As I mentioned before in my introduction, I’m in the process of setting up a homelab server for both personal and business purposes as I am an independent game developer. I still consider myself a novice in the world of Linux and system administration, but in all honesty I consider it the beginning of a wonderful journey.
I’d like to start of this topic with an introduction to what I currently have in terms of hardware, my current plans and a few questions on what would be the right way of doing things!
Let’s start with the hardware:
Router: Unifi USG (used). Not the best platform, but it’s a start!
Network: Unifi switches & APs. Unlike their routers, these are very solid.
Workstation: Ryzen 5 2600, 32GB, 1080Ti, Windows 10
Spare PC/Server: Ryzen 5 1400, 8GB, Ubuntu Server 20.04.2 LTS
VPS: 1 basic cloud Ubuntu VPS for backup storage.
My first experience with Ubuntu was the VPS above, initially it was used as a source control server running Helix Core (previously Perforce). However, for most of the time, I had no idea what I was doing which did lead to occasionally accidentally wiping the source control server which was a bit of a nightmare. About half a year ago I repurposed my spare PC as a local server, installed Ubuntu and Helix Core, and migrated the source control server to my local PC which lead to a big improvement in file transfer. The VPS remains as a backup storage. At the same time, I’ve also installed the Unifi Controller on my spare PC server.
One of my first goals is to convert my current spare PC/server setup running source control and Unifi controller into a virtualization server. My goal here is to segregate the Unifi controller and source control server into their own container or VM to improve migration/deployment flexibility and introduce a snapshot system for recovery, should things go wrong.
Another reason for the virtualization server is so I can add more applications. For a long time, I’ve been wanting to add a CI system like Jenkins to my homelab for creating automatic builds of my game projects I’m working on. Furthermore, I want to look into deploying dedicated servers for any game I like to play.
Another goal I’d like to reach is to make my workstation a dual boot with Linux. This is primarily so I can make native builds of my game for Linux, but also to get more familiar with Linux as a desktop environment.
Finally, further down the line I’d like to look into creating a NAS solution.
Regarding my virtualization server, I will probably go with Proxmox, as Jay has an entire tutorial series on it and I don’t have any preference nor previous experience with other options.
I have one question about virtualization and networking:
With my planned setup, I plan to have have both business and gaming VMs run on the same hypervisor. The VMs for my company should be secured and only accessible from outside via VPN. On the other hand, my gaming VMs will should be easily accessible with port-forwarding so my friends can conveniently join them. To achieve this, does my virtualization server need 2 NICs on different VLANs or can this also be achieved with 1 NIC?
Usually, I prefer to separate the management network from the VM network. Not required though. I used to run everything from one network card for quite a while. You don’t absolutely need to have more than one NIC for segregation, but it can be easier. If I remember correctly, I’m pretty sure I bought an Intel PCIe network card with four ports on it when I first started separating things out, I don’t remember it being expensive. I’m not necessarily saying you have to do that, but it’s an option.
I haven’t used the USG myself, but so long as it does VLAN tagging and all the switches in between also support VLANs, you should (theoretically) be able to use VLAN tagging for the separation. But for port forwarding to your gaming server, you can just forward a port directly to it - if you have a good firewall solution you can control which service is able to communicate. I’m not sure how USG does it, but at least in pfsense I can have a list of firewall rules to make sure that there’s no traffic across networks that I don’t want to occur.
I currently run my Unifi controller as a Proxmox VM, and it works great. I especially like having it as part of my backup settings in Proxmox, so it makes it super-easy to revert it back if I goof something up. At one point I had my Unifi controller on a Raspberry Pi, and while that did work, updating was a chore. Not so on the VM, that works well for me.
You may want to consider a proxy in front of the things you do want to make available from the outside, so it can do name-based virtual host routing matching on the domain being requested. Even a container will do as a proxy.
In terms of network equipment, I should be good. The USG has sufficient VLAN and firewall capabilities to get this all set up and working. The USG tends to fall short with more advanced features like VPN etc. Tom Lawrence made a nice comparison recently.
In terms of how I would segregate the gaming VMs from the ‘corporate’ VMs, I initially thought about configuring a VLAN tag for each VM, so that the network traffic is already tagged when it comes out the physical NIC, but it sounds like a lot of tedious work unless it can be done on the hypervisor (I haven’t tried out Proxmox yet). Alternatively, I can just opt for two NICs and set up an untagged VLAN setup on my switch.
I still need to learn about proxy’s. Do you have some good resources on this topic?
I think this a mistake I made in going with the UDM Pro rather than just creating an appliance VM to host the Unifi controller. I may shift over to that model because I really like having everything in Proxmox clusters.
The Homelab learning curve for me has been rather steep, and will probably remain so for the foreseeable future.