Exploring the hardware, software, and networking in my lab

Following up on my first article on homelabs this article delves deeper into the network configurations, automation strategies, essential hardware and software in my personal home lab.

Hardware and Software stack

Networking Core

  • UniFi Dream Machine Pro & USW-24-POE Switch: These devices form the lab’s network backbone, ensuring seamless connectivity and security. They are managed using UniFi’s Controller software, which provides a centralized interface for network configuration and monitoring, enhancing the lab’s operational efficiency.

  • 2x UniFi U6 Enterprise APs: These access points provide reliable, high-density Wi-Fi coverage, crucial for maintaining robust network connectivity. Managed through the UniFi Controller, they enable advanced Wi-Fi settings, guest networks, and detailed performance metrics.

Compute Powerhouses and Their Software

  • Raspberry Pi 4 (x4): These versatile devices host various services, enhancing the lab’s functionality:

    • Netboot.xyz: Simplifies OS installations, providing a PXE boot menu for network-based installations, making it easier to experiment with different operating systems or recovery tools.
    • Transmission: A lightweight BitTorrent client used for downloading and managing media files, demonstrating the Pi’s capability in handling download tasks efficiently.
    • Pi-hole: Acts as a network-wide ad blocker and DNS server, improving network performance and security by filtering unwanted content and tracking domains.
    • Semaphore for Ansible: Offers a graphical interface for managing and running Ansible playbooks, simplifying configuration management and automation of routine tasks across the lab’s devices.

  • Intel NUCs (x3):

    • Kubernetes Control Plane & Worker Node: These NUCs form the backbone of the Kubernetes cluster, running Kubernetes for container orchestration, enabling the deployment and management of containerized applications in a scalable manner.
    • Proxmox: Dedicated NUC for Proxmox VE, a powerful open-source platform for virtualization, provides a robust environment for managing VMs and containers, facilitating a wide range of testing and development scenarios.

  • AMD Ryzen Build in 2U Chassis:

    • TrueNAS Scale: This system runs TrueNAS Scale, an open-source NAS and hyper-converged infrastructure solution, providing reliable and scalable storage for the lab’s data, including VM backups, media files, and datasets for various projects.

Storage Solutions

  • Synology Servers:

    • 2-Bay Unit: Configured with Prometheus and Grafana for data scraping and monitoring, this server collects and visualizes metrics from various lab components, enabling efficient monitoring and performance optimization.
    • 4-Bay Unit: Serves as the central media storage hub, utilizing Synology’s DSM interface for managing and sharing files, and running media servers like Plex or Jellyfin to organize and stream media content to various devices.

  • AMD Ryzen Build in 2U Chassis:

    • TrueNAS Scale: This system runs TrueNAS Scale, an open-source NAS and hyper-converged infrastructure solution, providing reliable and scalable storage for the lab’s data, including VM backups, media files, and datasets for various projects.
    • Minio: In addition to TrueNAS Scale, the system also integrates Minio, an open-source object storage server compatible with Amazon S3 APIs. Minio provides a distributed storage infrastructure, With Minio, the homelab benefits from a cost-effective and efficient solution for managing and accessing object storage resources.

Advanced Network Configuration with VLANs

The lab’s network is carefully segmented into VLANs, optimizing operation and enhancing security:

  • Internal-Services VLAN: This VLAN is the backbone for critical services like Semaphore, Pi-hole, Grafana/Prometheus, and Transmission. It’s designed for out-of-band management, allowing these services to interact with other VLANs while restricting incoming access, ensuring a secure and stable environment for essential management tools. A notable exception is made for netboot.xyz, which is accessible across VLANs to support PXE booting, underscoring the VLAN’s flexibility in facilitating essential network functions.

  • WiFi VLAN: Created as a sandbox for IoT and other wireless devices, this VLAN isolates less secure or untrusted devices from the core lab environment. This segregation minimizes potential security risks, embodying a proactive approach to network safety and integrity.

  • Trusted VLAN: This is the “master key” VLAN, offering unrestricted access across the lab for troubleshooting and high-level management tasks. A dedicated port on the UniFi switch ensures that I can tap into this wide-reaching access when necessary, highlighting the VLAN’s role in streamlined network diagnostics and management.

  • Lab VLAN: Home to the Kubernetes cluster and Proxmox VMs, this VLAN is tailored for development and experimentation. It maintains a focused connection to the Storage VLAN and netboot.xyz, facilitating seamless interaction with essential resources while maintaining network hygiene through targeted firewall rules.

  • Storage VLAN: This VLAN is dedicated to TrueNAS Scale, ensuring secure and efficient storage networking. It’s configured to communicate with the Lab VLAN and netboot.xyz, supporting a cohesive and functional storage-networking ecosystem.

Streamlining Operations with netboot.xyz

netboot.xyz is pivotal in the lab for its role in simplifying OS management and VM deployments. It’s integrated across the Lab, Internal-Services, and Storage VLANs to support PXE booting, allowing devices and VMs to boot directly into a user-friendly interface for selecting and installing various operating systems and tools. This setup is particularly beneficial for rapidly provisioning new environments or testing different configurations, illustrating the lab’s agility and adaptability in managing and deploying systems.

Practical Implementation of netboot.xyz

VLANs are configured to support PXE booting, directing devices to netboot.xyz for OS selection. This is crucial for environments like Proxmox, where VMs can be set to PXE boot by default, streamlining the process of installing new or different operating systems directly from the network, without the need for physical media or manual setup. By utilizing netboot.xyz, the lab achieves a high degree of operational efficiency, allowing for quick switches between operating systems or diagnostic tools, which is invaluable for troubleshooting and experimentation. This approach exemplifies the lab’s capability to maintain a flexible and dynamic testing environment.

Service Exposure and Static IP Strategy

To ensure seamless accessibility and management within my home lab, particularly for services running on the Kubernetes cluster, I utilize MetalLB, a dynamic load-balancer implementation for bare metal Kubernetes clusters. This allows me to expose critical applications like ArgoCD directly to my home network, enhancing the ease of access and interaction. By leveraging Kubernetes annotations, I assign static IPs to specific services, ensuring they remain consistently accessible, a practice that underscores the lab’s blend of dynamic flexibility and network stability.

The lab’s network design, including all VLANs configured as /24, allocates 60 IPs for static assignments within the storage, lab, and internal-services segments. This strategic allocation ensures that essential hardware and services maintain fixed IP addresses, enhancing reliability and simplifying network management. Static IPs are assigned to key components including the Raspberry Pis running netboot.xyz, Transmission, Pi-hole, and Semaphore; both Synology servers; the Intel NUC powering the Kubernetes control plane; the NUC dedicated to Proxmox; and the Ryzen 2 system running TrueNAS Scale. Additionally, within the Kubernetes ecosystem, services like ArgoCD are assigned static IPs via MetalLB, providing a stable and reliable access point to these tools.

Automation with Ansible and Semaphore

Automation is a cornerstone of my home lab’s design, with each hardware component and service boasting its own Ansible playbook. This ensures a repeatable and efficient setup process, essential for rapid experimentation and learning. Semaphore adds a user-friendly interface to this automation framework, enabling easy playbook execution and management. This combination of Ansible and Semaphore democratizes complex configurations, making advanced setups and teardowns both accessible and manageable.

Conclusion

This detailed exploration of my home lab, from the hardware and software to the intricate VLAN configurations and the strategic use of netboot.xyz, provides a comprehensive blueprint for tech enthusiasts. It underscores the importance of a holistic approach to lab design, where hardware, software, network architecture, and automation coalesce to create an environment conducive to learning, experimentation, and growth in the technological domain.