homelab

6648 readers
12 users here now

founded 4 years ago
MODERATORS
76
 
 

I recently upgraded my homelab core switch to a Mellanox SX 6012. It’s 12 ports of 40gb/s, and each can break out to 10gb/s. This switch also idles at 30 watts which was top of my list.

What model switches are you running, and do you like it?

77
13
low power switch (lemmy.world)
submitted 9 months ago* (last edited 9 months ago) by evasync@lemmy.world to c/homelab@lemmy.ml
 
 

I want a switch with a few POE ports but it needs to be as low power as possible as I rely in solar.

Any recommendeations?

78
 
 

Cross-posted to: https://sh.itjust.works/post/14975090


Solution

I'm still not really sure exactly what the root cause of the issue was (I would appreciate it if someone could explain it to me), but I disabled HTTPS on the Nextcloud server

nextcloud.disable-https

and it, all of a sudden, started working. My Caddyfile simply contains the following:

nextcloud.domain.com {
    server-LAN-ip:80
}

Original Post

I am trying to upgrade my existing Nextcloud server (installed as a Snap) so that it is sitting behind a reverse proxy. Originally, The Nextcloud server handled HTTPS with Let's Encrypt at domain.com; now, I would like for Caddy to handle HTTPS with Let's Encrypt at nextcloud.domain.com and to forward the traffic to the Nextcloud server.

With my current setup, I am encountering an error where it is saying 301 Moved Permanently. Does anyone have any ideas on how to fix or troubleshoot this?

Caddyfile:

https://nextcloud.domain.com {
        reverse_proxy 192.168.1.182:443
        header / Strict-Transport-Security max-age=31536000;
}

And here is the output of curl -v https://nextcloud.domain.com/:

* Host nextcloud.domain.com:443 was resolved.
* IPv6: (none)
* IPv4: public-ip
*   Trying public-ip:443...
* Connected to nextcloud.domain.com (public-ip) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=nextcloud.domain.com
*  start date: Feb 21 06:09:01 2024 GMT
*  expire date: May 21 06:09:00 2024 GMT
*  subjectAltName: host "nextcloud.domain.com" matched cert's "nextcloud.domain.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://nextcloud.domain.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: nextcloud.domain.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: nextcloud.domain.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/2 301 
< alt-svc: h3="public-ip:443"; ma=2592000
< content-type: text/html; charset=iso-8859-1
< date: Wed, 21 Feb 2024 07:45:34 GMT
< location: https://nextcloud.domain.com:443/
< server: Caddy
< server: Apache
< strict-transport-security: max-age=31536000;
< content-length: 250
< 


301 Moved Permanently

<h1>Moved Permanently</h1>
<p>The document has moved here.</p>

* Connection #0 to host nextcloud.domain.com left intact
79
 
 

So I'm trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that's what most people recommend, but wanna about x86.

NanoPi as a hub: https://a.aliexpress.com/_EHU4JCV

AX3000 as an AP: https://a.aliexpress.com/_EzPBBVX

Network Switch: https://a.aliexpress.com/_EITz5Gz

80
 
 

I've used fail2ban in the past on Ubuntu, and it was very easy to setup.

Apparently on Debian, there is no /var/log/auth.log, and it does not use iptables, so fail2ban is not seeing the failed login attempts and jailing the purp.

Has anyone set this up successfully before? I see suggestions online to set backend = systemd, but this does not seem to be fixing the issue for me.

81
 
 

So I'm trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that's what most people recommend.

NanoPi as a hub: https://a.aliexpress.com/_EHU4JCV

AX3000 as an AP: https://a.aliexpress.com/_EzPBBVX

Network Switch: https://a.aliexpress.com/_EITz5Gz

82
 
 

Hey all,

I have a TP-Link EAP660-HD which has been serving me very well. I recently upgraded the FW on it, and after checking the back of the unit to see that it is a ver 1.6 (and downloading the appropriate 1.6 FW) I see in the dashboard that it says it is a HW version 1.0.

Is this expected? Pic

83
 
 

I'm using old laptop as a home server.
But the cooling fan started to click a lot, and I'm afraid that it will stop spinning soon.
Any ideas for how to replace the fan with something else? Preferably something that does not require electricity?
I'm thinking about dismantling it, taking the fan out and soldering a big block of metal to the heatsink.
How bad of an idea is that?
Is anyone aware of any other ways of physically converting laptop into something that is more suitable for home server?
Know of any guides or videos about something related? Please post links.
Thank you

84
10
Paralyzed by indecision (lemmy.dbzer0.com)
submitted 9 months ago* (last edited 9 months ago) by Malice@lemmy.dbzer0.com to c/homelab@lemmy.ml
 
 

Hey, y'all!

Here's the deal:

I have a server I've been running for a couple years, running mostly home automation and NVR stuff (home assistant, node red, frigate, etc). This was my first server and it wasn't set up in the best way possible. On top of that, it's starting to suffer from hardware failure. So I'm replacing it with a retired gaming computer, and I want to do it "right" this time.

So far, I've got it running proxmox with a couple debian VMs (thought process was to have one "primary" one that runs most of everything, and a "network" one that runs network services like nginx, tailscale, etc - I don't know if that separation is actually important or not). I, at some point, want to run pi-hole for sure. I also need a new router, so my thought was to set up opnsense for that. I also want to build a dedicated NAS somewhere down the line, but that's another thread for another time.

I work from home and require stable internet, and I have family that will be very upset if internet is randomly going out from my tinkering with stuff, so I think it's probably best to have totally separate, dedicated hardware for opnsense/pi-hole. I was looking at protectli, but it seems like I'd be looking at at least ~$300 for that option, and I'm not even sure I can run both opnsense and pi-hole on it? I'd also need to get an access point since I'd be replacing my current router that supplies wifi to the house, so I'm looking at like $400 for that transition, which is much more than I'd like to pay for this right now.

I could set everything up without the extra complexity of opnsense/pi-hole and add it down the line, but then I'd be looking at yet another complete re-work of the network and reconfiguring all my automations, cameras, etc., so it feels like it'd definitely be best to just do it up front and get it done. I have access to another old gaming PC I could theoretically set up as a dedicated network box to run opnsense and pi-hole on (after buying a NIC for it), but that seems wildly overkill (it's running an i5 and 32gb RAM, if I remember right), large (full ATX case), and power-hungry for a glorified router. I guess, in this case, I could move my network vm off the "main" server and onto this one, to truly use it as a dedicated network box, running things like opnsense, pi-hole, wireguard/tailscale, nginx, authelia, etc. But then I start getting into the territory of it being too much of a "tinkering" box instead of a stable router that I allow to handle my network and don't screw around with, lol.

So, I seek the advice of you much more experienced homelabbers. I'm terrified to do it "wrong" and wind up having to redo everything over and over, which I know is kind of antithetical to the entire idea of homelabbing in the first place. I need to avoid, as much as possible, unstable internet. In my shoes, what would y'all do? Bite the bullet and go for protectli? Use another old PC for the network box? Just set things up without opnsense/pi-hole for now and go protectli/something else later on and just deal with having to redo everything again?

Thank you so much in advance for any advice!

EDIT: I found a Zotac ZBox CL331 locally for $100 - would that be a good option, do y'all think?

(small aside: if anyone has any advice on moving my entire home assistant instance, node-red, and frigate setups (all separate docker containers) from the old server to the new one, that'd also be greatly appreciated!)

85
13
submitted 9 months ago* (last edited 9 months ago) by Faalangst_26@feddit.nl to c/homelab@lemmy.ml
 
 

I just recently got 1 gigabit up/down at home when they put in fiber. Now I'm looking for a router/firewall to use. I run a homelab with a few VMs.

I was looking at getting a Cisco router to tinker with, as I've just finished a course on IOS. What routers would you recommend (2nd hand) for less than 150€? Is Cisco even feasible at this price point or should I just get a mini pc and run pfsense/opnsense?

I've looked at the ISR900 and it seems to meet my requirements, but I am not sure if it also offers a web interface, which would be quite useful for me.

Bit of an unstructured post but I hope you'll be able to help me regardless.

EDIT: I ended up getting a mikrotik hAP ac3 router. It seems to meet my requirements and after trying the routerOS demo they have up I decided that it would work for me.

86
87
 
 

Some background: I have a Synology NAS already with plenty of space on it. It runs my Jellyfin server in a docker container. I also have a Raspberry Pi 3b running Pihole.

I would like to get a mini PC to run Proxmox on, and migrate those workloads over to it, as well as use it to host any other fun projects that can be virtualized that catch my eye. It'll also be a useful learning experience as I would like to learn Proxmox to potentially broaden my skills at work, where we are an entirely VMware house, but the shit Broadcom has been pulling since taking over has put a shadow over all of that.

Anyway, I'm thinking I would like something along these lines:

  • A relatively recent CPU with decent performance and low power consumption. I prefer AMD these days.
  • Capacity for at least 32GB of RAM, but it doesn't have to have that much from the get-go.
  • NVMe storage, 512GB or so.
  • Two ethernet ports. 1Gb is acceptable, 2.5Gb would be nice, though.
  • Low-ish costs. I don't need this thing to be able to play games or anything, just run my VMs at a decent clip without burning too much power.

Transcoding performance isn't a huge deal either as the Jellyfin server isn't shared with anyone outside the house, and my playback devices so far have been able to play pretty much anything I've thrown at them natively.

I think that I would plan to have the actual VMs stored on a share on the NAS rather than having them live directly on the PC.

What would you recommend?

88
 
 

I currently have my reverse proxy on my NAS. That means I forward all of my 443 HTTPS traffic to my NAS. I am using OpnSense for my router, and there are several options for reverse proxies on that. Everything works the way it is now, but I do wonder if it would be "better" if I moved all of the reverse proxy stuff to my router. I don't know that anything would be simpler to manage one way or the other, so I think it comes down to best practices and security. If I move the reverse proxy to my router, I would be able to remove that forwarded port, but is that really any more or less secure?

89
 
 

Looking to build my first server out, trying to figure out if there is a "better" platform for my needs. Right now I'm just planning a mix of machines and containers in Proxmox for running a NAS and Plex server, router of some sort (also, any preferences on wireless access points?), a pihole if that's not just as easily done in whatever router OS I decide on, VPN, and 3-5 various machines/containers going in and out of service as I find what my needs else I want to play with and host continuously..

Basically just looking for bang for the buck CPU/chipsets people are getting for this use case. Any advantages of AMD vs Intel in mid-consumer level options? Is getting something similar with more efficiency cores worth worrying about in a hypervisor use case?

90
 
 

cross-posted to: https://sh.itjust.works/post/14114626


If the rule is about forwarding traffic from the lan interface to the wan interface, then why is there also a forward rule? How would inputs, and outputs make any sense if the rule is talking about forwarding? What does it mean for wan to forward to REJECT? I interperet that as saying that wan doesn't go anywhere, but that wouldn't make sense given that the router can send, and receive over the internet.

For example I would interperet the first rule as follows:

  • lan => wan: the conditions for which connections from the lan interface are forwarded to to the wan interface.
  • Input: accept: the lan interface accepts all connections originating from the network (I wouldn't understand the point of setting this to be reject).
  • Output: accept: all connections exiting the wan interface are accepted (again, I'm not sure what the point of this would be).
  • Forward: accept: forwarding of packets from lan to wan is allowed.
  • Masquerade: I honestly don't know what the effect of enabling this would be. What would it mean to masquerade the lan interface?

I tried finding documentation, and I did come across this, and this, but, from what I could understand, they didn't really answer any of my questions.

91
 
 

Does this look like a decent starting point for a first router build?

Cross posted from: https://lemux.minnix.dev/post/204890

92
 
 

So I was wondering, what is exactly the use case of owning a server rack with huge CPUs and 256GB of DDR4 RAM with 1PB of storage?

Obviously, I'm kind of exaggerating here, but it does seem that most homelabs are big server racks with at least two CPUs and like 20 cores in total.

Why would I want to buy a server rack with all the bells and whistles when a low-power, small NAS can do the trick? What's the main advantage of having a huge server, compared to an average Synology NAS for example?

Honestly, I only see disadvantages tbh. It consumes way more power, costs way more money and the processing power it provides is probably only relevant for (small) businesses and not for an individual like me.

So, convince me. Why should I get a homelab instead of a regular NAS?

93
 
 

Hello all!

So I am setting up a internal domain that consist of active directory and rhel IDM. I would like to have some way of connecting the the internal network with a VPN that supports SSO. I have been looking around for a good solution but could not find one that would work nicely. I Looked at Wireguard at first but it doesnt seem to support user authentication. Then i found pritunl which at first glance seems great and is foss. only to be disappointment that for SSO you require a enterprise subscription of 70$/month. No thanks I am a home user.

I Know about OpenVPN and it works well when i used it (not in this setup yet) but is rather slow and I was looking if a better alternative exist.

Any ideas or suggestions would be appreciated.

94
 
 

cross-posted to: https://sh.itjust.works/post/12856684


I have the following topology:

The device running Nextcloud (snap) used to be connected to Router A, but I have recently added a bridge (Router B) and I moved Nextcloud's device to that bridged network; however, as soon as Nextcloud was moved to Router B, the portforward on Router A seemed to stop working -- as in I cannot connect to nexcloud from the public IP anymore. Bridges operate at layer 2, so this should make no difference whatsoever (this is reflected in the fact that other services (like SSH) still work perfectly fine portforwarded -- it's only Nextcloud that doesn't work), which leads me to think that it is a Layer 7 (i.e. Nextcloud) issue. What's going on here? How can Nextcloud even tell that it's been placed on a bridged network?

EDIT (2024-01-16T00:19Z):

I performed a network capture on the device running Nextcloud, and it appears that it's receiving the incoming request (SYN), and responds appropriately (SYN, ACK), but then Router B responds with Destination unreachable (Network unreachable), which is then, of course, followed by many requests for retransmission as the packets are being dropped. But what's causing the packets to be dropped? Why aren't they making it through the network?

EDIT (2024-01-25T08:37Z):

I’m not 100% sure what the previous problem was, but I think that it had to do with the bridge that I was using – not necessarily that it was broken, but perhaps it was jsut incompatible with the setup in some way. What I ended up doing was buying a different router that supported WDS, and then I created a WDS bridge between the two routers. The network seems to be working reliably, and as expected now.

95
 
 

Having got my Raspberry Pi for Christmas, I was finally able to enter the world of home labs and I'm slowly getting everything up and running.

That said, one thing I was super excited about but hasn't come to fruition was Pi-Hole. That's for two reasons, one my Pi isn't hardwired into the router and two my router kinda sucks (Virgin Media Hub 5).

So I came here to ask for recommendations for a router. One that would allow me to run vLANs and use my Pi for adblocking. Honestly the advice I got was like fire and I was like water.

I wanted a simple cheap solution and everyone was like just spend 🥺

Eventually though, my ignorance waned and I started looking into what the suggestions were, which was essentially buy an N100 Firewall Mini PC with 4 Ethernet Port, load up PFSense or OpenWRT, then buy an Access Point, connect it and profit.

So with my dreams of a £50 plug and play experience down the drain, can someone explain to me how it all works? Why is this the suggestion? My Pi is kinda set and leave. My NAS is set and leave, will a firewall PC be the same? Also why a firewall PC over a second Pi?

96
 
 

My main homelab server runs a bunch of stuff but was a little limited in the hardware department.

Here's the overview of the upgrade. Old -> New CPU: i7-3370K 4c/8t -> xeon e5 2630L 8c/16t RAM: 16 GB mixed non ECC 1333 DDR3 -> 32 GB Micron DDR4 2133 (running at 1866) CPU COOLER: AIO -> air cooling MB: No idea -> Asrock x99 extreme 4 with 10 SATA ports!!! GPU: None -> RTX 610 passively cooled

Runs: Nextcloud, pihole, unbound, security stuff like fail2ban, hosts a couple small databases, VPN.

This upgrade will allow for expandability in terms of upgrade CPU cache, bus speed, maximum allowed RAM (32 GB to 128), and extra cores to maybe do some light compute with when I'm writing some code without sacrificing performance of other services. All of this while having similar "net" TDP (I didn't measure either idle power draw).

Here's where the fail comes in. I got the whole original machine and drives for free from a recycle pile at my old job. I threw in a drive cage where the DVD drive use to be and it fit like a glove! Felt like a really cool "sleeper" server build with hot swap drive cages. My new mother board is wider by an inch and the drive cage covered the 24 pin connector. So now my drive cage hangs out and is supported by zip ties and I can't close my case in the front lmao... See linked pictures so you can laugh at it with me: https://imgur.com/a/1XqALZ4

So I'm looking for either a new case or a relatively small 4-bay drive cage thats cheap. The total ive invested in this build after this upgrade is ~$200 and I don't want to spend a ton more so I'm wildly disappointed at my oversight. Any advice or suggestions would be appreciated!

97
8
submitted 10 months ago* (last edited 10 months ago) by Kalcifer@sh.itjust.works to c/homelab@lemmy.ml
 
 

I have a network set up something like the following:

Device A &lt;---> Router A &lt;---> Router B &lt;---> Device B

where Router A is a tp-link Archer AX73, and Router B is a tp-link Archer C7. Router B is flashed with OpenWRT, and Router A is using stock firmware. Router B is set up to be a wireless bridge between Router A's network, and its own (it was set up using this guide).

What I am wondering is if Device A can find, say, Device B.local, using Avahi (assuming Device A, and Device B both have Avahi installed, and running), over this bridged network. So far, I haven't been able to get it to work, so I'm wondering if it is possible at all. I have read that Avahi only works on a local network, but I was wondering if it could be bridged.

UPDATE (2024-01-16T01:28Z):

The issues that I mentioned in this post have since been solved. The majority of the issues stemmed from the fact that the relay software that I was using, relayd, doesn't support ipv6. All the tests that I was conducting were defaulting to ipv6, so it was appearing like the bridge was failing unpredictably. Since that realization was made, and countermeasures were enacted, the problem was solved.

98
 
 

I am looking for a single board computer that has a charging circuit (i.e. a power management chip) so it can be powered directly by a battery. I am aware of the A20-OLinuXino-LIME2 which supports this. However, I wanted to explore my options. Are there any other boards which support this? I am aware of PiJuice and LiFePO4wered as well.

Other requirements:

  • Ethernet port
  • Micro SD slot
  • Min. 1GB RAM (Ideally 2+)
  • Ideally support for a LiFePO4 battery
99
 
 

Is anyone running saltstack, and if so, are you doing gitfs for your repo?

Do you have your pillar data in the repo? Or some other external?

Are you doing one top file in base? Or top in each branch/environment?

Is there a better way to do managed repo for salt?

100
 
 

I am able to fit an HDD and an SSD in the drive bays that it came with. However, I'd like to put as many HDDs in it as I can.

I am not using the optical drive, so I'd like to replace it. It measures at 41mm thick which is 1+5⁄8 inches: A half-height drive bay. Is there a caddy that would work with this so that I can install a Seagate Barracuda 6TB 3.5" drive in it which measures 26mm thick?

view more: ‹ prev next ›