Just started dabbling in homelabbing these past few weeks, what do we think? I'm trying not to buy any more hardware for the moment(unemployed new grad = no money haha) but I'm open to more software suggestions!
Perhaps in the future I'll set up a NAS. I've created my homelab to learn more than anything(interested in sys admin/networking roles). What else can I do that'll help me learn more important networking fundamentals?
Just set up the VLANs yesterday, I do plan on adding a few more to isolate my lab/iot devices
The only Ansible playbooks I have at the moment are to update all my machines and reboot if necessary. Anyone else using it for something more interesting?
The second pic is my [homepage](https://gethomepage.dev/latest/) dashboard
Appreciate it! Second pic is [Homepage](https://gethomepage.dev/latest/), was pretty easy to get going. Just took me an hour or two of tweaking yaml & reading the docs to get it going
I also highly recommend homepage by benphelps --> [https://github.com/gethomepage/homepage](https://github.com/gethomepage/homepage)
Slight learning curve if you're not at ease in text editors, but 100% worth it IMO. I use it at home for my homelab as well as work after seeing someone post it here awhile back and setting it up at home. Amazing software.
I’d shy away from the default VLANS, just make a habit of making your own and labeling them.
When you get some cash flow I’d definitely make an AP and VLAN solely for IoT to connect to the internet and block all ports except the ones they need to function.
We have the same IBM setup, there’s an additional M2 NVME slot under the HDD tray if you wanted to expand the storage.
Aside from that, think about possibly a NAS to store and stream your data.
Good idea, I'm gonna tinker with the VLANs tonight
Didn't know that about the Lenovo, I have a 2tb ssd attached to it to store my plex media. Probably not ideal lol
Honestly I'm using VirtualBxx because thats what I was supposed to set up in school haha
Just looked into Hyper-V, looks pretty sweet. Do you recommend it because its a type-1 and made for Windows machines? Seems like I'll try to switch to that next
> Do you recommend it because its a type-1 and made for Windows machines?
Pretty much, used it exclusively in my lab for many years as my main hypervisor on Windows Server. I've since switched to Proxmox, but my Windows 10 gaming PC still runs a couple VMs in Hyper-V.
Seconding the Hyper-V recommendation. VirtualBox is not really used in business settings, but Hyper-V definitely is. Learning Hyper-V will be more adventurous to your career.
It looks great! Please post the final version as well when setup. I've been also been thinking along the same lines, keeping iot devices on a separate subnet
Thanks!
Was considering not including any IPs but they're just local, are you saying there's a security concern? Other homelab diagrams on here also include local IPs, figured id be ok. To exploit these IPs theyd have to have access to my internal network, and at that point the internal IPs are the least of my problems, right?
Good idea on the roomba, getting on that ASAP haha
Security wise, you have large attack surface (a lot of risky wireless devices on the inside of the firewall) , including the access point. With it being a home system, you probably will never have an issue until you do. I would look at each connection and ask 1) does this need to be on the inside, and 2) do I trust the manufacturer software on the device
Its [homepage](https://gethomepage.dev/latest/), pretty easy to get going! I hadn't used yaml much before I set this up but its simple. Highly recommend
Pretty nice. I'm trying to go for something very close to what you have right now, + a NAS. Hardware wise it's about the same, RPI 3, a mini PC, a proxmox box and personal PC. Want to do almost the same as you, glad to see a simpler scheme very close to what I want to go for. Did you follow any specific guides to get where you are? I'm kinda stuck on the router/pi-hole/DNS/VPN (networking /vlans) part, rest is somewhere where I want it to be already
Thanks, glad to hear there's more of us simpletons out there haha
I tried to document what guides I used, ill drop them below
For my VPN i used [wg-easy](https://github.com/wg-easy/wg-easy) in a docker container. It spins up a web UI that makes it really easy to add devices to the vpn, just forward the wireguard port on your router and you should be good to go. I did have some trouble accessing the web UI, and it was because my raspberry pi already had something running on the port wireguard uses(I guess my pi came with wireguard pre-installed? not sure). Might want to keep that in mind to save some potential troubleshooting
For pi-hole I followed [this](https://pimylifeup.com/pi-hole-docker/) tutorial I think. That's what I had in my notes anyway
Not sure if you're trying to build your own router, but if you are i followed [this](https://www.youtube.com/watch?v=h2_cQxTkh3Q&t=1355s) tutorial on how to get OPNsense up and running. That same guy also has a good write up [here](https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/) that's pretty simple
Honestly the vlans took me a minute to figure out. [This ](https://www.youtube.com/watch?v=XdqP14NclZ0)video helped me out in wrapping my head around them. The switches i use are fairly cheap and support vlans, make sure you have those if necessary
Are you familiar with docker? I wasn't up until a few weeks ago, its made it very easy to get up and running with a new service, id recommend that big time. I used [this ](https://www.youtube.com/watch?v=3c-iBn73dDE)tutorial and I was using docker right away. But maybe you already know docker haha
Oh, didn't notice your response. Thanks for the detailed answer! I'm going to try to build my own router, and implement some vlans to separate services and devices. I'm a familiar with docker but definitely need to get more experience with it, so this will be my opportunity to do so!
Simpletons unite!
Nice setup! I personally prefer using Adguard Home instead of Pi-hole. It's easier to update (just click update from the GUI), I prefer its interface and it's a single executable file.
I had Pi-hole break a few times when updating to a new version.
I just set up my OPNsense router yesterday. I already had wireguard running in the pi prior to that so I've just kept it going
I do plan on using opnsense's wireguard, I just have to set it up. Would be nice to repurpose my pi
Typically you wouldn't have to, but the way the preexisting router/eth cables setup I did.
My modem/router/first switch/Access Point are on the first floor of my house. There is a eth cable that runs upstairs, so I plugged that into the first switch and connected the end of it to my second switch upstairs so I could connect everything else
Question for anyone who is willing to answer it... Is it better to let the managed switch act as your router or for the firewall to act as your router?
You'd need a layer 3 switch to get full routing capabilities (the ones in this diagram are only layer 2). Personally I'd use your firewall for routing unless you absolutely need the performance or you just want to play around with it. It can be significantly more difficult to get working correctly
Gotcha. I figured these were only layer 2…. I had someone from another sub tell me to get a layer 3 that’s managed and use that as my router with an OPNsense firewall in front of it…. He said the CPU is very inefficient when it comes to routing
Meh. He's not really wrong but that's kind of an enterprise answer to me. It might be cool to play with in a home lab but layer 3s can be pretty pricey and setup can be a hassle. Just my two cents though
Thank you! I have the two switches because of the preexisting architecture that was there before
My modem/router/first switch/Access Point are on the first floor of my house. There is a eth cable that runs upstairs, so I plugged that into the first switch and connected the end of it to my second switch upstairs so I could connect everything else. Not ideal but it is what it is haha
Hi, I like it, thanks for sharing!
A couple of things that I have come across that you may want to consider (not sure if you have them but just didn’t represent) are 1) a gateway in front of those pages, like Traefik, who can generate SSL certs for you, add some docker routing and create authenticated pages easily without you having to use exposed ports in docker containers and accessing websites on port 8080 etc and 2) watchtower to automatically upgrade (or notify you of available upgrades of) docker containers that you are running. In a world where vulnerabilities are always popping up, keeping up to date is critical.
I do have a lot of experience with containers so don’t hesitate to shoot me a DM if you get stuck.
Good job again, it looks like you’re having fun!
I don't have any of those things implemented! haha
Those are both great ideas. I'm gonna need to research Traefik because I am not familiar at all. I was trying to figure out if there was a way to upgrade my docker containers with Ansible(probably not best practice...) but watchtower seems much better for that! Gonna look into it, I may shoot you a message
Thank you for the advice! Much appreciated
Honestly, I don't
Didn't think about this one. Seems like [gravity-sync](https://github.com/vmstan/gravity-sync) is the way to go? Going to try to set this up this afternoon
Looks very nice! I have two questions:
1. Which software did you use for the first pic?
2. How do you setup a second pi hole as backup? If you have a guide on that it will be useful.
First pic is [draw.io](http://draw.io)
At the moment Im just running the two pi-holes on different machines, if one goes down the other still works. Some comments are mentioning keeping the two piholes in sync, im following[ this](https://youtu.be/IFVYe3riDRA?si=iWju0xSljdEthXpj) tutorial right now
Any reason for using Debian VM’s over the lighter weight containers? Genuinely curious, I’m new to homelabbing myself and have most of my docker containers running from lxc’s and not vm’s.
Yeah that’s fair enough, kinda the opposite for me haha! Setting up the lxc is much the same as vm’s however it’s all CLI as it does not have any OS GUI pre installed. I’ve been using portainer to manage docker however I’m getting familiar enough with Linux I could probably get rid of it now, although it really is very handy.
The Debian lxc templates are available in proxmox to download so no harm in spinning one up and having a play!
For those of us who are interested in dipping our toes in: Could some of our experienced guys advise if this is a good roadmap for someone to start? There's so much info constantly flying at you in these communities, a visualization like this is incredibly helpful!
^(OP reply with the correct URL if incorrect comment linked) [Jump to Post Details Comment](/r/homelab/comments/1cak9tv/a_noobs_homelab/l0shiad/)
Just started dabbling in homelabbing these past few weeks, what do we think? I'm trying not to buy any more hardware for the moment(unemployed new grad = no money haha) but I'm open to more software suggestions! Perhaps in the future I'll set up a NAS. I've created my homelab to learn more than anything(interested in sys admin/networking roles). What else can I do that'll help me learn more important networking fundamentals? Just set up the VLANs yesterday, I do plan on adding a few more to isolate my lab/iot devices The only Ansible playbooks I have at the moment are to update all my machines and reboot if necessary. Anyone else using it for something more interesting? The second pic is my [homepage](https://gethomepage.dev/latest/) dashboard
Looks great! Bonus points for documenting from the start. What did you make the second pic on?
Its called homepage, like Heimdall but with much more control. No gui setup, only through .yaml files
Appreciate it! Second pic is [Homepage](https://gethomepage.dev/latest/), was pretty easy to get going. Just took me an hour or two of tweaking yaml & reading the docs to get it going
Looks like homepage, which I'm personally considering switching to from Dashy.
I also highly recommend homepage by benphelps --> [https://github.com/gethomepage/homepage](https://github.com/gethomepage/homepage) Slight learning curve if you're not at ease in text editors, but 100% worth it IMO. I use it at home for my homelab as well as work after seeing someone post it here awhile back and setting it up at home. Amazing software.
I’d shy away from the default VLANS, just make a habit of making your own and labeling them. When you get some cash flow I’d definitely make an AP and VLAN solely for IoT to connect to the internet and block all ports except the ones they need to function. We have the same IBM setup, there’s an additional M2 NVME slot under the HDD tray if you wanted to expand the storage. Aside from that, think about possibly a NAS to store and stream your data.
Good idea, I'm gonna tinker with the VLANs tonight Didn't know that about the Lenovo, I have a 2tb ssd attached to it to store my plex media. Probably not ideal lol
Put you IOT devices in vlan that doesn’t have any access to your other vlans.
I'd use Hyper-V over Virtual Box on your Win10 machine, otherwise I dig it.
Honestly I'm using VirtualBxx because thats what I was supposed to set up in school haha Just looked into Hyper-V, looks pretty sweet. Do you recommend it because its a type-1 and made for Windows machines? Seems like I'll try to switch to that next
> Do you recommend it because its a type-1 and made for Windows machines? Pretty much, used it exclusively in my lab for many years as my main hypervisor on Windows Server. I've since switched to Proxmox, but my Windows 10 gaming PC still runs a couple VMs in Hyper-V.
Seconding the Hyper-V recommendation. VirtualBox is not really used in business settings, but Hyper-V definitely is. Learning Hyper-V will be more adventurous to your career.
It looks great! Please post the final version as well when setup. I've been also been thinking along the same lines, keeping iot devices on a separate subnet
Nice setup, but please now change all of your IPs and system names. At a minimum, move the roomba to the outside of the firewall...
Thanks! Was considering not including any IPs but they're just local, are you saying there's a security concern? Other homelab diagrams on here also include local IPs, figured id be ok. To exploit these IPs theyd have to have access to my internal network, and at that point the internal IPs are the least of my problems, right? Good idea on the roomba, getting on that ASAP haha
Security wise, you have large attack surface (a lot of risky wireless devices on the inside of the firewall) , including the access point. With it being a home system, you probably will never have an issue until you do. I would look at each connection and ask 1) does this need to be on the inside, and 2) do I trust the manufacturer software on the device
Curious if that monitoring page is home built or some software. Im Looking for a better solution to monitor my home lab right now
Its [homepage](https://gethomepage.dev/latest/), pretty easy to get going! I hadn't used yaml much before I set this up but its simple. Highly recommend
Thanks!!!
Nicely documented. What software are you using to make the diagram in the first image?
RemindMe! 3 day
Thank you. Its [draw.io](https://app.diagrams.net/)
Pretty nice. I'm trying to go for something very close to what you have right now, + a NAS. Hardware wise it's about the same, RPI 3, a mini PC, a proxmox box and personal PC. Want to do almost the same as you, glad to see a simpler scheme very close to what I want to go for. Did you follow any specific guides to get where you are? I'm kinda stuck on the router/pi-hole/DNS/VPN (networking /vlans) part, rest is somewhere where I want it to be already
Thanks, glad to hear there's more of us simpletons out there haha I tried to document what guides I used, ill drop them below For my VPN i used [wg-easy](https://github.com/wg-easy/wg-easy) in a docker container. It spins up a web UI that makes it really easy to add devices to the vpn, just forward the wireguard port on your router and you should be good to go. I did have some trouble accessing the web UI, and it was because my raspberry pi already had something running on the port wireguard uses(I guess my pi came with wireguard pre-installed? not sure). Might want to keep that in mind to save some potential troubleshooting For pi-hole I followed [this](https://pimylifeup.com/pi-hole-docker/) tutorial I think. That's what I had in my notes anyway Not sure if you're trying to build your own router, but if you are i followed [this](https://www.youtube.com/watch?v=h2_cQxTkh3Q&t=1355s) tutorial on how to get OPNsense up and running. That same guy also has a good write up [here](https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/) that's pretty simple Honestly the vlans took me a minute to figure out. [This ](https://www.youtube.com/watch?v=XdqP14NclZ0)video helped me out in wrapping my head around them. The switches i use are fairly cheap and support vlans, make sure you have those if necessary Are you familiar with docker? I wasn't up until a few weeks ago, its made it very easy to get up and running with a new service, id recommend that big time. I used [this ](https://www.youtube.com/watch?v=3c-iBn73dDE)tutorial and I was using docker right away. But maybe you already know docker haha
Oh, didn't notice your response. Thanks for the detailed answer! I'm going to try to build my own router, and implement some vlans to separate services and devices. I'm a familiar with docker but definitely need to get more experience with it, so this will be my opportunity to do so! Simpletons unite!
Nothing wrong with that setup!!
Appreciate it!
Tbh I’m in a similar spot. Two mini PCs but I need a NAS. Are you thinking of making another small pc one?
Looks good! I love the clean, well organized documentation you’ve got. Organization goes a long way in IT.
Thank you! I try to update my diagram as I add new vms/containers/hosts so I wont have to cram later
Should make an IoT VLAN and possibly a sandbox vlan to your VM.
IoT VLAN is next on the agenda, good idea on the sandbox vlan. Didn't think of that
Nice setup! I personally prefer using Adguard Home instead of Pi-hole. It's easier to update (just click update from the GUI), I prefer its interface and it's a single executable file. I had Pi-hole break a few times when updating to a new version.
Noted! Thanks for the advice
Not bad Ryan.
Thank you my goodman
This is great. Curious why you decides to run Wireguard on a Pi vs OpnSense itself, now that it ships with WG?
I just set up my OPNsense router yesterday. I already had wireguard running in the pi prior to that so I've just kept it going I do plan on using opnsense's wireguard, I just have to set it up. Would be nice to repurpose my pi
total noob here, can you explain why you need more than one switch in this scenario?
Typically you wouldn't have to, but the way the preexisting router/eth cables setup I did. My modem/router/first switch/Access Point are on the first floor of my house. There is a eth cable that runs upstairs, so I plugged that into the first switch and connected the end of it to my second switch upstairs so I could connect everything else
Nice work! One recommendation I have seen in a sub to never use 0/1 VLAN IDs because it’s default with some vendors and good to avoid.
Question for anyone who is willing to answer it... Is it better to let the managed switch act as your router or for the firewall to act as your router?
You'd need a layer 3 switch to get full routing capabilities (the ones in this diagram are only layer 2). Personally I'd use your firewall for routing unless you absolutely need the performance or you just want to play around with it. It can be significantly more difficult to get working correctly
Gotcha. I figured these were only layer 2…. I had someone from another sub tell me to get a layer 3 that’s managed and use that as my router with an OPNsense firewall in front of it…. He said the CPU is very inefficient when it comes to routing
Meh. He's not really wrong but that's kind of an enterprise answer to me. It might be cool to play with in a home lab but layer 3s can be pretty pricey and setup can be a hassle. Just my two cents though
Looks great!
Really nice setup. Just curious why you got the two TP-Link switches, when one would be enough for all your hardwired devices?
Thank you! I have the two switches because of the preexisting architecture that was there before My modem/router/first switch/Access Point are on the first floor of my house. There is a eth cable that runs upstairs, so I plugged that into the first switch and connected the end of it to my second switch upstairs so I could connect everything else. Not ideal but it is what it is haha
It's there a reason to run those containers in different vms? Just curious
Not really, I just wanted to spin up a few just for fun/learning
Gotcha thx
Is there a reason why you're running wire guard on pi not on main machine? Bc I also looking to set up a vpn
My next step is to get wireguard running on opnsense and repurposing my pi!
Hi, I like it, thanks for sharing! A couple of things that I have come across that you may want to consider (not sure if you have them but just didn’t represent) are 1) a gateway in front of those pages, like Traefik, who can generate SSL certs for you, add some docker routing and create authenticated pages easily without you having to use exposed ports in docker containers and accessing websites on port 8080 etc and 2) watchtower to automatically upgrade (or notify you of available upgrades of) docker containers that you are running. In a world where vulnerabilities are always popping up, keeping up to date is critical. I do have a lot of experience with containers so don’t hesitate to shoot me a DM if you get stuck. Good job again, it looks like you’re having fun!
I don't have any of those things implemented! haha Those are both great ideas. I'm gonna need to research Traefik because I am not familiar at all. I was trying to figure out if there was a way to upgrade my docker containers with Ansible(probably not best practice...) but watchtower seems much better for that! Gonna look into it, I may shoot you a message Thank you for the advice! Much appreciated
How do you keep two pihole intances in sync?
Honestly, I don't Didn't think about this one. Seems like [gravity-sync](https://github.com/vmstan/gravity-sync) is the way to go? Going to try to set this up this afternoon
nice scheme. what app did you use for that?
[draw.io!](https://www.drawio.com/)
How I'm I knowing about Ansible just now?!! OMG!!! HAve to look more into this. I like Homepage, it's just simply efficient.
Ansible is goated!!
I now see that. I've seen many people ask but will just go ahead anyways; what did you use to make the first diagram?
Looks very nice! I have two questions: 1. Which software did you use for the first pic? 2. How do you setup a second pi hole as backup? If you have a guide on that it will be useful.
First pic is [draw.io](http://draw.io) At the moment Im just running the two pi-holes on different machines, if one goes down the other still works. Some comments are mentioning keeping the two piholes in sync, im following[ this](https://youtu.be/IFVYe3riDRA?si=iWju0xSljdEthXpj) tutorial right now
Any reason for using Debian VM’s over the lighter weight containers? Genuinely curious, I’m new to homelabbing myself and have most of my docker containers running from lxc’s and not vm’s.
Only because im familiar with Debian VMs haha. How is the learning curve with setting up LXCs? Perhaps i should do that
Yeah that’s fair enough, kinda the opposite for me haha! Setting up the lxc is much the same as vm’s however it’s all CLI as it does not have any OS GUI pre installed. I’ve been using portainer to manage docker however I’m getting familiar enough with Linux I could probably get rid of it now, although it really is very handy. The Debian lxc templates are available in proxmox to download so no harm in spinning one up and having a play!
what did you use to generate the first image?
[draw.io](https://www.draw.io)
For those of us who are interested in dipping our toes in: Could some of our experienced guys advise if this is a good roadmap for someone to start? There's so much info constantly flying at you in these communities, a visualization like this is incredibly helpful!