware + Baremetal OS
- Service stack setup
- How separation is decided
- Portainer and why not k8s
- Current Issues
- Memory overhead due to separation
- Lack of DMZ
- Lack of autoupdates
- Lack of security detection
- Future Goals
- 10 Gbps
- k8s
- SSOs
- Windows Server
- Emergency Site -->
As mentioned before, I've been intending to give an overview of my current Homelab environment. So I've decided to start a new series on this blog named the State of the Homelab Address. Just like its namesake, I'd like to have this series include the progress that's been made since last year and future goals I'd like to achieve for the next. Ideally, I'd have this written and released around the end of the year but if I put if off any further, any mental notes I might have are at risk of being lost in the void so I want to get this written down immediately.
## History
My very first real foray into building a homelab was through old hardware that I got from a previous workplace and was otherwise destined for the eWaste pile. I managed to get my hands on an IBM X3650 M3 and a APC SUA1000RM2U UPS. My first goal was simple: a Media/File Server and a Minecraft server for my me and my friends to play on. The server as-is was pretty weak, so I scoured eBay to upgrade my processors to a Dual Intel Xeon X5650 and some RAM to bump it up to 32 GB. In addition, I used [this video from My PlayHouse ](https://www.youtube.com/watch?v=y36KJSiZluk&pp=ygUobXkgcGxheWhvdXNlIGlibSB4eDM2NTAgbTMgdXBncmFkaW5nIGhkZA%3D%3D) as a guide to expand my storage array from 8 to 16 drives. At this point in time, my limited resources has forced me to prioritize pure raw storage over any form of redundancy. My OS of choice for this server is OpenMediaVault, as it seems to support Docker and Virtualization right off the bat and it's also built on top of Debian, a the only Linux distro that I was (and arguably, still am) familiar with.
This setup has served me well for a while until we had to get our basement (where I and my homelab live) renovated. What was initially expected to only take a few weeks turned into a 2 years and counting saga (don't even get me started) but I digress. At this point, there was no other space in the house for my homelab to operate in, so I decided to wind it down for now and put it in storage. There was a brief period of time where I had the itch to start it again, and so I decided to spin up a couple of servers on Hetzner and do some dabbling there. Just a few weeks later, my interest waned (a common theme so far in my life it seems) and so I ended up winding that down too to save on some recurring cost.
When my interest started to pick back up again, I suddenly remembered I had a Raspberry Pi 4 lying around for a project I never gotten around to finishing. And so, I've rebuild my entire lab again from scratch, hosting it all on this tiny PC and an 8TB external HDD I've attached to it. It worked fine for a bit until I started running into some limitations:
- After spinning up 8 containers, setting up any more has caused CPU to spike temporarily, but just enough to cause Portainer to freak out
- Some of the services I wanted to run are unavailable because of ARM
- Single point of failure wipes out my entire lab
Around this time, the renovation has reached a stage where I and my old server pals from way back could now move into some of the rooms (though it is still not done). I spun up my IBM server again and decided to leverage OMV's built in virtualization platform (it uses KVM, and Cockpit for GUI management). I spun up a couple of VMs to try and pull away some of the services hosted on Pi onto the more powerful server to try to lighten its load. But even with this setup, several problems rose:
- Networking's really challenging and unintuitive for newbies like me. I remember having to setup multiple networking interface just to allow guest VMs to talk with each other and to other clients in the internet. I wish I could recall exactly what my issue was, but it left me really frustrated
- The GUI (Cockpit) is straight up inaccurate with resource consumption reporting. It would sometimes show that the VM's eating up all of the resources I gave it to, when in reality it's nowhere close to that
- Lack of snapshots
Sometime in between, while I was scouting Kijiji randomly, I also found another IBM X3650 M3 that was reasonably priced. Around this point, I've already been made aware of Proxmox and how powerful its clustering features could be, so I decided to spring for it. With all these pieces coming into place, I've decided to scour Kijiji again, this time for more memory and I landed myself the greatest deal of all time: 256GB DDR3 ECC RAM for $105. At this point in time, I'm fully armed with resources that realistically, I'll never come close to saturating, and I'm ready to tackle my 3rd attempt in building a Homelab I can be proud of.
## Current Setup
### Networking - Hardware
This is perhaps my weakest area of expertise. While I do have some superficial understanding of how networking works, it is not something I enjoy doing on a regular basis. And so, I've decided to keep myself invested in the Unifi ecosystem.
I used to have a USG 3P which has served me well for a couple of years, but admittedly is not powerful enough when the Intrusion Detection and Prevention System feature is turned on. Plus, it's also nearing (if not already)at the end of its life. Thankfully, just around the time I've resolved myself to replace it, UniFi's released a worthy successor in the form of UXG-Max. For my wireless access point, I originally bought 2 U6-Mesh but as it turns out, just 1 of them is enough to cover the entire house. All of these equipment + my servers and other wired clients are connected to my US-24 switch, which at this point is just as much of a veteran in my Homelab as the USG 3P was.
My Unifi ecosystem is controlled by the Unifi Cloud Key Gen 2. I used to have the controller hosted myself: first through a container on my IBM server, and then through my PC. But I found the network adoption to be so painful that I decided to just buy a dedicated hardware for it and call it a day.
I am aware that there are more powerful alternatives out there such as pfSense and OPNSense. Unifi is surprisingly underpowered vis-a-vis its competitor, especially when you consider how much premium you pay for their hardware. But even with all the flaws it has, I'd rather have my single pane of glass that's also dumbed down for me to use. Goodness knows how much time I'd have to spend tinkering with pfSense before I could even get to my Homelab.
I'm not discounting the alternatives at all. In fact, I've already seen a few videos on how to use pfSense inside of Proxmox. It's definitely something I can see myself setting up for use in a sandbox environment just to see how it'll fare. But in the time being, I have no plans to move away from the Unifi ecosystem.
### Networking - VLANs
From a humble `192.168.1.0/24`, I opted to move my networking scheme to `172.16.0.0/12` and established the following VLANs:
- Default/Management VLANS: where my Unifi Devices live. Apparently it's a pain in the ass to move them out of there, so that's where it stays. Some management interface that have no business being accessed by devices save for mine are also in here
- Trusted: where all almost all of the house's client devices live. Ranging from printers, to phones, to laptops
- IOT: name's obvious. Has no access to any other VLANs
- Infrastructure - where my servers live
- Guest: name's also obvious and has no access to any other VLANs. Right now only available via a WiFi network that shuts down outside of certain hours
- Surveillance: where security cameras + doorbells live. No Internet access at all. Speaking of, I'll have to write a post ranting about the state of smart doorbells in another articles soon
## Closer
While writing up that last section, I decided to preview what I have so far and it's already longer than what I'm anticipating, and this is just the warm ups! I'll be breaking up this inaugural SOHA post into several parts. For the next one, I'll be talking about how my services are hosted!
Reference in New Issue View Git Blame Copy Permalink