Homelab Proposal

I have some technical background, but fall somewhere between novice and intermediate. I would like to make a proposal for a homelab setup and get some feedback.

I have the following hardware available to me:

• Various iOS devices for mobile
• 2017 13" Macbook Pro (Wife’s laptop)
• Arris cable modem 300Mbps (available 400Mbps nominal via Xfinity, no plan to upgrade)
• TP-Link Archer C2300 Wi-Fi router
• Mac mini (late 2014) 2.6GHz Core i5, 8GB RAM, user upgrade to 256 GB SSD.
• Dell Inspiron 5558 laptop 4th Gen Core i3-4030U Processor (up to 1.90 GHz), 8GB RAM, dual boot Win 10 Home/Pop!_OS 20.04
• Toshiba Satellite C655 Celeron 900 single core 2.2 GHz, 4GB, Windows 7
• Raspberry Pi Zero W running Pi-hole (DNS & DHCP) connected via ethernet
• Raspberry Pi Zero W unused
• Raspberry Pi 3 B+ unused
• Samsung Tab S6 Lite (ordered…will take over the function of YouTube player from Mac mini)
• ThinkPad T14 Gen 1 T14 Ryzen 7 4750U, 16GB, 512 PCI-NVMe SSD (ordered)

My thought process:
Mac mini: install Ubuntu Server 20.04, openmediavault, nextcloud (DropBox is full, and I am tired of it). I would attached four mixed size/speed USB drives as storage, but it will have to be JOBD or equivalent I assume. This would serve as cloud storage (will have to learn how to secure it for outside access), media serving via Plex or other, and general NAS. I would back this up to Backblaze as I do not have the option to create a RAID with my mixed size/speed drives as I currently understand it…not that I would not still back it up, but the backup will be my only redundancy. I will not have a solution for bit rot protection at this time.

I would like to create a second Pi-hole with the other Pi Zero for redundancy.

If possible, perhaps I could use one of the laptops as a firewall? Pfsense? That would all be new to me. At that point I could turn over DHCP to the laptop and use the Pi-hole as DNS sink hole only.

I would like to set up a k8s cluster using Raspberry Pi’s. I thought I would purchase one Pi 2 B+ and use it in conjunction with the one I have as redundant controllers, and then purchase three Pi 4 B with 4 GB for the nodes (8 would be better, but I want to cut costs). Ultimately, I would like to set up a web server and self host a blog after I learn a) k8s b) a web server solution c) how to secure it and d) implement some dns service to provide me with a persistent IP to the outside world. I already have a couple domains registered. This would be for fun only so 100% uptime is not a concern, although my service is quite reliable so it should be fairly high. I would like to eventually have this cluster and my other network gear running from a UPS to provide a window for safe shutdown in case of power outage. I would probably use this cluster a lot for learning other stuff as well.

If I cannot swing the cost of the cluster soon, I would still like to use the Mac mini as a NAS, and I could play with Android development or something until I have the resources. Just not sure yet.

My overall goals are as follows: centralize data storage for easy offsite backup, provide roll your own cloud services and ditch DropBox, secure and monitor my network (I still have two kids using the network), occupy my brain as I am disabled and have nothing but time on my hands.

I know I have already received some feedback on this in another thread, but I would very much appreciate any further insights, suggestions, and alternatives you may think of. Perhaps something I have suggested is not practical or possible i.e. firewall running on laptop? Any and all comments welcome.

Here’s some thoughts, in no particular order.

• I’m not really sure a K8s controller will work on a Pi 2, just because I haven’t personally tried that. Maybe someone else can chime-in, but it’s not as powerful as newer models and I think that the difference might be felt somewhere. But you can certainly give it a try.

• Pfsense on a laptop, I don’t know how well that would work, due to it having only one Ethernet port. It’s not that you can’t do that, I’ve just always favored machines that have two Ethernet ports, so one is dedicated to WAN and the other is dedicated as LAN. Firewall rules are a lot easier to write with separate interfaces.

• For your layout, you might consider the following:

  1. Use your laptops as LXD container hosts. Have the laptops themselves mount NFS shares from your Mac Mini (now a NAS) so that is the backend storage. Put each app into an LXD container running on the laptops.

  2. Since you have two laptops, consider both of them being LXD hosts. You can practice migrating containers from one to the other, so you can install updates on one and then the other after migrating the containers.

  3. With LXD, you could set up Plex to run in an LXD container, then use something like Autofs on the host to mount the Mac Mini NFS share where you keep your videos. That way, the Mac mini becomes the thing you want it to be - central storage.

In regards to DNS providers, they won’t provide you a static IP, only your ISP can. And most ISPs won’t do that unless you subscribe to their business plan, which is orders of magnitude more expensive. Instead, I would just enable dynamic DNS in your router (most of them have that) and then if you have a domain, set up a CNAME pointing to your dynamic DNS name, and that essentially creates the exact same thing as a static IP without you actually needing to have one.

I had the same thought about Pfsense on the laptop this morning. Shoot.

Yes, using the laptops for containers and leaving the Mac as the storage makes more sense. Great idea.

I was thinking of years ago when I used some service (maybe DynDNS?) that created a “static” IP. I do not know anything at all about CNAME at this point, but I trust your solution is the better one. I will put that on my list of things to learn.

I really appreciate your feedback!

You’re welcome. I’m not necessarily sure my answer is “the better one”, in some ways, it’s pretty much the only one.

With residential Internet, your IP changes every now and then. I’ve seen some people hold onto their IP from the ISP for months, and with others it seems to change every week. It depends on the ISP.

What Dynamic DNS does, is check to see what your IP address is at any given time. If it changes, it connects to a third party service, and automatically updates the IP address for you.

So if your public IP is 64.45.78.98 today, and your dynamic DNS domain is “mydomain.com”, then the dynamic DNS “client” running on one of your servers or in your router, will connect to the third-party dynamic DNS provider and tell it what your IP is. It will watch it, and if it changes, it will send a request to update that for you. That way, you can always refer to “mydomain.com” and it will always point to your current public IP (whatever the heck it is at any given time).

If your ISP gives you the ability to purchase a static IP, then you’re good - that’s awesome. But my ISP charges about $120 more for that privilege, which counts other “prerequisites”, and is just outrageous. Maybe your ISP offers a static IP for cheap. Most don’t at all. That’s why a “hacky” solution like this is being presented, it works around the inability of obtaining a static IP for your connection.

Where the CNAME comes in, is in a situation where you want to host a website. Maybe “myawesomesite.com”. Since you’d have dynamic DNS running, “mydomain.com” will always know what your IP is at any given time. Then, you can have a CNAME for “myawesomesite.com” (your website) point to “mydomain.com” (your dynamic DNS domain) so you can host publicly available services inside your LAN, if you want to do that. Why this would be recommended, is that if you had a webserver running internally, it can look for requests for “myawesomesite.com” and handle that differently than requests for “mydomain.com”, and you can proxy the requested domain to the matching container or VM.

I hope that makes more sense, and another reason why I spelled it out in so much detail is because even if you knew all of that, it may help someone else understand the dilemma and a way to work around it.

So you are saying that both technologies are needed working together? Also, is the “if you want to do that” part of the statement loaded? Is that a really bad idea for a low (to no) traffic website? Maybe the security risks are too high?

Are CNAMEs covered in your Ubuntu Server book?

The two technologies are not required together. A CNAME is just a DNS record that points to another name. You could get away with just the dynamic DNS name, but I like CNAME records because I can have different domains that point to my main one, to control proxy requests.

I do cover DNS as well as CNAME records in my book, but the angle that the book takes may not be what you need. In the book, it walks you through setting up your own DNS server. You can simply use the DNS service of your registrar (whever you buy a domain from) and not even need to set up your own DNS server. So how it’s discussed in the book might be overkill for your use-case.

Still a little foggy on this, but I will get there.

In the mean time I started reading MUS 3rd ed. I am really enjoying the book! I am not crazy about Packt. I had all sorts of issues getting the website to work in Firefox, and eventually had to use Chrome. The website is meh in general. In the end I just bought the book and sent it to Kindle on my tablet. I am not sure a subscription for tech books is cost effective in my case, although I like the idea. Just some unsolicited feedback Of course you have to publish in a way that makes the most sense for you.

Thank you for the feedback. I’ve had some issues on the Packt site too in the past, but they seemed to have fixed everything. It’s working for me as of today, at least. As for Packt remaining my publisher into the future, I’m not glued to them or anything but they’ve been good to me. My future plans with the publisher depend on the sales numbers that come back from this new book, which I won’t see until around the end of next month. So I literally have no idea if it’s doing well or not at this point. It will be interesting to see.

Regardless, thank you for purchasing the book!