Homelab & Selfhosting Thread - One Day it will be a Home Datacenter, you just gotta believe!

[CryoRevival #SJ-112]

Surprised there isn't a thread for Homelabs yet.

What are your stories, projects, dreams and knowledge to share?

Right now I'm screwing around with Docker and dreaming of murdering the people who write some of the documentation for these containers. Its not an accident that the AGPLv3 documentation is the most autistic and least intuitive is it?

What are you doing with yours? No need to dox your box but feel free to brag.

 

[REGENDarySumanai]

I have a Plex server.

 

[Ike Aim]

My home server is a newer-ish quad-core fanless Celeron ITX board running FreeBSD and a ZFS storage pool. It's a Samba file server, Apple Time Capsule backup server and Plex server at the moment. I can stream 4K at home just fine. I think most people over-build their home servers or use their old overpowered PC's, hence the heat, noise, and electric bill. Never been a problem for me.

 

[Sallust]

Colocated proxmox server:
Hardware:
Ryzen 7
128 GB RAM
4 4TB drives in raidz2
2 8TB SMR drives in raidz2
1 8TB SMR
1 4TB SMR
1 1TB NVME for OS and VMS

VMs on colocated server:
Pfsense VM: virtual networks(NAT, VPN restricted), OpenVPN for internal network access, OpenVPN for internet routing
Storage VM: connected to both ZFS stores and exposes them to other VMs in the private network via an NFS server . Also hosts an LDAP server for centralized auth by services below.
General VM: Jellyfin, Gitea, Gotify, Nextcloud + Collabora, fireflyiii finance tracker, ombi
Synapse VM: Encrypted Element messenger chat based detached from Matrix
Game VM: Minecraft though not used for months
Family VM: Nextcloud, email, VaultWarden
Searx LXC Container
Archival server: archivebox, grabsite, other tools, nginx static hosting select archived files/sites.

Home proxmox server:
Cheap core i5
24 GB RAM
Several disks varying from 4-12TB
Pihole VM
Archival VM: same as above but local
Storage VM: same as above and serves as a backup for the colocated server
Openwrt: Internet gateway via 4G separate from slow home internet connection
Paperless VM
Shinobi VM for security cameras

 

[bucolic]

I bought a Synology DS1621+ last year that I've been slowly building out as my homeserver. With the main focus obviously being storage it is a fantastic NAS, but I've found many of their other packages are also suprisingly solid.

I started out migrating my DHCP, DNS, and directory services over to their packages, & then spun up a couple VMs in their Virtual Machine Manager (really just QEMU/KVM under the hood). Eventually I decided Docker would make more sense than running separate VMs for everything, so I began to learn that. So far I have Plex, Pihole, OpenVPN & a few other miscellaneous services like LibreSpeed running in Docker.

The only real challenge with the Synology has been on the network side. They are definitely aimed at the small business/home user market & don't expect a complex network topology. Getting tagged VLANs working properly was a chore, especially in conjunction with the virtual machine manager...and even moreso, integrating that with Docker so that I can assign IPs to individual containers or isolate them in separate VLANs. All in all it wasn't THAT hard, but definitely took a couple weeks of research & banging my head against the wall to get it all running smoothly.

The only downside with the NAS is that it can't transcode in Plex due to the Ryzen cpu. I don't really have any need to transcode currently, but eventually I want to get a NUC or something along those lines to better serve Plex (& possibly the whole Docker environment). Maybe build an ESXi host? We'll see...

For my network I mostly run cast-off enterprise hardware. Fanless Cisco compact switches with PoE & full L3 images are fantastic little boxes that are relatively cheap & feature rich, assuming you're familiar with IOS. Eventually I want to add a 10Gb NIC to the Synology & upgrade my network backbone along with it...hopefully prices come down on these by then: https://www.amazon.com/Cisco-Catalyst-3560CX-8XPD-S-Multi-GbE-WS-C3560CX-8XPD-S/dp/B011Z74JP8

 

[Retink]

I started playing around with the idea of self hosting a little bit ago, right now I have NUC with an i7 core and 2 terabytes of memory across an M2 and Solid state with 64 gigs of RAM. Right now it's just Proxmox with some virtual machines of different Linux types for me to play around with.

I'll probably wipe it soon to redo everything as I made a good amount of errors my first time around. I could probably use some more information resources as right now I'm just kind of guessing as I go along and get random ideas, but I'm hoping to expand it over time and eventually just use the NUC as a controller for NAS boxes and other such things.

 

[Car Won't Crank]

I bought a Synology DS1621+ last year that I've been slowly building out as my homeserver. With the main focus obviously being storage it is a fantastic NAS, but I've found many of their other packages are also suprisingly solid.

I started out migrating my DHCP, DNS, and directory services over to their packages, & then spun up a couple VMs in their Virtual Machine Manager (really just QEMU/KVM under the hood). Eventually I decided Docker would make more sense than running separate VMs for everything, so I began to learn that. So far I have Plex, Pihole, OpenVPN & a few other miscellaneous services like LibreSpeed running in Docker.

The only real challenge with the Synology has been on the network side. They are definitely aimed at the small business/home user market & don't expect a complex network topology. Getting tagged VLANs working properly was a chore, especially in conjunction with the virtual machine manager...and even moreso, integrating that with Docker so that I can assign IPs to individual containers or isolate them in separate VLANs. All in all it wasn't THAT hard, but definitely took a couple weeks of research & banging my head against the wall to get it all running smoothly.

The only downside with the NAS is that it can't transcode in Plex due to the Ryzen cpu. I don't really have any need to transcode currently, but eventually I want to get a NUC or something along those lines to better serve Plex (& possibly the whole Docker environment). Maybe build an ESXi host? We'll see...

For my network I mostly run cast-off enterprise hardware. Fanless Cisco compact switches with PoE & full L3 images are fantastic little boxes that are relatively cheap & feature rich, assuming you're familiar with IOS. Eventually I want to add a 10Gb NIC to the Synology & upgrade my network backbone along with it...hopefully prices come down on these by then: https://www.amazon.com/Cisco-Catalyst-3560CX-8XPD-S-Multi-GbE-WS-C3560CX-8XPD-S/dp/B011Z74JP8

I like Synology for the easy to use and stable surveillance station. Licenses for extra cameras suck though if you need a lot.

 

[khaine]

I run a bunch of stuff. I have 3 FreeBSD servers, that a primary for data storage and opnsense as my gateway, and then a bunch of VMs. I currently run pinhole, unifi, prometheus, gitea, plex, and poudriere. I'm looking to set up an ELK server as well. I build out everything using ansible, to minimise maintenance costs. While this benefits my on-going management, it does slow down deployment as I need to build out the various plays.

Overall, running your own homely is a great way to maintain control of your data, and learn how things work. I highly recommend that everyone does it.

 

[CryoRevival #SJ-112]

I run a bunch of stuff. I have 3 FreeBSD servers, that a primary for data storage and opnsense as my gateway, and then a bunch of VMs. I currently run pinhole, unifi, prometheus, gitea, plex, and poudriere. I'm looking to set up an ELK server as well. I build out everything using ansible, to minimise maintenance costs. While this benefits my on-going management, it does slow down deployment as I need to build out the various plays.

Overall, running your own homely is a great way to maintain control of your data, and learn how things work. I highly recommend that everyone does it.

I have quickly realised that credential managememt is gunna drive me insane, even with my small userbase, so my project at the moment is identity management.

Does anyone have any suggestions for a Foss IdAM solution? It seems so convuluted and searching has been a pain in the ass because all the propriatary solutions seem to be especially on point with their SEO and marketing...

Partly I want to get the experience of even setting up a small one, even though its just overkill.

 

[TheSkoomer]

Suse Linux

Local:
DNS, for adblocking.
HTTP, serving a simple 4 ascii character 404 page for the DNS to redirect all ad domains to.
SSH/SFTP, for server administration and file storage/transfer.
Tor.

Public:
Hosting websites on Tor.
SSH/SFTP access.

Also have IRC, VoIP (SIP, Mumble) and email services, currently turned off for lack of demand.

Does anyone have any suggestions for a Foss IdAM solution?

Are your users logging in via SSH?

Use SSH certificates to manage identities. Each user gets a password-protected SSH certificate, Their public certificate is added to the server's list of accepted certificates.

The user must use their SSH certificate plus a password every time they log in.

User has no cert? User doesn't get in.
User's cert is not on your list? User doesn't get in.
Want a user gone? Delete their cert from your list, and they're locked out.

Certificate plus password is the best form of 2FA, because it can be carried around on a thumb drive and doesn't require a cell phone, SMS, or email. Furthermore, if a user loses their thumb drive, the odds of someone else finding it and logging in with are extremely low, because it still requires a password too, and the cert doesn't give any indication of what it's for unless the user is a retard and saves the cert under a filename that points to your server.

If your users aren't complete idiots, you can even let them generate their own certs (some more paranoid users will prefer this)

 

[khaine]

I have quickly realised that credential managememt is gunna drive me insane, even with my small userbase, so my project at the moment is identity management.

Does anyone have any suggestions for a Foss IdAM solution? It seems so convuluted and searching has been a pain in the ass because all the propriatary solutions seem to be especially on point with their SEO and marketing...

Partly I want to get the experience of even setting up a small one, even though its just overkill.

That is something I have tried and failed at several times for different reasons. I first tried implementing openldap, but couldn't get it to work with my macOS clients and gave up. I tried using Open Directory, but couldn't really get it to work with linux/unix servers. I also started looking into FreeIPA, but that looked like a bitch to set up.

Because I use ansible, I have a play that creates the accounts I need on my servers, and I have the account passwords encrypted using ansible-vault, which is then temporarily decrypted when the play is run. This has meant, credential management is still manageable for me. But this is a temporary solution, until I can implement real IdM and secrets management.

 

[khaine]

For interest, this is how it works. I have a role called preflight that applies to all servers, and in that role there is the following play:

- name: Users | Make groups.
  become: yes
  ansible.builtin.group:
    name: "{{ item.groups }}"
    state: present
  with_items: "{{ user_details }}"
  no_log: true

- name: Users | Create users with passwords.
  become: yes
  ansible.builtin.user:
    name: "{{ item.name }}"
    uid: "{{ item.uid }}"
    password: "{{ item.password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
    groups: "{{ item.groups }}"
    comment: "{{ item.comment }}"
    shell: "{{ item.shell }}"
    state: present
  with_items: "{{ user_details }}"
  no_log: true
  when: item['password'] is defined and item['password']|length > 0

User Details is pulled out of group_vars, so it can be different for the different classes of servers.

user_details: "{{ encrypted_user_details }}"

and then encrypted_user_details are encrypted in a vault file, which is structured like this when decrypted.

---

encrypted_user_details:
  - { name: khaine_admin, uid: 1002, groups: wheel, comment: "Khaine (Administrator)", shell: "/bin/bash", create_ssh_key: false, ssh_authorised_key: "files/ssh_authorised_keys/khaine_admin.pub", password: "insert-real-password-here", sudo_no_password: false, samba_access: false }
  - { name: ansible, uid: 1003, groups: wheel, comment: "Ansible", shell: "/bin/sh", create_ssh_key: false, ssh_authorised_key: "files/ssh_authorised_keys/ansible.pub", password: "insert-real-password-here", sudo_no_password: true, samba_access: false }

 

[Dick Justice]

Proxmox is pretty good?

 

[khaine]

Proxmox is pretty good?

Isn’t proxmox more about managing virtual machines and docker images? I haven’t used it, but have heard good things about it.

 

[Ahriman]

Sometimes I think I'd like to have a bigass server rack in my living room, kinda like Chris Titus.

But then I think of the heat and the noise, and I drop that idea. A piece of crap laptop with Alpine Linux will do for now.

 

[Spasticus Autisticus]

Isn’t proxmox more about managing virtual machines and docker images? I haven’t used it, but have heard good things about it.

Proxmox doesn't support Docker directly. Its container system is built on top of LXC, it's not compatible with Docker and they don't support running Docker containers directly in Proxmox. If all you want is VMs, Proxmox is pretty nice, especially if you want a cluster of nodes. I evaluated it for a while and though I liked it for what it was, I want to move away from manual deployments towards automation with Terraform + Ansible, including Docker/Podman support, and Proxmox wasn't quite giving me what I wanted in that area.

 

[khaine]

Proxmox doesn't support Docker directly. Its container system is built on top of LXC, it's not compatible with Docker and they don't support running Docker containers directly in Proxmox. If all you want is VMs, Proxmox is pretty nice, especially if you want a cluster of nodes. I evaluated it for a while and though I liked it for what it was, I want to move away from manual deployments towards automation with Terraform + Ansible, including Docker/Podman support, and Proxmox wasn't quite giving me what I wanted in that area.

That makes sense. I've never used it, but know it designed to run VMs. I've heard of people using docker with it and assumed it might have had extra tools to make that easier.

 

[Reverend]

If you don't have a Tape Backup system in your rotation you can't consider yourself a true HomeLabber.

 

[Ahriman]

Pretty insightful.

So one good use for a NAS would be to set it up as Steam cache for your library, especially if it's quite large. These are pretty insightful.

On his other channel he has a 2-part series where he shows how to set it all up on a Synology NAS.

Part 1:

Part 2:

Super useful guide.

 

[byuu]

"Homelab" is such a pretentious term for having a pc running in your room.