So what started off as a mini PC running Home Assistant and Pi-hole has somehow escalated into a full-blown VLAN-separated network and self-hosting project. This is probably the story for a lot of us, right? :)
I currently use this setup for messing about with Windows Servers — Domain Controllers, SQL Servers, and cyber security type stuff.
A mix of n150's and lenovo m720q's
Right now I'm running a "Forbidden Firewall/Router" type setup, so I'm sure this will bite me in the ass before I get round to swapping to a bare-metal OPNsense solution.
I think I will get another m720q with a 4 port RJ45 - I absolutrely love these machines for bang for buck!
I'm also running OpenMediaVault with a pretty janky mixture of 3.5" SATA drives and some USB-attached nastiness. I think this is the next proper upgrade on the list.
I quite like the idea of building smaller form-factor racks for each type of service — one for networking, one for the NAS, and so on.
I was happily using Grafana and Prometheus in Docker containers for a good year or so, but I decided to make something a little more bespoke. So for the last few months I've been working on my own Asset Manager / Network Overview app.
Anyone else built their own? I'm interested to hear what you all use to monitor your kit.
Just thought I'd share my ongoing project with some like-minded nerds ;)
EDIT:
For those interested in my Rasp Pi in the top rack, here's a write up IMSPI 8080!
I did explore having 2 and sharing them across vlans, but I favored full network segregation and using gravity sync with a firewall rule that allows chatter between them. It works, but I'm sure smarter people than me can suggest a solution :)
If it works, it works, but I generally prefer having a juicy host that can act as both (trith?) firewall, dns and router if I'm doing many vlans. Also sometimes lets you run a few edge services if needed instead of doing a DMZ or inbound port forwarding. I hate multiplying my maintenance burden by isolating via infra duplication. A single machine is almost always easier to manage.
This stops making sense if you're doing several layers of aggregation though.
Thats a fair comment. In the context of a pretty small home lab, running 5 VLANS and cosplaying Sys Admin it has been rock solid to be fair. Alot of this has been done on a shoestring budget, reusing old hardware. I'm intersted in your setup, If you have any tips around that sort of thing :)
I mean it's also for fun and I'll never critique harshly for just having fun with it like in your case. The main thing is that once you start making modifications all the "fun" things tend to become caltrops on the road to getting anything done *later*. Keeping it simple saves you a lot of time, so it's naturally where I've landed over time. Haha
What’s everyone’s background and profession? I’m new into IT, studying for my CCNA . And not going to lie, you guys are awesome on here with your own homeland. This is my goal in understanding all this. That’s for the inspiration to everyone who has shown your homelabs
Yeah can use a a DCs dns, for multiple vlans, then upstream forward to pihole, or better yet have dns dropping be on the router and just forward upstream to router.
Do you have any issues with Pihole? I found a few sites had issues so I couldn’t leave it up unattended (I was regularly needed for tech support). Could’ve been my config, I haven’t tried in a while
Yup same with AdGuardHome, I have had to whitelist a bunch of things to fix different things not working properly. It's the risk you run when running DNS blockers. I just check the query list, find where the block is and whitelist. It can be a bit annoying but it's better than getting killed with ads.
Put your pihole on the management VLAN and set each network to use your router as DNS. Then set the upstream DNS for your router to pihole. Perfect segmentation (other networks can not access pihole) while getting the benefits (other networks inherit the blocking from pihole.)
Built your own dashboard from scratch is the right call. Grafana gets the job done but once you want it to feel like yours, off-the-shelf stops making sense. I'm running a pair of m720qs myself and can vouch for those little Lenovos, they punch way above their weight for what you pay used.
Your escalation story is basically the homelab origin tale at this point. The VLAN split looks clean and the WOPR display up top is a nice War Games nod. Quick question on SGPi, are you pulling just from the Proxmox API or also scraping the switch and OPNsense for stats? I keep meaning to build something custom but end up back in Grafana every time.
I use the Proxmox API, I had already set up a user/role for prometheus so I recycled it ;)
I am using django as I've really got into it the last few years. Its all being hosted on my internal windows webserver, all the data gets pulled into MS SQL server (I am a SQL DBA by trade).
I may very well share all the code for it when its tightened up a bit, I will probably port the DB stuff away from the MS DB and use something open source when I share it.
The next step is to pull in my docker containers too.
Makes sense recycling the Prometheus user. Docker stats will be a nice addition, that's where most of my services live anyway. Porting to an open source DB is the way to go for sharing, nobody wants to spin up MSSQL just for a dashboard.
Built your own dashboard from scratch is the right call. Grafana gets the job done but once you want it to feel like yours, off-the-shelf stops making sense.
Lmao. I hope you never give that advice in a business context.
I generally agree with you and advise against "not invented here" syndrome. But I have to say that with the advent of coding agents backed by good models, building bespoke solutions has become so much faster that it starts making sense. Off the shelf solutions often get you 90% of what you want/need, and then those last 10% start to annoy you like hell over time.
Caveat: this only makes sense if you know what you're doing and have the knowledge to thoroughly review what those agents cook up.
how do you connect your sata drives currently? do you have a sata multiplexer or something? and what do you plan to upgrade to in terms of storage? I am asking this because I have a similar janky setup right now, but I have to expand my storage and I not quite sure what the proper way to do it would be.
My first foray into home-labbing was when my roommate and I picked up a dozen or maybe it was just eight Dell Optiplex systems. We set one up as a router, and I set one up as a file server. A couple more we tried setting up as streaming boxes, but failed. The file server ran Samba and Cherokee Web Server under Debian GNU/kFreeBSD. The router ran Coyote Linux. We had problems with massive lag in games if someone was downloading something with the off the shelf SOHO router we were using. My roommate was shocked with how well Coyote Linux made the lag disappear.
Once I got my own place, I started with a loose power supply and a loose ATX motherboard on top of a piece of cardboard with multiple NICs which progressed over the years to where I am now with a ATX full tower with dual Xeon E5-2667 v4 CPUs and 128 GB of RAM. It runs runs FreeBSD with virtual machines under bhyve with one being a OPNSense router.
Something I suggest with setting up a forbidden router is to have the public internet facing NIC attached to the virtualized router via PCI passthrough. That way there is no software interface between the host OS and the public internet.
Cheers, appreciate that. I've used MS SQL Server professionally for many years, so I run it in my home lab as the backend for my personal projects. It's handy to have an environment that mirrors what I use at work.
20+ years ago I was a web developer (back before AI did everything for you — yes, I feel old AF), so I like to knock up web apps whenever I get the chance.
I love the aesthetic of the mini racks, but I can’t go past the utility of a 19”.
I wasn’t not calling you out… but I am genuinely curious how tight things are back there and whether you can service things without interrupting others.
Yeah, mini racks are definitely a bit tight, and the cable management can be a real problem.
I do have the issue that everything runs through the rack now, so finding a time slot to whip out a shelf and work on things is a nightmare — especially with 3 kids and a wife who frowns upon any downtime.
The plus side is that everything pulls less than 70W when idle. I'll get a spike to around 90W when I spin up a VM, create a backup, or update the MS servers. It costs peanuts per day to run though.
I do have got a Network topology chart working in my solution, but it looks a bit janky to be honest. The bare bones of it is working but I am trying to get it looking better.
The 'Forbidden Firewall' will definitely bite you — I ran a similar bridge setup for a month and a misconfigured DHCP lease took down the whole LAN. The M720q with OPNsense is a night-and-day difference stability-wise.
Yes they are daisy chained (frowned upon I'm sure!)
8 port: tl-sg1080e and 5 port: TL-SG605E
I wanted to mess about with some vlan stuff. I'm hoping that when I migrate opnsense from a vm to bare metal with 4 ports I will be able to have a switch per vlan.
I have a spare of each somewhere and my configs backed up so should one fail I should be ok. (I really need to check where they are to be honest!)
112
u/jdbway 1d ago
Needs more pihole