This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Creative_Poem_4453 on 2025-01-13 00:04:26+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Nach016 on 2025-01-12 22:03:34+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/beanzonthbread on 2025-01-12 21:50:56+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/thomastal96 on 2025-01-12 21:11:40+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Registrar8438 on 2025-01-12 20:34:59+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Creedeth on 2025-01-12 18:08:52+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/renardein on 2025-01-12 15:38:15+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Noadcocow on 2025-01-12 16:14:10+00:00.

Original Title: My Homelab, 2 Nas synology , 1 Nas Qnap , and a Nas TrueNas, a pool of 2 XCP-NG Node, a pool of 2 Proxmox Node , a cluster of 2 firewall OPNsense with HA and CARP one on XCP et the other on Proxmox + some Debian server for Ollama etc

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Used-For-Purchases on 2025-01-12 13:13:03+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/GalwayC on 2025-01-12 05:16:51+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/MoiseRazvan on 2025-01-12 10:29:10+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/noideawhatimdoing444 on 2025-01-12 06:48:22+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Cold_Sail_9727 on 2025-01-12 06:24:50+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/SymBiioTE on 2025-01-12 05:22:21+00:00.

Decided to make a full post since the link in my last post stopped working.

So I made a super cheap 10 inch rack using 3D printed parts anyone can find online and two pairs of 8U rack rails. Huge credit to all the people who made the STL files I used for this project. Everything in this project was printed on a CR-10. I used PLA (works for me for now) but I would recommend using a stronger filament.

Video if anyone wants to check out the build: YouTube

Items used for the build:

1. 2x Gator rack screws
2. 2x Gator 8U Rails
3. 10 inch shelf Credit: u/goyko
4. 10 inch blank (Not thick enough but you can make it thicker in Cura super easy) Credit: u/Mauker
5. Dell optiplex 7060 mount (works perfectly for the 3050 aswell) Credit: u/TimPrints_686384
6. TP-Link ER605 shelf (also works for TL-SG108S) Credit: u/FloKun_144444
7. Rack feet Credit: u/themassofthes_234253
8. 1U Blank with pass through Credit: u/towilab

I used about 9 1U blanks that I made thicker in Cura. (Super easy to do but if anyone wants the file I can make a remix and post it online). 2 on each of the sides, 4 on the back just to stiffen it up and one on the bottom front. Using the blank with a hole on the top/front to keep things together (I changed this later on to a 12 port 0.5U patch from GeekPi).

You will need to get a pack of nuts a bolts for the sides. There aren't any threads in these holes. (At least from what I saw on mine) I just used washers on the plastic side to prevent damaged.

The server has been running in a small cabinet with two fans keeping it cool. I have notice a very small amount of droop from the dell minis. Not enough to bug me but it is there.

Total build price was about $70 including the 12 port patch and short cat6a cables. $38 without those two. This doesn't include the filament because I have so much PLA that was sitting in my garage that really didn't cost me anything.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/GamerKingFaiz on 2025-01-12 02:20:54+00:00.

I just got a new ISP that is unfortunately using CGNAT, so I started researching solutions to get around this. I already reached out to them about a public IP address and said they don't have this, but they'll be adding IPv6 in the future.

In the meantime, I've found 2 potential solutions and want to confirm my understanding about them.

Cloudflare Tunnels

This service seems to be perfect for hosting the apps that I access over HTTP. It seems like it'll be an in place replacement for my current reverse proxy with the added benefit of masking my IP address.

🟢 No extra apps on client devices necessary.

Tailscale

This seems like a replacement for wireguard, but the main feature I used wireguard for was to be able to VPN on my phone into my network. And the only thing that I had wireguard set up for was so my phone could use my Pi-hole DNS (ad blocking while I'm away from home). I'm not sure if Tailscale has this sort of functionality.

🔴 Here each client needs the requisite app to connect (similar to wireguard).

And as far as I understand, under CGNAT, there's no way for me to replicate just being able to open a port (port forwarding) to allow an external connection.

For example, if I want to host a game server for friends, I can't just open the port I need. Nor can I open a torrent client's listening port.

Would love to hear confirmation on my understandings and any clarifications/suggestions y'all have!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/rwills on 2025-01-12 01:58:07+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/GVDub2 on 2025-01-12 01:41:58+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Theduke322 on 2025-01-11 21:57:38+00:00.

Happy New Year! In response to u/osuno1 on my homelab setup from two years ago, My Personal Setup with XCP-ng, I decided it's a great time to post an update on my homelab.

Hardware

Front of rack

Over the years, my homelab has undergone many iterations. Currently, it features a functional, though perhaps slightly excessive, design. Here’s an overview, top to bottom (some items are stacked front and back):

• StarTech 25U Open Frame Rack
• Cable Matters 1U 24 Port Keystone Patch Panel
• UniFi Switch PRO 48
• Supermicro 1U Ryzen Server
• 4x HP DL360 Gen9
• 2x Arista 7050S 48 Port SFP+ Switch
• 2x CyberPower 15A PDU
• Unifi Network Video Recorder
• Isilon NL410
• Triplite SmartPro UPS 2.25 kW
• 2x APC Smart-UPS X 3000 2.7kW
• PfSense Router Whitebox Server

25U has been enough to fit all of the hardware I've needed. I like the breathable design of the StarTech rack and I haven't had any issues with it. However, I have considered a 42U rack to help with cable management and maintenance.

Networking

Back of rack

I'm using a pair of Arista 10/40G switches as my network backbone. They serve as the gateway for some trusted networks and house the VLANS for everything else. I have 10G connectivity between each server and these switches, with an 80G trunk between the two switches. The UniFi Switch Pro manages the access layer, providing PoE to the wireless access points and security cameras, as well as handling management and iDRAC connections. All UniFi security cameras record to the UNVR and are accessible remotely. My firewall software of choice is PfSense, running on a custom server with an i7-9700k, 16G of DDR4 RAM, and a 10G fiber card. All of my untrusted networks are housed here.

Compute

My most powerful server is a recently purchased Supermicro 1U Ryzen Server. It features a Ryzen 5950x, 128G of DDR4 RAM, and a 10G fiber card. The next two servers are identical HP DL360 Gen 9s, each equipped with dual E5-2630 v4 CPUs, 336G of DDR4 RAM, and a 10G fiber card. These three servers make up my Proxmox cluster, which hosts all of the services in my homelab. I have an additional HP DL360 that serves as a standalone Plex Media Server.

Storage

I have substantial storage in my homelab, thanks to the Isilon NL410. It has 36 hard drive bays, populated with a mix of 3TB to 22TB hard drives, providing a current capacity of 244TB. My second storage server is another HP DL360 with all-flash storage. It contains six 3.2TB SAS SSDs in a 3x mirror, two-wide configuration, giving me roughly 9TB of fast storage for Proxmox. This server also holds my file shares.

Power

To power my homelab, I needed to set up substantial infrastructure. I had an electrician install two 30A/120V circuits dedicated to the lab. Each circuit powers an APC Smart-UPS X 3000, which in turn powers a CyberPower 15A PDU. Additionally, a 20A/120V circuit powers the Triplite SmartPro UPS. Altogether, my homelab draws 10-12 amps continuously. Just don't ask about the power bill...

Software

My software and services are very similar to two years ago. For my sanity, I've really stuck to the expression, if it ain't broke, don't fix it, because if you do fix it it'll end up broke. Once I setup a key piece of my infrastructure I tend to leave it alone.

Networking

Pfsense dashboard

My network backbone is a pair of Arista 10/40G switches but for my router/firewall I am using PFSense. PFSense is a feature rich open-source firewall that practically runs on any piece of hardware. A majority of my VLANs terminate here. Those VLANs include:

• Management
• DMZ
• IOT
• Guest
• Camera
• VDI

I previously had a trusted device VLAN and server VLAN, but those were moved to the Arista switches for 10G routing capability. Aside from basic routing functions, these are the features and packages I utilize:

• ACME for automated LetsEncrypt certificates
• Avahi for Multicast DNS
• FRR for OSPF
• HAProxy for HTTP load balancing
• Tailscale for mesh VPN
• Dynamic DNS
• DHCP Relay

The benefit of PFSense for me is the ability to consolidate multiple capabilities into one rock solid device. Other products such as OPNsense are just as powerful but I'm not interested in switching any time soon.

Unifi controller dashboard

Unfi controller device list

Unifi handles everything WiFi and Security. I have the Unifi Controller hosted on-premises in a Debian VM. It manages my two access switches and three access points. I have four Wi-Fi networks for trusted, IOT, guest and security devices. Unifi devices are a little pricey, but they perform well and have a great feature set.

Compute

Proxmox dashboard

Proxmox is my hypervisor of choice and has been for some time. To briefly throw out honorable mentions, I've also used XCP-ng and ESXi. I settled on Proxmox primarily because of backup performance issues I was having with XCP-ng, and the cost of ESXi. For the most part Proxmox provides everything I need, and it's free!

The three servers I have provide an impressive 112 logical CPUs and 786GB of DDR4 ram in my cluster. I primarily use Linux with Debian as my preferred distro. I also have some Windows machines for domain services and jump boxes. Here is an overview of my virtual machines:

• proddc03 - Primary domain controller. Handles DNS and DHCP as well.
• mw11vm - Personal Windows 11 VDI.
• lw11vm - Friend's Windows 11 VDI.
• jumpbox01 - Debian jump box (allows access to servers while external via SSH)
• docker01 - Debian VM running majority of my docker containers.
• webmp - Debian VM running docker containers related to photography business.

My services include:

• Nextcloud - A file hosting service that has become my Dropbox replacement. I have "unlimited storage" with no fees, as many users as I want, and access from anywhere.
• Gitea - A Git repository where I store my code projects and my Ansible configurations.
• Ghost - A blog and newsletter platform.
• Bitwarden - A password manager that is my LastPass replacement. I store my own passwords here as well as share passwords with my family.
• Outline - A glorified note taking app, Outline is my Notion replacement. I use this as my digital brain and store everything that's important to me.
• Zitadel - An identity provider that primarily supports my Outline instance. It piggybacks off my Active Directory domain.
• Immich - A photo and video backup management solution that is my Google Photos replacement. Similar to Nextcloud I have "unlimited storage" with no fees, as many users as I want, and access from anywhere.
• Plex - A media streaming solution for my DVD and CD collection.
• Homepage - A dashboard to quickly access all of my services.
• UptimeKuma - A monitoring tool so I know if my services go down.
• Portainer - A container management tool that I use to manage containers on docker01.
• NocoDB - A no-SQL database.
• Headscale - An open-source implementation of Tailscale. Tailscale is a mesh VPN, and I use it to connect back to my home network when I'm away.
• Lychee - A photo management tool I use to share my photography work in galleries.
• Nginx - A web server that hosts my static photography website.
• Paperless-ngx - A document management system I use to eliminate paper in my life.

Storage

TrueNAS is my storage software of choice. Another popular storage software is Unraid, but I think it compromises on speed and stability for ease of use.

TrueNAS neptune pool dashboard

My first TrueNAS host, Neptune, has the most storage at a little under 250TB. I have a mix of 3, 12, 16, and 22TB drives separated into five RAIDZ1 V...

Content cut off. Read original on https://old.reddit.com/r/homelab/comments/1hz70cs/homelab_setup_xcpng_back_to_proxmox/

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Divader on 2025-01-11 19:44:56+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Fallyfall on 2025-01-11 15:40:39+00:00.

Hey r/homelab,

I have recently decided to enter the world of homelabbing, more specifically self-host some services that I want to use. Since I'm waiting for some hardware to arrive, I started thinking a bit more about security. While I found this video by RaidOwl to be easy to follow and understand, I'm none-the-wiser when it comes to actually securing the services to the web.

Then I found this video by Techno Tim talking about security, and some mentions of an internal proxy. I don't completely understand the concept of that. However, one of the comments, wrote this:

The only minor disagreement I have is with setting up the proxy authentication after everything else is working. Set it up from the start and apply it to all services behind the proxy. You're in a much better spot if everything on your home-lab requires authentication on the proxy. Even if it means logging-in twice (to the proxy and the back-end service). This drastically lowers the attack surface. You can later exclude any services you'd like to remain public.

Also, use some type of split DNS; where you serve the internal IP of the proxy to all internal clients. That way you can skip the hop to Cloudflare internally. And you can still access all your home-lab services if your internet connection goes out.

So, that got me curious about what steps I'd need to do in order to secure the services that I eventually will expose to the web. Given that I know exposing services to the web can be "dangerous" I want to read up on the topic while I'm waiting for the hardware to arrive.

TL;DR (I guess):

• How to go about setting up an internal proxy for the sake of security to publically exposed services?
  • Would that be to use for instance some kind of dashboard service with hardened log-on options, and then redirect from there? Or I'm I thinking this the wrong way?
• Any good resources on split DNS? I'm using PfSense for router.
• How to validate and verify that security is actually setup and working as intended?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/jbarr107 on 2025-01-11 13:22:30+00:00.

I have 8 x 500gb SSDs that are just sitting in a drawer. I'd like to use them for storage, but would also like to keep things compact. Does anyone have any suggestions for an enclosure for 8 x 2.5" SSD drives? USB is preferred, but I'm open to other connections. JBOD would be fine, but I'll also entertain RAID. I also haven't decided on Windows or Linux as I'm not interested in the hardware side.

Thoughts?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Spirited_Play_1446 on 2025-01-11 14:44:26+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/Psychological_Ear393 on 2025-01-11 13:30:50+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/ItsaSnareDrum on 2025-01-10 19:57:05+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/homelab by /u/thunk_stuff on 2025-01-10 23:28:12+00:00.