Welcome to this guided exploration of my simple, pièce de résistance of home technology – My Home Lab!. It has some bits of meticulous design and a smell of that serves as a testament to the power of open source technologies.
Building a home lab with your desired Tech stack can proof to be rewarding and valuable endeavor for different reasons:
- Ideal for Experimentations and S/W Testing: A home lab is a much safer space to experiment with new things technologies. You can comfortably break software, server configurations, and even the actual hardware!.
- As a Hobby and For Personal Interest: For some, the journey of building and managing personal home lab can be fulfilling hobby. It can be a way of engaging with technology on a deeper level, pursuing personal interests, while enjoying the satisfaction of building everything from the ground up.
- Proof of Concepts Hub: Where else can you develop and test proof of concepts for tech-related ideas or startups if not a home lab?. There is need for expensive commercial resources with home labbing things.
- For building Custom Solutions: With a home lab you can tailor technology solutions to your specific needs, whether it’s setting up a home security and surveillance, personal VPN for remote access, an entertainment media server, a home automation system, private cloud, or your huge data storage solutions.
- Learning and Building new Skills: A home lab provides a hands-on environment for learning new technologies, experimenting with different setups, and gaining practical experience. It’s an excellent way to learn about networking, server management, virtualization, containerization, home automations, cybersecurity, and many other IT-related topics.
My Home Lab Networking architecture (simplistic design)
The architecture of a Home Lab will depend on your specific needs, for example the equipment you plan on purchasing, and your specific goals to be achieved with the lab. Here is a simple design of my Home Lab networking.
1. Internet Connection
- This is the primary internet connection, mainly provided by your ISP (Internet Service Provider).
- It is the entry layer into the network
- You can consider having a secondary / backup internet connection for redundancy if your home lab is critical, e.g hosting services consumed externally.
- My Main internet is provided by Safaricom (Kenyan based Telco company). I have plans to get Starlink internet connection and maybe use it as main for downlink, and Safaricom internet for remote access and exposing external services.
- I chose Safaricom Fiber Internet for Business connection package to get Public IP addresses and to have complete control over my networking stack.
- The router is configured in bridge mode to enable me configure Public IP(s) in the firewall / external router not controller by ISP.
- ISP router is responsible for routing traffic from internal network to any external destination.
2. Router / Firewall
- I purchased Protectli Vault 4 Port Mini PC from Amazon. You can buy RAM & Disk separate to get better specs build.
- The Mini PC has 4 ports giving you flexibility in terms of connections (WANs or LANs)
- I then installed pfSense on the hardware, complete guide is available in this link; https://techviewleo.com/install-pfsense-opnsense-on-protectli-vault/
- pfSense is a free to use firewall and router software based on FreeBSD
- OPNsense is an alternative to pfSense. I didn’t use it for no reason at all. Will try it in future.
- pfSense has a number of services configured: HAProxy for Load balancing, DHCP service(for assigning dynamic IP addresses to devices), NTP for time synchronization, Snort(IDS/IPS), OpenVPN for remote access to my home lab, and Tailscale client (Mesh VPN: https://computingforgeeks.com/joining-pfsense-to-tailscale-headscale-vpn-mesh/)
- Network segregation using VLANs is also done on pfSense. I have 4 active VLANs – IOT devices & Appliances, Guest WiFi, Main WiFi, Servers & VMs.
- Firewall rules configured to restrict Inter-VLAN connections. For example Guest WiFi can only access DNS & Traffic filtering service in the Servers network VLAN. Many other rules exist for various reasons.
3. Switch(es)
- I used UniFi Managed switches for more control and the ability to configure VLANs (Virtual LANs).
- The main switch is USW-24-POE Ethernet Switch
- I chose Power over Ethernet (PoE) switch to avoid the use of PoE injectors for Access Points or any device that can be powered via Ethernet cable.
- The switch is managed through UniFi Controller (Network Application) running in an Ubuntu 20.04 VM: https://computingforgeeks.com/install-unifi-controller-network-application-on-ubuntu/
- The other small switch is dedicated for Home Security
4. Access Point(s)
- An access point is used to extend the wireless coverage of an existing network and increase the number of users able to connect to it
- I own two Ubiquiti Networks UniFi AP AC LR access points – UAP-AC-LR (24V passive PoE Indoor, 2.4GHz/5GHz, 802.11 a/b/g/n/ac, 1x 10/100/1000)
- They are both managed using UniFi Network Application
- WiFi access points mapped to VLANs as defined in pfSense and configured in UniFi Switch.
5. Main Server (or Servers):
- Main Servers run Virtualization software applications (Hypervisor)
- Hybrid of both Type 2 and Type 1 hypervisor
- I prefer Mini PC hardware for home lab use because of low power usage
- In my server rack I have 4 Intel NUCs
- And 7 Lenovo ThinkCentre hardware.
- Most have Intel Core i7 CPU, DDR4 RAM sticks, and NVME SSD.
5.1 Virtualization Stack
- This is a combination of software components used to create and manage virtual environments.
- Virtualization helps with hardware resources optimization like CPU, memory, and storage.
- Multiple virtual machines can share the underlying physical hardware, allowing for more efficient use of the resource
- In my Home Lab I use various Virtualization technologies, namely;
- Kernel-based Virtual Machine (KVM) – 2 nodes
- Proxmox VE version 8 – 2 nodes
- oVirt running on Rocky Linux OS – 1 node
- XCP-ng with Xen Orchestra for UI administration – 1 node
- OpenStack deployed on Rocky Linux as base OS. – 1 node
- VMware ESXi and vCenter version 8 – 3 nodes
- HPE ProLiant DL380 Gen10 server is power angry – only runs on need basis
6. Services
I run quite a number of services in my Home Lab for varying personal requirements. I’ll list some here:
6.1 Kubernetes Cluster
- My Kubernetes cluster is powered by Flatcar Container Linux as operating system
- It’s deployed and managed using Kubespray
- Has Nginx Ingress and Traefik Ingress Controllers
- Cluster Load balancer is MetalLB
- Container registry is Harbor
- Container storage: Rook
- Cloud native certificate management: cert-manager
- GitOps using ArgoCD
- API access comes through pfSense using HAProxy
6.2 OpenShift Cluster
- Powered by Fedora CoreOS at operating system layer
- Using OKD – Community Distribution of Kubernetes that powersRed Hat OpenShift
- Most cluster and other applications are OpenShift native deployed using Operators
- HAProxy is the load balancer for OpenShift nodes / API
6.3 Infrastructure Management & Automation
- Services Proxy Management: Nginx Proxy Manager
- Identity Management & DNS: FreeIPA
- ISO installer tool: Ventoy
- IaC by Terraform
- Ansible automations using AWX
- Git server powered by Gitea
- Now playing with Pulumi
6.4 Monitoring & Dashboards
- Prometheus with Grafana
- Dashy for home lab links dashboard
- Uptime: Uptime Kuma
6.5 Home Media / Entertainment
6.6 Data Syncronization
- Syncthing for syncing data across my systems / machines.
6.7 Ad Blocker
6.6 Home Automation
- Smart home automation: Home Assistant
- IoT Platform: ThingsBoard (in progress)
6.7 Security
- SIEM: AlienVault OSSIM
- Password management: Bitwarden
- Intrusion Detection / Prevention: Snort IDS
6.8 Logging
- Deployed Graylog and Grafana Loki. I switch depending on application needs and suitability.
- Log analyzer: GoAccess
6.9 Future software implementations (in the pipeline; not yet implemented)
- CCTV NVR: Frigate NVR
- SFTP server with optional HTTP/S, FTP/S and WebDAV: Sftpgo
- OS repos sync: Katello and Foreman
- Personal finances manager: Firefly III
- Analytics for websites: Plausible Analytics or Matomo
- Access & Remote Desktop: Teleport and Rustdesk
- Additional Network router / firewall: Sophos Firewall Home Edition
- SSO: Authelia
- Jump Server (if need be): Jumpserver
- Photos: Photoprism
- Home VoIP: Asterisk and FreePBX
Usefule installation links:
- https://computingforgeeks.com/creating-ubuntu-and-debian-os-template-on-proxmox-ve/
- https://computingforgeeks.com/install-proxmox-ve-on-debian-12-bookworm/
- https://computingforgeeks.com/deploy-production-kubernetes-cluster-with-ansible/
- https://computingforgeeks.com/how-to-deploy-openshift-container-platform-on-kvm/
- https://computingforgeeks.com/run-ansible-awx-on-kubernetes-openshift-cluster/
- https://computingforgeeks.com/install-configure-traefik-ingress-controller-on-kubernetes/
- https://computingforgeeks.com/deploy-nginx-ingress-controller-on-kubernetes-using-helm-chart/
- https://computingforgeeks.com/deploy-metallb-load-balancer-on-kubernetes/
- https://computingforgeeks.com/how-to-deploy-rook-ceph-storage-on-kubernetes-cluster/
- https://computingforgeeks.com/install-freeipa-server-on-rocky-almalinux/
- https://computingforgeeks.com/deploy-multi-node-okd-cluster-using-fedora-coreos/
- https://computingforgeeks.com/deploy-xen-orchestra-appliance-on-xen-xcp-ng/
- https://computingforgeeks.com/install-xen-orchestra-on-ubuntu-debian-linux/
- https://computingforgeeks.com/how-to-install-ovirt-engine-on-rocky-almalinux/
- https://computingforgeeks.com/installing-xcp-ng-virtualization-platform-steps-with-screenshots/
- and many more on computingforgeeks.com & techviewleo.com
