Home Lab

From Sea of Fate
Revision as of 10:43, 28 February 2026 by Wikisailor (talk | contribs) (Reference Notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Introduction

The purpose of the home lab will be to provide a safe store for all of my pictures and videos. Also there will be a website to document my adventures, It will be contained within the Proxmox Server, The main host for all of the has the host name Pear. Pear will be backed up by a smaller host with less processing, memory, storage and everything with a host name Kiwi.

Network Configuration

With the addition of the new Proxmox host, Kiwi, we are adding a managed switch and changing the LANs to be regular VLANs. The managed switch will allow all of Kiwi VLANs to be behind the Pfsense firewall on Pear. Kiwi has a single 2.5GBps NIC so to boost speed a NIC with the same speed will be added to Pear and the Desktop. While there was only one host with one NIC with its own networks all defined on Pear there was not much need to document as it is all fairly self explanatory. However, now there is the second host Kiwi and a managed switch to configure they need to be properly configured and documented. Further details can be found Network Configuration

Virtual Machines

There will be a collection of Virtual Machines, mostly Linux hosts partly because they are free but now that i have found a really cheap license seller the cost is less of a concern. Reliability is the other reason for basing the systems around Linux. The general setup is to have a Pfsense firewall at the central gateway to my network all of the rest of the servers being linked by it. There is already a Nameserver, a reverse proxy to allow access to Webservers. there will be a VPNserver to allow remote access to some Desktop VMs. There is a CA server so I can issue my own certs to the various computers that I use. There is a management kiosk that I am using to do most of the configuration, as it is not going to be easily access from outside it will keep all of the configuration inside Proxmox. More details of the VMs can be found here.

Systems & Services

Most of the services that were set up have been indexed by the hostname in Virtual Machines'. We will start listing by the service that is setup linking to the hosts possibly but just as an alternate index listed by Systems & Services.

  • will be the Kiwix server
  • will be the ArchiveBox
  • will be the
  • Minecraft will be the Minecraft Servers

Reference Notes

A few reference notes that will detail some of those things that are easily forgotten but are frequently required for example the Nginx and Apache host config directives or the ZFS commands. There should be a set of notes to include these Here. There may also be a book format version of the notes notes.seaoffate.net

External Access

I want to allow access to some of the network from remote sites initially by SSH but also other means at a later date.

GPU PCI Pass Through

It proved impractical to do GPU PCI Pass Through with the AMD 6700xt GPU so it is being replaced with a Nvidia 5060. further details of the steps taken to do the PCI Passthrough with an Nvidia GPU can be found

Attacks

The various VMs are exposed to the Internet and will therefore be subject to attack. If the configuration of Pfsense, edge router(from the ISP) or the individual VMs and services has errors or omissions there will be some risk of hostile actors gaining some control. Obviously, any mis-config can be mitigated by having several layers of configuration so that if one thing is missed other defences will cover that possible vulnerability. Merely having locally hosted webservers will make them a target and also other ports will also be probed, although these probing attacks can be deflected by using Cloudflare's proxy service instead of DNS only. The big problem with Cloudflare's proxy service it that they will only proxy the web ports on the free tier, it is possible to proxy other ports but only if additional fees are paid. The attacks were triggered by having RDP service hosted as DNS only at Cloudflare and the RDP service was giving a response so the attack bots simply tried probing.

Kiosk Container

I wanted to repurpose a older tablet that is not used too often into a digital picture frame so I install a kiosk application from play store and it needs to point at a webserver so I created a LXC based on Ubuntu and installed the relevant servers on it. It is outside Pfsense for easy access and it does not need to be accessible from the Internet so this is the easiest. I have added on some basic monitoring just because I can but it is not a replacement for Zabbix or Prometheus + Grafana stack by any means. The admin page is at admin_index.html and the kiosk should be served from the index.html. A more comprehensive guide mostly generated by Gemini is here

Retrieved from "https://wiki.seaoffate.net/index.php?title=Home_Lab&oldid=1333"