Menu
Topic 2 Posts

meta

The Lab

By wryterra in homelab on

An image of my current homelab.
An image of my current homelab. An R710 Poweredge server with a Mac Mini, Protectli box, switch, monitor and keyboard balancing on it.

One of the things I'm looking forward to after the move is being able to expand my homelab. Right now my lab is, like everything else in my life, deliberately temporary. Balancing a server on a lack coffee table is not ideal installation by the documentation. But anyway, here's the lab as it is now:

Dell Poweredge R710 (named Wildemount). The main workhorse of the lab, 24 cores of CPU and 192GB of RAM. This website you're looking is, at time of writing, hosted right on this machine. It runs Proxmox, meaning it's serving multiple virtual machines.

Above that is a really old mac mini (named Issylra). This is also a proxmox server. The R710 runs the majority of services in the lab, but the mac mini runs my reverse proxy and unifi console so they can stay up when the Dell goes down.

I use Docker for most things with multiple docker hosts serving different purposes. Each of my docker hosts is named after a port in the Critical Role universe to keep with the theme. Nicodranis, Zoon, Damali and Darktow. Darktow is on vlan 60. If you know Critical Role well and look at what vlan 60 is in the list below this might make sense to you.

The last box in this little mini lab is a protectli box running pfSense, my firewall. The downstream network runs through netgear managed switches allowing me to use vlans to organise the network. Broadly speaking my vlan config is:

10 Infastructure. The router and the switches.

20 Servers. The vlan that the dell, mac mini and most of their VMs run on. The vlan is heavily firewalled. More or less anyone can access the servers on port 443 (for web uis), vlans 30, 40 and 60 all have access to SMB but nothing from WAN. Everything else is blocked, except for SSH access, which is available only to machines on vlan 30, the trusted management network.

30 Trusted. Nothing actually sits on this network by default, it's a second wifi network that I only connect to when I want unrestricted access to the servers vlan from another machine. It's kind of like the same principle as using sudo to protect elevated priviledges on a linux system. Even if someone compromises my PC (or any other device in the untrusted network) they can't actually do much to my servers except consume their web uis. To actually shell into a server they'd need access to the trusted wifi network which has a hidden ssid and seperate password, which isn't stored in any keychains. The other route is teleport which has two factor authentication on it.

40 Untrusted. This is where almost all of our devices live, PCs, laptops, phones, etc. They have access to the servers via port 443 (and a few exceptions needed for things like Plex) but otherwise are partitioned.

50 Silo. This is for IoT devices. It has no internet access and very limited access to other networks, only what's necessary for things to function.

60 VPN. Anything on vlan 60 is routed to a VPN set up in pfSense. They have very, very limited access to other networks. Specifically, they can mount drives from my NAS via SMB. That's it. This way I can remote into an ubuntu VM from any machine that goes through the VPN to privately browse and manage downloading my linux ISO collection.

It's been serving me well so far but after the move I should have space to get a rack and expand this just a little bit. I'll post more as it happens.

A Moving Experience

By wryterra in personal on

An AI generated image depicting a black cat sitting on moving boxes in a suburban living room.
This is not my cat. This is what an AI thinks a black cat sitting on a moving box in a suburban living room looks like.

I guess this is the first post of this blog and it seems a reasonable place to start. I moved to Scotland with my partner right at the end of 2019. We were selling a flat in London and moved into a rented flat, thinking we'd be here a few months while we settled in to Glasgow and found a place to buy. Then a few things happened.

I mean they happened.

First, legislation came in after the Grenfell Tower fire about cladding on high rise buildings. Eminently sensible legislation, let's be clear, but the problem was without a certificate saying your high rise flat was safe it wasn't mortgageable. My buyer pulled out. So now I was stuck renting a place in Glasgow and paying for a place in London which I couldn't sell.

Well, it's not the worst thing that could happen. We'll get the survey done, get the certificate and sell it again.

Of course it turns out there's only a limited number of people in the country qualified to do that survey and issue that certificate and there's a lot of high rise buildings to cover. It also turns out that when a global pandemic hits and everyone is put on furlough those certificates are not getting issued in a hurry.

I think you can probably see where this is going. We've been in that same rented flat in Glasgow for a lot more than a few months. We did, eventually, sell the flat in London. We then found a nice place we wanted to buy in Glasgow and after some legal tooing and froing were just about ready to buy when... it turns out it's at risk of flooding. We consider the risk and the fact that we both believe climate related events are just going to get more common and... pass. We go back to house hunting.

Then we found another place, looks great for us. Even has a great basement. We could finish that and have even more room down the line... except the basement isn't on the title deed. Huh. Commence more delays and more legal tooing and froing. Well, here we are end of March 2023 and it looks like we're really, really close to moving. Finally. Three years late.

Now what that means is my life is about to get interesting as for various reasons I have a fairly decent bit of money stashed ready for this move so we're going to be doing some renovations, installing some new tech and generally making the place our own. Which will give me a lot to document that I'll probably want to look back on in the future.

Hence, a blog.

It's going to be about, well, stuff that happens to me. It's a personal diary more than anything but if you get something out of reading it then welcome!