My Home Lab v4.0
An overview of my setup, including hardware, software, and network topology
I've always dreamt of self-hosting my website, so I took an old PC and installed Debian, and that's where I ended up
What is a Home Lab?
Think of a Home Lab as your own space to handle a lot of the stuff you usually find online. I've had some failures before finding a solution that works for me but for now I can say I'm satisfied. Don't worry I already know I will try to upgrade it in the future ;) I'd like to take on even more challenges, and a home lab gives me plenty of opportunities to do that.
In essence, it's about the journey of learning and refining through both successes and failures
Hardware
Mini PC GK41
OS: Proxmox PVE
CPU: Celeron J4125 @ 2.70GHz
RAM: 8 GB DDR4
Storage: 2x SSD 128gb (RAIDZ1)
Eth: 2x GB interface
DELL Optiplex 5040
OS: Proxmox PVE
CPU: i5-6500 CPU @ 3.20GHz
RAM: 32 GB DDR3
Storage: 2x SSD 512gb (RAIDZ1)
Eth: 1x GB interface
DELL Optiplex 3010
OS: Proxmox PVE
CPU: i3-10105 @ 3.70GHz
RAM: 64 GB DDR4
Storage: 2x M2-SSD 256gb (RAIDZ1)
Eth: 1x GB interface
Terramaster D6-320
Model: D6-320
OS: Dedicated VM (truenas) on PVE.
Storage: 3x 2TB HDD RAIDZ1
3x 512GB SSD RAIDZ1
Interface: USB3.2 (10Gbps)
Networking Stuff
Cisco Switch L3
Model CBS250-8T-D
Ports: 8GE + 1 POE
Features: Vlan, QoS, GVRP, MSTP, snooping IGMP
Security: ACL, 802.1X/Radius, SSH/SSL
HP Procurve Switch L3
Model: 1810G-24 Switch (J9450A)
Ports: 24GE + 2xSFP
Features: Vlan
Network Topology
Network Structure:
Main LAN 10.100.0.0/24:
Physical separation of VLAN is achieved using an L3 switch.
VLAN10 10.100.10.0/24 | 255.255.255.0 | LAN services.
VLAN20 10.100.20.0/24 | 255.255.255.0 | Internet access.
VLAN30 10.100.30.0/24 | 255.255.255.0 | IoT devices.
VLAN40 10.100.40.0/24 | 255.255.255.0 | WAN service servers.
Network Security:
Cloudflare proxy obscures the IP and provides additional security.
Accessible via Wireguard VPN for remote connectivity.
Firewall rules for WAN traffic and blocking communication between VLANs.
Wazuh SIEM agent deployment for security monitoring.
ACL for the reverse proxy web service.
Intrusion Prevention System/Intrusion Detection System (IPS/IDP) integration on the router
Network Redundancy:
Employment of APC Back-UPS 400VA with a 132 Watt battery for power backup.
Servers are powered by solar panels for a reliable and eco-friendly energy source.
Configuration of RAID 1 on each server, with daily backups of VMs on the NAS for data redundancy and recovery.
Utilization of a Proxmox cluster with High Availability (HA) configuration for redundancy in case one of the node fails.
Implementation of Cold Storage for Efficient Long-Term Backup:
What do I host?
Wazuh:
A security information and event management (SIEM) system that includes intrusion detection, vulnerability detection, and security monitoring for threat detection and response.
Nextcloud:
A self-hosted, open-source file synchronization and sharing platform that provides cloud storage, document editing, and collaboration features.
Nginx Proxy Manager:
An Nginx-based reverse proxy server that facilitates routing and load balancing of web traffic to different web services, enhancing web server security and performance.
DNS (Pi-hole):
A DNS-based ad-blocking and DNS sinkhole service that filters out unwanted content and malicious domains by intercepting DNS requests.
Portainer:
A Docker container management interface that simplifies the creation, management, and monitoring of Docker containers and applications in a containerized environment.
WireGuard:
A high-performance, modern, and secure VPN protocol that creates virtual private networks for secure and efficient communication between devices.