Virtual Machines
Introduction
There will be a variety of Virtual Machines contained within the Home Lab. A Brief description will be provided here with a more complete set of notes on each individual VM on the links.
Virtual Machine Installation & Configuration Notes
Qemu Agent Install
All VMs should have the qemu guest installed even server installs, it will allow the guest VM to communicate with Proxmox and give better options from the Proxmox . For Debian / Ubuntu type.
sudo apt update && install qemu-guest-agent
For Windows VMs there is a cd that can be referenced when defining the VM. On the OS page as soon as the Guest OS "Microsoft Windows" is selected a tick box, with the title "Add additional drive for VirtIO Drivers" appears. When selected find an ISO image "Virtio-win.iso". If it is not available it can be added to the ISO library on Proxmox by downloading it from https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso or https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso.
Virtual Machines
A fairly high description of each of the VMs in use in the Home Lab.
Firewall
Pfsense
The firewall and gateway to the whole of the Home Lab. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the Pfsense firewall can be found here.
MGT VLAN
Management kiosk
A desktop Linux used to configure other VMs including Pfsense. As it is so sensitive i have kept it isolated on the MGT VLAN. There I have setup passwordless ssh to various other VMs as well. The host is called Lemon and has an IP Address of MGT.20.
CA Server
I have setup a host specifically to issue SSL certificates. The host name is Alpine with an IP of 192.168.99.25/24.
Infra Vlan
Nameserver
There is only one nameserver at the moment called ns1 Infra.11. It is the only host on the Infra VLAN.
VPNNet VLAN
VPNserver
There will be a VPN server called vanilla at VPNnet.5. It will control VPN access to the rest of the network.
Terminals
Remote Access Terminal
There will be two VMs setup on teminals VLAN with a desktop that I will provide for remote access one of them will be Linux (Ubuntu), hostname Lychee and the other will be Windows 11 Pro with a hostname Wahoo.
Prodution
Reverse Proxy
The Reverse proxy Ngnix install is hosted on Raisin production.9. It should be setup to fetch SSL certs from Letsencrypt and copy the certs to the various webservers that need them. It's primary role, of course is to manage access to the webservers.
Webservers
There wil be at least three webservers, One hosting www.seaoffate.net, another hosting plum.seaoffate.net and another hosting wiki.seaoffate.net. These will also be servicing .local addresses. MySQL will be on a different host. There will be other hosts that have some sort of webserver on them but not as a primary role.
File server
There is a file server called fig at Production.11. It will also have a webserver installed and will answer to files.seaoffate.net & files.seaoffate.local. It should be configured to serve files using NFS,FTP and SMB locally but only SFTP externally.
MySQL Server
Manderin at Production.8 is hosting the MySQL Databases.I will probably install phpmyadmin at some point to make DB management a bit easier but I doubt if I will give it external access.
UpLoad Server
There is an server especially set for SFTP and SMB serving. It will be on Production.25. It will have a large HD that will be used to import and export all pictures from the network.
Backup Server
We will have a dedicated backup server, Strawberry, that will share files with other servers like the Plum (Photo) server by NFS. It will mostly do not too much except monitor the files for others. If it looks like NFS is creating too much of a bottleneck we can look at storing photos directly on Plum and grabbing them periodically to upload. i will be doin just that so this note will change when i have reconfigured the Plum (Photo) and this server Strawberry.
Future VMs
I may well setup a streaming server with some sort of NFS RO share from the file server.
Installation Scripts
We are creating several scripts to speed up the installation of the VMs. some are long and major time savers and some are not much more than one or two lines.
Webserver Setup
Some Apache and Gninx scrips to speed up creation and deployment of webservers.
To help with installing the various packages for webservers we have a simple script to call apt to install them all. We have a copy in my Templates dir on lemon as we will need to copy it to the new webserver. After it is copied to the target webserver we call the script with ./lamp_client_install.sh
Add a Hostname & IP Address to DNSmsaq
There is a script that can be run to add a dns record to dnsmasq
sudo ./add_dns_record.sh <hostname> <ip_address>
It will have two parameters one for hostname and the other for the IP Address of the host we would be dealing with. The script can be found here
As a quick check to make sure dns looks right there is a quick list of all dns entries called with
sudo ./list_dns_entries.sh
The third thing we will want to do from time to time is to delete a record. Call this with the hostname of the dns entry that is to be removed
sudo ./delete_dns_record.sh hostname
hostname can be either FQDN or just the hostname.
