rannes.dev/my-portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
my-portfolio/src/routes/projects/homelab/+page.svelte
christian bbc7c2e365
All checks were successful
Vercel Preview Deployment / Deploy-Preview (push) Successful in 2m10s
Details
working on bottom nav
2024-05-20 20:26:59 +02:00

171 lines
7.8 KiB
Svelte
Raw Blame History

<script>
import quoteImg from '$lib/images/redditquote.png';
import asrockImg from '$lib/images/asrock.webp';
import rackImg from '$lib/images/rack.webp';
import { fade } from 'svelte/transition';
import PageHeader from '$lib/PageHeader.svelte';
const title = 'Homelab';
</script>
<div in:fade>
<PageHeader {title} />
<div class="content text-left">
<article>
<h2 class="text-xl text-center">What is a homelab?</h2>
<img class="rounded mt-4" src={quoteImg} alt="" />
<p class="text-sm italic">
This question was answered very well by the reddit users webtroter and TreAwayDeuce 6 years
ago.
</p>
<h2 class="text-xl text-center mt-4">Origin and Hardware</h2>
<p>
My interest in “Homelabbing” arose long before I was familiar with the term Homelab. I have
always been curious, and drawn towards things that are unfamiliar to me. I am also a builder
and problem solver by heart, which has given me a broad understanding of tech and
maker-culture.
</p>
<p>
My lab started in 2020, when I wanted to set up my own DNS server at home, to add network
wide ad-block (Pihole). As I learned more about Linux and containerization I quickly got
drawn into the hobby of self-hosting web-services.
</p>
<p>
Raspberry Pi's are great, but but the computing resources are limited compared to a x86, so
it wasn't long before I retired the pi for a used Lenovo Tiny M73 workstation with 8gb ram
and a 4th gen i5. This was a big step up in power, which enabled me to host a lot more
services and experiment more with docker and larger docker-compose stacks
</p>
<p>
As I wanted more storage, and the expansion ports on a mini pc are limited, I upgraded to a
slightly larger Mini PC (Asrock Deskmini x300). The specs mentioned 3 m2 slots and 2 sata
slots which would be perfect to build a low power NAS as the max power draw less than 50w.
</p>
<p>
I quickly learned that the low power motherboard obviously wasn't able to power two 10TB
Ironwolf HDD's, so I had to hack up a solution with an external power supply. This was a bit
of a mess (See picture below) and the flaky setup also led to occasional smart errors from
the HDD array so I knew I had to move to new hardware soon.
</p>
<img
src={asrockImg}
alt="hacked together homelab with an additional external power supply"
class="rounded mt-4"
/>
<p class="italic text-sm mb-4">
The two HDD's are powered by an external power supply that I had to manually switch on and
off when I rebooted the server. The patched cables also led to lots of S.M.A.R.T. errors
which is obvious not great.
</p>
<p>
In the beginning of March, I upgraded my motherboard and ram in my main pc, and used the old
mb and ram as a base to build my server. I plan to mount everything in a rack when we get
more space, so I built the new server in a 2U rack case, which also leaves lots of room for
storage upgrades. I used consumer grade hardware to keep idle power low:
</p>
<ul class="list-disc list-inside">
<li>MSI Pro-690-P</li>
<p class="italic pl-4">Lots of IOMMU groups</p>
<li>Intel i3-12100f</li>
<p class="italic pl-4">Low power idle</p>
<li>32GB Corsair Vengeance DDR4 3200</li>
<li>1tb Samsung Evo 970</li>
<p class="italic pl-4">Host boot and VM disks</p>
<li>512gb Samsung Evo 970</li>
<p class="italic pl-4">NAS cache</p>
<li>2 x 10TB Seagate Ironwolf</li>
<p class="italic pl-4">RAID1</p>
<li>Geforce 1650ti 4gb</li>
<p class="italic pl-4">for transcoding</p>
</ul>
<img class="rounded my-4" src={rackImg} alt="" />
<p>
The homelab is also connected to two 3D printers, that are running open source custom
firmware (klipper) and controlled through a web interface (Mainsail) from any device in the
local network. I started with a Ender3, and during my parental leave last year I built <a
class="underline"
href="https://vorondesign.com/voron0.2">Voron 0.2</a
>. The parts are all sourced, and the rest of the parts are 3D printed in ABS+. It took me
roughly 40 hours to build it and calibrate it.
</p>
<h2 class="text-xl text-center mt-4">OS</h2>
<p>
The server is running ProxmoxVE which is great for experimenting, as I can provision
development and test environments easily from templates and spin up machines to experiment
with Kubernetes without affecting my services. It's also interesting to learn the basics of
Proxmox even though virtualization is not necessarily something I will do a deep dive on. It
also makes it easy to separate services in LXC containers and virtual machines.
</p>
<h2 class="text-xl text-center mt-4">VMs and LXC</h2>
<h3 class="text-lg text-center">Docker Host</h3>
<p>
This VM is my production environment where I run my docker services that have been tested an
properly implemented with network volumes and backup.
</p>
<br />
<p class="underline">Currently I am hosting the following services:</p>
<ul class="list-disc list-inside">
<li>Traefik</li>
<p class="italic pl-4">
Reverse Proxy to direct and secure external traffic to external services. Traefik also
handles ssl certificates from letsencrypt, as all of my external an internal domains have
ssl encryption.
</p>
<li>Traefik-bouncer</li>
<p class="italic pl-4">
Monitors traefik, and bans incoming connection from known threat actors and a set of
predefined rules. Also bans for multiple failed login attempts, and monitors logs of all
exposed services.
</p>
<li>Portfolio web page</li>
<p class="italic pl-4">
This is my portfolio page, which will soon be available at rannes.dev. I'm using
svelte/sveltekit. It is currently not exposed to the internet as I am still building it.
</p>
<li>Crowdsec Security Engine</li>
<li>Prometheus</li>
<li>Grafana</li>
<li>Authelia</li>
<p class="italic pl-4">IAM layer with 2FA.</p>
<li>Media Stack</li>
<p class="italic pl-4">Jellyfin, Radarr, Sonarr, Prowlarr, Blazarr, Gluetun, Jellyseerr.</p>
<li>Syncthing</li>
<li>Gitea</li>
<p class="italic pl-4">self-hosted git repository</p>
<li>Gitea Runners</li>
<p class="italic pl-4">Runners for Continuous deployment.</p>
<li>Kuma Uptime</li>
<li>Portainer</li>
</ul>
<h3 class="text-lg text-center mt-4">Pi-Hole</h3>
<p>
LXC container running Pi-hole dns blocker. This is separate so the network is not affected
when servicing other VMs. First this was included in the docker-stack but it created too
many issues as I had to boot services in a specific order.
</p>
<p>
For this reason, I am also planning on moving Crowdsec and Traefik to a separate containers.
</p>
<h3 class="text-lg text-center mt-4">Unraid</h3>
<p>
This VM is running Unraid, which is managing my BTRFS array in Raid1. Upon boot it is loaded
from a USB-stick, and runs from memory. I moved to unraid as it allows me to add more drives
as needed, where as ZFS is very specific about the size of drives added, and I simply don't
have the knowledge (or the will) of storage systems to manage it if I can avoid it.
</p>
<p>This VM has the SATA controller passed through, for full control of the HDD's.</p>
<h3 class="text-lg text-center mt-4">Development server</h3>
<p>
This vm is my development server. It's running a act_runner paired up with Gitea to build my
portfolio project, dockerize it and push it to my container registry. The application then
deployed in the staging environment for a last check.
</p>
<h2 class="text-xl text-center mt-4">CI/CD</h2>
<p>
I use Gitea Actions which is similar to Github Actions. I will post a guide soon how to set
up CI for your svelte-docker project with Gitea Actions.
</p>
</article>
</div>
</div>
Reference in New Issue View Git Blame Copy Permalink