optimized images and changed some content

This commit is contained in:
ChrQR 2024-04-26 00:32:50 +02:00
parent 4fe5b299ac
commit 151c76e076
13 changed files with 150 additions and 98 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 732 KiB

BIN
src/lib/images/asrock.webp Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 214 KiB

BIN
src/lib/images/mig.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 213 KiB

BIN
src/lib/images/os.webp Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 250 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 646 KiB

BIN
src/lib/images/rack.webp Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 160 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 341 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.0 MiB

View File

@ -1,6 +1,6 @@
<script>
import migImg from "$lib/mig.jpg"
import osImg from "$lib/os.jpg"
import migImg from "$lib/images/mig.jpg"
import osImg from "$lib/images/os.webp"
import { blur, fade } from "svelte/transition";
</script>

View File

@ -1,98 +1,149 @@
<script>
import asrockImg from '$lib/images/asrock.jpg'
import rackImg from '$lib/images/rack.jpg'
import quoteImg from '$lib/images/redditquote.png';
import asrockImg from '$lib/images/asrock.webp';
import rackImg from '$lib/images/rack.webp';
</script>
<div >
<h1 class="text-2xl mb-4 font-normal">Homelab</h1>
<div>
<h1 class="text-2xl mb-4 font-normal">Homelab</h1>
<div class="content text-left">
<article>
<h2 class="text-xl text-center">Origin and Hardware</h2>
<p>My interest in “Homelabbing” arose long before I was familiar with the term Homelab. I have always been curious, and drawn towards things that are unfamiliar to me. I am also a builder and problem solver by heart, which has given me a broad understanding of tech and maker-culture.</p>
<p>My lab started almost 4 years ago, when I wanted to set up my own DNS server at home, to add network wide ad-block (Pihole). As I learned more about Linux and containerization I quickly got drawn into the hobby of self-hosting web-services. </p>
<p>Raspberry Pi's are great, but it takes ages to build docker images, so it wasn't long before I upgraded it to a Lenovo Tiny M73 workstation with 8gb ram and a 4th gen i5. This was a big step up, which enabled me to host a lot more services and experiment more with building and deploying my owner docker images.</p>
<p>As I wanted more storage, and the expansion ports on a mini pc are limited, I upgraded to a slightly larger Mini PC (Asrock Deskmini x300). The specs mentioned 3 m2 slots and 2 sata slots which would be perfect to build a low power NAS as the max power draw less than 50w.</p>
<p>I quickly learned that the low power motherboard obviously wasn't able to power two 10TB Ironwolf HDD's, so I had to hack up a solution with an external power supply. This was a bit of a mess (See picture below) and the flaky setup also led to occasional smart errors from the HDD array so I knew I had to move to new hardware soon.</p>
<img src={asrockImg} alt="" class="rounded mt-4">
<p class="italic text-sm mb-4">The two HDD's are powered by an external power supply that I had to manually switch on and off when I rebooted the server. The patched cables also led to lots of S.M.A.R.T. errors which is obvious not great.</p>
<p>In the beginning of March, I upgraded my motherboard and ram in my main pc, and used the old mb and ram as a base to build my server. I plan to mount everything in a rack when we get more space, so I built the new server in a 2U rack case, which also leaves lots of room for storage upgrades. I used consumer grade hardware to keep idle power low:</p>
<ul class="list-disc list-inside indent-4">
<li>MSI Pro-690-P (Lots of IOMMU groups)</li>
<li>Intel i3-12100f (Low power idle)</li>
<li>32GB Corsair Vengeance DDR4 3200</li>
<li>1tb Samsung Evo 970 (Host boot and VM disks)</li>
<li>512gb Samsung Evo 970 (NAS cache)</li>
<li>2 x 10TB Seagate Ironwolf (RAID1)</li>
<li>Geforce 1650ti 4gb (for transcoding)</li>
</ul>
<img class="rounded my-4" src={rackImg} alt="">
<p>The homelab is also connected to two 3D printers, that are running open source custom firmware (klipper) and controlled through a web interface (Mainsail) from any device in the local network. I started with a Ender3, and during my parental leave last year I built my own printer from a open source project called Voron0. The parts are all sourced, and the rest of the parts are 3D printed in ABS+. It took me roughly 40 hours to build it and calibrate it.</p>
<h2 class="text-xl text-center mt-4">OS</h2>
<p>The server is running ProxmoxVE which is great for experimenting, as I can provision development and test environments easily from templates and spin up machines to experiment with Kubernetes without affecting my services. It's also interesting to learn the basics of Proxmox even though virtualization is not necessarily something I will do a deep dive on. It also makes it easy to separate services in LXC containers and virtual machines.</p>
<h2 class="text-xl text-center mt-4">VMs and Services</h2>
<h3 class="text-lg text-center">Docker Host</h3>
<p>This VM is my production environment where I run my docker services that have been tested an properly implemented with network volumes and backup. </p>
<br>
<p class="underline">Currently I am hosting the following services:</p>
<ul class="list-disc">
<li><p>Traefik</p>
<p>Reverse Proxy to direct and secure external traffic to external services. Traefik also handles ssl certificates from letsencrypt, as all of my external an internal domains have ssl encryption.</p>
</li>
<li>
<p>Traefik-bouncer</p>
<p>Monitors traefik, and bans incoming connection from known threat actors and a set of predefined rules. Also bans for multiple failed login attempts, and monitors logs of all exposed services.</p>
</li>
<li>
<p>Portfolio web page</p>
<p>This is my portfolio page, which will soon be available at rannes.dev. I'm using svelte/sveltekit and the docker image is built with nginx to serve the page. It is currently not exposed to the internet as I am still building it.</p>
</li>
<li>
<p>Crowdsec Security Engine</p>
</li>
<li>
<p>Prometheus</p>
</li>
<li>
<p>Grafana</p>
</li>
<li>
<p>Authelia</p>
<p>IAM layer with 2FA.</p>
</li>
<li>
<p>Media Stack</p>
<ul class="list-disc list-inside indent-4">
<li>Jellyfin</li>
<li>Radarr</li>
<li>Sonarr</li>
<li>Prowlarr</li>
<li>Blazarr</li>
<li>Gluetun</li>
<li>Jellyseerr</li>
</ul>
</li>
<p>Syncthing</p>
<li>
<p>Gitea</p>
<p>self-hosted git repository</p>
</li>
<p>Gitea Runners</p>
<p>Runners for Continuous deployment.</p>
<li>
<p>Kuma Uptime</p>
</li>
<li>
<p>Portainer</p>
</li>
</ul>
<h3 class="text-lg text-center mt-4">Pi-Hole</h3>
<p>LXC container running Pi-hole dns blocker. This is separate so the network is not affected when servicing other VMs. First this was included in the docker-stack but it created too many issues as I had to boot services in a specific order.</p>
<p>For this reason, I am also planning on moving Crowdsec and Traefik to a separate containers.</p>
<h3 class="text-lg text-center mt-4">Unraid</h3>
<p>This VM is running Unraid, which is managing my BTRFS array in Raid1. Upon boot it is loaded from a USB-stick, and runs in the RAM of the VM. I recently moved to unraid as it allows me to add more drives as needed, where as
ZFS is very specific about the size of drives added, and I simply don't have the knowledge (or the will) of storage systems to manage it if I can avoid it.</p>
<p>This VM has the SATA controller passed through, for full control of the HDD's.</p>
</article>
</div>
<div class="content text-left">
<article>
<h2 class="text-xl text-center">What is a homelab?</h2>
<p>
This question was answered very well by the reddit users webtroter and TreAwayDeuce 6 years
ago.
</p>
<img class="rounded my-4" src={quoteImg} alt="" />
<h2 class="text-xl text-center mt-4">Origin and Hardware</h2>
<p>
My interest in “Homelabbing” arose long before I was familiar with the term Homelab. I have
always been curious, and drawn towards things that are unfamiliar to me. I am also a builder
and problem solver by heart, which has given me a broad understanding of tech and
maker-culture.
</p>
<p>
My lab started almost 4 years ago, when I wanted to set up my own DNS server at home, to add
network wide ad-block (Pihole). As I learned more about Linux and containerization I quickly
got drawn into the hobby of self-hosting web-services.
</p>
<p>
Raspberry Pi's are great, but but the computing resources are limited compared to a x86, so
it wasn't long before I retired the pi for a used Lenovo Tiny M73 workstation with 8gb ram
and a 4th gen i5. This was a big step up in power, which enabled me to host a lot more
services and experiment more with docker and larger docker-compose stacks
</p>
<p>
As I wanted more storage, and the expansion ports on a mini pc are limited, I upgraded to a
slightly larger Mini PC (Asrock Deskmini x300). The specs mentioned 3 m2 slots and 2 sata
slots which would be perfect to build a low power NAS as the max power draw less than 50w.
</p>
<p>
I quickly learned that the low power motherboard obviously wasn't able to power two 10TB
Ironwolf HDD's, so I had to hack up a solution with an external power supply. This was a bit
of a mess (See picture below) and the flaky setup also led to occasional smart errors from
the HDD array so I knew I had to move to new hardware soon.
</p>
<img
src={asrockImg}
alt="hacked together homelab with an additional external power supply"
class="rounded mt-4"
/>
<p class="italic text-sm mb-4">
The two HDD's are powered by an external power supply that I had to manually switch on and
off when I rebooted the server. The patched cables also led to lots of S.M.A.R.T. errors
which is obvious not great.
</p>
<p>
In the beginning of March, I upgraded my motherboard and ram in my main pc, and used the old
mb and ram as a base to build my server. I plan to mount everything in a rack when we get
more space, so I built the new server in a 2U rack case, which also leaves lots of room for
storage upgrades. I used consumer grade hardware to keep idle power low:
</p>
<ul class="list-disc list-inside indent-4">
<li>MSI Pro-690-P (Lots of IOMMU groups)</li>
<li>Intel i3-12100f (Low power idle)</li>
<li>32GB Corsair Vengeance DDR4 3200</li>
<li>1tb Samsung Evo 970 (Host boot and VM disks)</li>
<li>512gb Samsung Evo 970 (NAS cache)</li>
<li>2 x 10TB Seagate Ironwolf (RAID1)</li>
<li>Geforce 1650ti 4gb (for transcoding)</li>
</ul>
<img class="rounded my-4" src={rackImg} alt="" />
<p>
The homelab is also connected to two 3D printers, that are running open source custom
firmware (klipper) and controlled through a web interface (Mainsail) from any device in the
local network. I started with a Ender3, and during my parental leave last year I built <a class="underline" href="https://vorondesign.com/voron0.2">Voron 0.2</a>. The parts are all sourced, and the
rest of the parts are 3D printed in ABS+. It took me roughly 40 hours to build it and
calibrate it.
</p>
<h2 class="text-xl text-center mt-4">OS</h2>
<p>
The server is running ProxmoxVE which is great for experimenting, as I can provision
development and test environments easily from templates and spin up machines to experiment
with Kubernetes without affecting my services. It's also interesting to learn the basics of
Proxmox even though virtualization is not necessarily something I will do a deep dive on. It
also makes it easy to separate services in LXC containers and virtual machines.
</p>
<h2 class="text-xl text-center mt-4">VMs and LXC</h2>
<h3 class="text-lg text-center">Docker Host</h3>
<p>
This VM is my production environment where I run my docker services that have been tested an
properly implemented with network volumes and backup.
</p>
<br />
<p class="underline">Currently I am hosting the following services:</p>
<ul class="list-disc list-inside">
<li>Traefik</li>
<p class="pl-4">
Reverse Proxy to direct and secure external traffic to external services. Traefik also
handles ssl certificates from letsencrypt, as all of my external an internal domains have
ssl encryption.
</p>
<li>Traefik-bouncer</li>
<p class="pl-4">
Monitors traefik, and bans incoming connection from known threat actors and a set of
predefined rules. Also bans for multiple failed login attempts, and monitors logs of all
exposed services.
</p>
<li>Portfolio web page</li>
<p class="pl-4">
This is my portfolio page, which will soon be available at rannes.dev. I'm using
svelte/sveltekit and the docker image is built with nginx to serve the page. It is
currently not exposed to the internet as I am still building it.
</p>
<li>Crowdsec Security Engine</li>
<li>Prometheus</li>
<li>Grafana</li>
<li>Authelia</li>
<p class="pl-4">IAM layer with 2FA.</p>
<li>Media Stack</li>
<p class="pl-4">Jellyfin, Radarr, Sonarr, Prowlarr, Blazarr, Gluetun, Jellyseerr.</p>
<li>Syncthing</li>
<li>Gitea</li>
<p class="pl-4">self-hosted git repository</p>
<li>Gitea Runners</li>
<p class="pl-4">Runners for Continuous deployment.</p>
<li>Kuma Uptime</li>
<li>Portainer</li>
</ul>
<h3 class="text-lg text-center mt-4">Pi-Hole</h3>
<p>
LXC container running Pi-hole dns blocker. This is separate so the network is not affected
when servicing other VMs. First this was included in the docker-stack but it created too
many issues as I had to boot services in a specific order.
</p>
<p>
For this reason, I am also planning on moving Crowdsec and Traefik to a separate containers.
</p>
<h3 class="text-lg text-center mt-4">Unraid</h3>
<p>
This VM is running Unraid, which is managing my BTRFS array in Raid1. Upon boot it is loaded
from a USB-stick, and runs from memory. I moved to unraid as it allows me to add more drives
as needed, where as ZFS is very specific about the size of drives added, and I simply don't
have the knowledge (or the will) of storage systems to manage it if I can avoid it.
</p>
<p>This VM has the SATA controller passed through, for full control of the HDD's.</p>
</article>
</div>
</div>

View File

@ -1 +1 @@
<h1>this is the page describing my portfolio project</h1>
<h1>this is the page describing my portfolio project in juuuuuust a second.</h1>

View File

@ -0,0 +1 @@
<h1>Under development</h1>