Big Sigh

9-minute read
mixed rambly homelab server self-hosting centos

No direction

This post is just to break the ice as it’s been a while since I’ve actually made some time to “make” something. That includes work. Yeah I’ve written documentation (as any good IT technician should be doing on the regular), but it’s not been anything for myself.

I’ll be using this post to not only break the ice, but also get some things that I’ve done recently onto “the page”. It’s going to be rambly, and it’s not really going to be about a single thing, but hopefully those reading can get some sort of benefit from this.

Work

I spend a lot of energy at work, and the pandemic has not made an exception to that. Actually, I’d argue that the pandemic has created even more work considering a few things:

  1. Folks now working from home means that we have to make some sort of effort to support people’s home networks. This includes whatever custom configuration that they’ve made, any misbehaving devices in their home network, and more.
  2. Folks working from home also means that we can’t exactly do low-level troubleshooting in anything like the BIOS. You can direct the user, but it’s not easy with everyone.
  3. I have to deal with the mental labour that comes with separating work-life from home-life in a way that’s meaningful.

That being said, I’ve always wanted to be able to work from home. I wasn’t quite ready to work from home in March, and I definitely felt some emotional pain due to the lack of social interaction then too. These days, however, I’m more and more thankful to be able to work from home.

I get more time to myself and with my partner in the morning. It means I don’t have to subject myself to uncomfortable clothing, and I don’t have to brave the weather conditions this winter if I really don’t want to. It’s been a treat, but I still miss the in-office random and sporadic interactions.

No, these interactions don’t directly impact productivity, and they may even consume a lot of time in one’s day, making one look like they’re less productive. But consider this: If you’re an office worker, how often do you really find yourself using every minute of every hour to work? I would argue that due to the feel-goods you get from social interaction, you’re on average more productive due to the morale boost.

Personal

Social Media

This one’s a doozy. Recently I’ve been falling prey to the social media trap. Getting into twitter disagreements, constantly refreshing feeds, and just generally not doing much productive. It’s kinda gotten to the point where sometimes I just don’t feel like doing anything at all, even lazy stuff like gaming and watching YouTube videos.

I think that’s a real problem and I’ve been talking to my partner about it. Basically I want to be able to maintain a good distance from social media but not completely disconnect. I don’t know if that’s even a possibility or whether I would need to completely disconnect first. I’ll try and touch on this again in the future.

One thing that got me pretty upset and obsessed was someone who had joined FOSStodon under false pretenses. They were pretending to be someone else and then also posting yet another person’s pictures of tech prowess, passing it off as their own. I’m glad someone came in and put a stop to that second part but I also wonder how long that person would have tried to keep the con going.

Homelab

Aside from that kinda turmoil, I’m really happy to have set up my own pfSense server and have reinstalled/reconfigured my homelab.

For a while I was using XUbuntu as a server distro. Obviously Xubuntu is not a proper server distro, but what is a server distro except for a desktop distro without a GUI? For the most part at least.

Xubuntu

I originally went with Xubuntu because it comes with a super light GUI, XFCE, which would allow me to manage the server without having to SSH into it and rely solely on the terminal. That completely fell through the moment I started actually deploying things to the server. I was configuring everything from the terminal anyway.

So then I removed the GUI and stuck the server in my study closet, where it remains to this day.

After a while, I felt like I needed a fresh start with a more server oriented OS. I went with CentOS 8. Backing up the server took little to no time as most of the storage was on a secondary drive not tied to the OS. Once I finished backing my server up, I decided to take a whack at installing CentOS.

Installing and Configuring CentOS

Initially I was not able to get things working the way I wanted them to. I’m using an older motherboard and processor (It’s an old Lenovo M91P with an i7 processor), so for some reason, the current UEFI compatible kernels were just not compatible with this motherboard.

Then I redid everything in Legacy mode which seemed to do the trick. Once installed, I began configuring a few more things. I copied over my PS1 line from my old .bashrc to my new one, just to have things look a little more familiar. Then I got to work constructing my docker setup.

Originally, I had just used my own user to set up all the docker containers, but this is a security issue as the user that has control over the docker daemon also has sudoers privileges. So I created a specific docker user just to run and own the docker stuff.

The docker user does not have root/sudoers privileges and only has permissions on its own home folder. The user does not have SSH privileges either. You cannot copy your SSH identify to the user and use that to SSH into the machine. The user also does not have a password. You cannot brute force the account via su.

There was one issue in redoing my homelab server at this time, and that’s that I also recently modified my home networking set up. This cast a lot of doubt on some of the troubleshooting steps that I had encountered along the way.

pfSense

When my partner ended up having to get a new case for the used motherboard replacement I had laying around, I took advantage of that and decided that I would purchase a second PCIe NIC expansion card and use their old motherboard and case no longer in use as a router. I had a perfectly working machine that I could use as my firewall and router!

I already had a nice SOHO router from ASUS but it just wasn’t scratching the itch that I had for what I was trying to achieve with my home setup. For one, the firewalling rules I could create were quite limited in scope. I wanted to block SSH access to my homelab server on the router’s firewall level but also on a machine level, for example. The ASUS router did not provide me such an interface that allowed me to do that.

So decided to set up a pfSense router with the secondary computer. Again, initially I was met with compatibility issues. UEFI boot didn’t work, again due to incompatibility between the current and former implmentations of the “standard”. But then I came upon another issue: the NIC I had purchased was not compatible with the kernel provided by the pfSense version I was using.

I tried switching this install between my router machine and the homelab server machine, convinced that a motherboard update would fix things after the fact and no, the NIC was just not compatible. I searched further and found the daily builds section of pfSense.

I downloaded a daily build and to my surprise I was able to set up pfSense right away, with the kernel picking up the NIC I had installed into the router machine. I installed pfSense and then connected an unmanaged switch to the whole networking setup I had. This consisted of the router, the homelab server, my desktop machine, some wireless devices, and then also my SOHO router.

For the SOHO router, it was sufficient to set it to what ASUS calls Access Point mode. This is exactly what I needed because all I wanted was to use the router as my Wi-Fi access point, without using any of its own features like NAT, DHCP, or Firewall.

Altogether

With a lot of troubleshooting, I was able to basically mirror the SOHO version of a DMZ, allowing the internet access to my homelab server. I’m not entirely happy with that, because it’s not a true DMZ, meaning that there’s no physical separation of networks, but it will have to do for now. Eventually I’ll get a third NIC but I don’t think that I’ll do that until I actually upgrade the hardware used in the router.

The hardest part of all this was figuring out some of the issues I was having getting access to my homelab server from inside of my home network. The issue was that the DNS entries pointed to my public IP, where as there were no rules to reroute things from inside the network to reflect back inside the network.

I eventually figured it out with some local DNS rules, plus NAT reflection which was necessary for when I’m using my work laptop on VPN, since that replaces the topmost DNS servers used on Windows, forcing my laptop onto the public DNS entries rather than the private once I had set up in pfSense.

Conclusion

It’s been a hell of a year and this is where I’m at right now. I hope that some of this has inspired you to put more work into your own homelab set up. I really want to have a real server rack at some point but for now, this is what I’ve set up and am proud of.

Lastly, here’s the current list of self-hosting that I have set up:

  • Nextcloud
  • Plex
  • Firefox Sync
  • Wallabag*
  • Drone (CI/CD for Gitea)
  • Gitea
  • Wordpress Blog (linuxliaison.org)**
  • Hugo blog (bnolet.me)
  • Three mastodon bots

* I don’t currently use Wallabag as the parser has been failing a few too many times for my liking at the moment

** I may be archiving this soon. Setting it to read-only mode

*** The three bots are promptodon, vimtips, and factsbot, all via the https://bostin.space instance.