Mexico!!
We just got back from an incredible family vacation to Tamarindo, Mexico.
Beautiful (hot) weather.
Delicious food.
Gorgeous hotel.
It’s unfortunately that we had to leave.. but something tells me that we’ll be back at this hotel some day.
Homelab Journey – Part 2
I’ve gotten (at least temporarily) to the end of the line with my Homelab setup journey.
Rack Assembled:
Since my last post, I’ve changed things up. First, the rack is fully assembled and moved into my crawlspace, which will be its forever home. I still need to run the fiber cable outside that will serve my backyard office that I’ll be building at some point. But I’ll leave that until I’ve actually built the office.
Software configured:
Next, for my sanity, I switch from directly running TrueNAS through Proxmox, to instead running HexOS through Proxmox.
I heard about HexOS from a Linus Tech Tips video. It’s essentially a management layer that sites on top of TrueNAS. So you’re still running TrueNAS and get all the great advantages that come with that. However, HexOS takes care of setting up all your ACL’s though, which in my opinion is HUGE. Trying to sort out all the ACL’s the way that I wanted was a nightmare when I was just running TrueNAS.
There are definitely disadvantages to using HexOS though.
First, it’s beta software, so while I haven’t had any issues in 4 months, I would consider it “use at your own risk” right now.
Second, there is still a lot of polish that needs to be done. There are a lot of basic features that haven’t been added in yet. For example, when setting up your storage pool via TrueNAS, you can pick the type of RAID you want to use. HexOS does not allow you to choose this.
Even with that factored in, I’m so glad I switched over.
Network Nerding:
The last piece of this project, which I only did this month, was some network changes.
I had previously been accessing all the different devices and VM’s on my network by IP. That was a pain, so I spun up a little VM to run a dashboard manager called Heimdall. At this point, it was now easy to access everything on my network.
One problem that remained though, is that I have a few devices on my network that are only accessible via HTTPS. These devices didn’t have SSL certificates though, so going to those pages would prompt a browser SSL warning.
In steps NGINX Proxy Manager.
I bought a domain (https://wizarding.cloud) and set it up internally with an SSL from Lets Encrypt. I was then able to set up all the devices/VM’s in my homelab with subdomains.
This was a totally unnecessary step, but it was a fun learning experiment.
Now I feel good with the state of my Homelab. I still want to set up some more things, like a private VPN for my parents to use with streaming services from outside my house. But the state I’m at now represents 90% completion, which is about as much as I finish anything 😂
Homelab journey – Part 1
It started with an exploit…
I’ve had a home NAS unit from Synology for years. I used that as my BitTorrent client, media server, file backups…etc. It was simple to set up and operate and life was good for years.
Late last year though, Synology had a major zero-day exploit, which allowed attackers to bypass your username/password and even your account’s two-factor authentication.
I imagine a ton of units were impacted – even if Synology doesn’t admit it. The reason I assume this is because my unit was affected and it was pretty locked down. I didn’t allow any remote connections to it, except through Synology’s “Quick Connect” system. Even when using that, you needed my username, password (which were strong and unique), as well as my case 2FA code.
It had blocks in place to automatically block/ban failed attempts and I only had 1st part apps installed on my unit that were kept up to date.
Even with those checks in place, my home network alerted me one day that my NAS was trying to send outbound traffic to China. On my home network, I have traffic to/from multiple high-risk countries block – hence the alert.
I started looking into the possible causes, with a suspicion that my NAS had been compromised. I segregated it from the rest of my network on it’s on walled-off VLAN while I investigated.
Two days later the news of the Zero Day exploit dropped. That gave me hints of where to look and sure enough, buried in my NAS I found a single file, written in Chinese.
So where do we go from here?
Me being the giant nerd that I am, I had started playing with a homelab earlier in the year. Using a simple Intel N100 machine, I had installed Proxmox and set up some simple containers to run things like Plex and HomeAssistant.
I had thought about building a more powerful machine and then using that for a multitude of things, including to serve as my NAS. However, since I already had a working NAS, there wasn’t much motivation.
Well now with my Synology unit compromised, there was motivation…
Let the games begin!!
At first, I thought this would be a good opportunity to upgrade my personal PC and re-use that hardware for the new home lab server. However, after some consideration, I sided against this. This was mostly because one of the main uses will be as a Plex server and my gaming PC had an AMD CPU.. which don’t have built-in hardware transcoding support in Plex. I had no plans on putting a GPU in the server, so I began looking at economical parts to start building.
I ended up finding a great deal on an Intel Core i7-12700K. The chip is TOTALLY overkill for the machine, but I was able to get it for only a few dollars more than the 12400 that I was originally targeting.
Next up, I scored an old Z790 motherboard off Ebay. The Z790 would normally be once again overkill for this project, however the extra SATA ports were valuable to me as I’ll be adding a lot of hard drives for the NAS functionality.
I stuck with a board that used DDR4 vs DDR5, as the extra ram speed is wasted and DDR4 memory is substantially cheaper. Speaking of which, Ebay also helped with finding 128GBs of used DD4 Ram.
Since I’ll be using TrueNAS Scale for the basis of my NAS, the more ram the better as TrueNAS uses RAM for caching. Additionally, there will be multiple linux containers and virtual machines, so the more the merrier. I would have actually gone for more than 128GBs of RAM, but the price jump wasn’t worth it.
Ebay also helped with buying a stack of OEM Seagate Ironwolf Pro 12TB hard drives. These will serve as the ZFS storage pool for TrueNas.
Lastly from Ebay was a simple 4U shallow depth case to pop everything in.
With everything acquired, I built the server and installed Proxmox.
The easiest part of this adventure was complete 😂
… to be continued
Getting called out
Tonight as I was getting my daughter ready for bed, I told her that after she fell asleep I had to go downstairs to do some work.
She turned to me and quite simply asked
Why can’t you just stop working?
A great question to which I didn’t have an answer.
Your job shouldn’t be your life.
It shouldn’t decide your happiness.
It shouldn’t be your identity.
I’ll do better kid. I promise.
Making it work
The past several months have been very tough. Work has been a lot, to say the least. Meanwhile I’ve also been trying to make the most of summer with my family.
I keep telling my team to stop, take a breath, and just try your best. They can’t fix things on their own and everything is going to take time.
However, I haven’t taken my own advice.
I’m writing this out as a recorded reminder to myself to also take the same advice.
Stop
Take a breath
Try your best
Summer Fun
This spring it was very apparent that my daughter had outgrown the little kid’s bouncy castle that we’ve had for the past three years.
So I did what any normal parent would do… and spent several weeks sourcing and negotiating directly with Chinese factories, in order to buy a 40 foot long obstacle course/slide combo 😂🤦
And now it’s here. Lots of core memories to be made this year (and many upcoming years).
You must be logged in to post a comment.