Homelab: The Beginnings
Like many who have found themselves building a homelab, I was first exposed to the idea of a homelab many years ago when I stumbled upon the homelab subreddit. It took some time for me to understand what exactly was going on here and I wouldn’t fully understand until a few years later when I was looking into creating a VPS on AWS to host some of my own software. The invention of cloud services such as AWS and Azure have made the concept of hosting your own infrastructure at home seem like a dated idea. Before I fell down the rabbit hole of building my own homelab, I didn’t quite see the point. Why should I spend time and money creating a lab when I can simply create virtual machines in something like VMware player or Virtualbox? It wasn’t until I began looking deeper into the open source and self hosting communities that I found the true reason I wanted to create a home lab. Decreased reliance on third party services. I have always been weary of how much I am reliant on third party services, however, It wasn’t until my personal account was randomly deleted from youtube that I realized I did not have any backups of personal data. While the channel was eventually restored, this was a wake up call for me that I did want to start having more control over my data. To be clear, I don’t have any issues with youtube, or any other service I currently use to store data, however,
data hoarding having control over your files gives some peace of mind, allows you to learn a ton about different technologies that you typically aren’t exposed to, and can serve as a great hobby. With that being said, everyone has different use cases for building a home lab and there is an infinite amount of technologies, software, and hardware you can dig into. So why did I decided to build a lab?
Why I decided to build a home lab
I had decided that I wanted to build a lab, however, I didn’t quite know what that meant yet. I knew that I wanted to have some sort of infrastructure that I could host VMs, containers, and have redundant storage, but I didn’t quite know how exactly to do that. My first idea was to create a list of all the different services/software I wanted to have access to. This took a few weeks and some researching but I finally settled on this list.
- Proxmox: I knew I would need a hypervisor and while I know lots of people like ESXI, I have experience with VMware products so I wanted to switch it up
- Pihole: A DNS server that will allow blocking of ads.
- Gitlab: Essentially a private github instance for hosting code with version control
- Plex: A server to host media on that allows you to access it from a TV app. Very handy for keeping your spot in webcasts when watching from multiple devices
- Note: Plex ended up being a terrible experience. I instead went with Jellyfin which has been fantastic
- Backup Server: I wasn’t quite sure how I wanted to accomplish this, however, I knew I wanted some way to backup videos/code/documents/photos
- Security Onion: Security onion is an open source solution for security monitoring of your networking.
- PFsense Firewalls: I knew I wanted to segment my network and I knew PFsense was a reliable firewall
- Ubuntu Server: I wasn’t quite sure what I was going to do with this, but I knew I would like access to a linux server at some point
- Linux Dev machine: I knew I would want a Linux machine that I could nuke after borking some software installs on.
- Windows Machine: While I’m creating VM’s I might as well make a windows machine.
- Security lab: An isolated network for me to detonate malware, break things, and learn active directory.
While this list is not everything I wanted to create, it did leave me with some fairly lofty goals to work towards. Finally, I took some time to think about what my objective for my lab was. I ended up settling on three main goals.
- Create a lab that is functional and allows me to selfhost my own software
- Create a lab that allows me to learn more abstract concepts such as docker, active directory, advanced networking, etc.
- Implement security best practices such as the CIS top 18 security controls to put theoretical security knowledge to the test.
Next, I needed to know what hardware I would require for this environment. In order to know what hardware I needed, I needed to know what my network would look like from a logical perspective. It was incrediblly daunting because I knew I was not going to get it right the first try, but after lots of tinkering, going back to the drawing board many times, I settled on this network diagram as a baseline for what I wanted to achieve. I made the diagram using the 1 week free trial of Lucid.
With the conceptual network diagram out of the way, I could now move on to creating figuring out which hardware I was going to use for this. It should be noted that this is a pretty flexible diagram and implementation will deviate from the initial diagram.
How to choose your hardware
This was absolutely the hardest part of the whole process. It took me weeks to discern what exactly I was looking for. Was I looking for a massive server rack to
provide heating for my home have enterprise grade servers in? Did I want a tower server that had server hardware but looked like a generic desktop? Did I want to use spare desktop parts that I had from upgrading my PC last year? I wasn’t sure, and I certainly wasn’t sure where to start. After going through dozens of videos explaining the difference and hundreds of blogs/articles/posts on the topic, I still was not sure what I needed. Ultimately, I settled on the idea of using old hardware from my previous desktop and upgrading as I need. Sure, this isn’t the most cost effective, easiest, or time efficient way to create a homelab, but half of the fun in creating a homelab is discovering you have a need for some new hardware/software and installing it. If you’re worried about the perfect hardware you need to get, just start with what you have or can afford. You can always upgrade later. With that being said, I pulled out my old motherboard, CPU, PSU, and a 128gb SDD I had from when I upgraded my current desktop and attempted to get it to boot. After ordering some 16 GB of RAM, I was in business.
After the initial setup of proxmox, I added a very very old 1tb HDD as my initial datastore and began configuring some of the VMs I knew I would want running such as an Ubuntu server. This post is not meant to be a tutorial describing how to set up each service. After a few days of
troubleshooting dns tinkering, I finally got some of the services up and running.
It is rare that I boot into windows for non-videogame related things but sometimes I need to transfer something from my linux machine to my windows machine. This is kind of a headache if the files are large and I don’t want to upload them to a cloud service or I don’t have a flashdrive with a NTFS filesystem on it. (Most of my flashdrives are typically mounted with linux ISOs…). I also would like to be able to access certain files from my windows system on my main linux machine. To solve this issue I wanted to create a fileshare that would allow me to mount a drive on both my windows and linux machines. A fileshare is simply a way to share files to devices on the network using SMB/CIFS. I decided to go with OpenMediaVault for this. Open media vault allows you to to create and manage a fileshare using SMB/CIFS. After going through the configuration options, I could mount the fileshare using the unix mount command and access under /mnt/fileshare.
sudo mount -v -t cifs //<FileshareIP>/fileshare /mnt/fileshare -o username=<username>
Pi-hole / DNS
I had initially heard about Pihole years ago as a network wide adblocker. I wanted to test the power of Proxmox’s LXC containers so I spun up Pihole in one to act as my DNS server. After configuring I had to change my router settings to allow Pi-hole to manage my DHCP reservations and change my default DNS server in both linux and windows to be the Pi-hole. After doing so I began adding some custom DNS records to allow me to access my servers from a FQDN instead of memorizing their IPs. After a few weeks of running, you can see that 18% of my network’s traffic was blocked. Pretty insane considering I already have very strict ad blockers on all my devices.
One of my unexpected favorite services I have been using is Flame. Flame is a very minimal start page that allows you to add shortcuts to your applications and bookmarks.
After getting to a good baseline state, I began looking into creating a NAS for some of my backups. I quickly realized that your typical NAS from a company such as Synology is not only expensive, but also locks you in to proprietary firmware; neither of which seemed appealing. As of writing this I have not come up with the exact hardware I will be getting for my NAS, however, I did pick up a pair of Seagate Ironwolf 4TB HDDs from newegg that will serve as the storage for my NAS once I do get al lthe hardware I need. For software I will likely go with FreeNas/TrueNAS.
Throughout the building of this lab, I have found that it can be overwhelming to try and tackle creating the entire network from scratch. My advice for you if you’re looking into creating a home lab would be to break it down in to the most simple steps. 1. Why do you want to create a homelab? 2. What do you want to run? 3. What is your budget/time investment. Answering these questions will help you get the ball rolling.
My next steps are going to be moving all my hardware into a case. Currently my entire network resides on my desk on top of an old motherboard box. Then, the goal is to do a deep dive on PFSense and some other networking topics.
The ability to self host your own services is without a doubt one of the coolest parts of the open source and home lab community. If you don’t like some features about a service, you can spin up your own private instance on your internal network. After tinkering with this lab for a few weeks I have finally gotten to a stable point where I am able to utilize it without having to troubleshoot everytime I go to use my network. While I am nowhere near done, I am now diving deeper into some more interesting technologies now that I have the basics configured. In the next blog I plan on doing a deep dive into PFsense, VLANS, and network segmentation. If you have any questions, feel free to reach out to me on twitter.