Homelab 3.0

Vibeshibe

3 min read
Homelab 3.0
Photo by Thomas Jensen / Unsplash

I recently looked over my homelab and noticed it's kind of all over the place. No streamlined processes and I kinda set everything up differently on each node that I run.

So, in order to streamline things I thought long and hard how to best set up my grand new Homelab 3.0. And what new web based services I want to use and what vital role a VPN connection will play in the near future.

Here's a short list of apps I am running seperated per node:

gs1.shibabox.eu (homelab):

  • Traefik as Reverse-Proxy
  • Wings (Gameservers in Docker)
  • Rocket.Chat (https://chat.shibabox.eu)
  • Omada SDN (Network Management)
  • ipupdate (Dynamic DNS IP Updating Tool)

heimdall.shibabox.eu (homelab):

  • Nginx as Reverse-Proxy, not forwarded to the internet.
  • Pi-Hole (Ad-Blocking and DNS)
  • Ansible Control Node

mail.shibabox.eu (cloud):

  • Nginx as Reverse-Proxy
  • Mailcow Mail Server
  • authentik (Identity Management)
  • Ghost-Blog (This very website)
  • DiscordGSM Gameserver monitoring Bot for Discord
  • Vaultwarden Password Manager
  • Multiple carrd like business cards via NGINX
  • Uptime Kuma for a different project of a friend
  • Pterodactyl Panel (to interface with Wings for Gameserver Management)

gs2.shibabox.eu (cloud, USA):

  • Nginx as Reverse-Proxy
  • Wings (Gameservers in Docker)
  • Nextcloud
  • Piwigo (art gallery for my furry shit)
  • Planka (Kanban Board for Project Management)

Issues and Alibis

Now, most optimally I wouldn't have most of these applications be reachable via the internet, it also lacks security with things like Fail2Ban and is prone to Brute-Force attacks on my infrastructure. Considering I specialized in IT Security it's a shame on me for being this lazy and not following up with making my personal infrastructure and things that make my life easier - safer.

There's also no centralized logging, monitoring or alerting. I've been plenty lucky with having close to no downtime with any of my services. Except for when my ISP said so.

But where I want to go in the future is that I stop sharing most of my infrastructure with friends and family and use it mostly for myself. So I can hide most applications in the safety of my own network.

So, I have a very dear wish on how my homelab and my nodes should look like in the future, starting with choosing a dedicated name convention and moving away from domain names that I cannot cover with letsencrypt.

My nodes will be renamed in the following schema:
node<number>.<country code>.shibabox.eu

This will affect all nodes except for the mail server. For obvious reasons. (Reverse DNS Lookup)

So here's the upcoming name convention:

mail.shibabox.eu -> node01.de.shibabox.eu
gs1.shibabox.eu -> node02.de.shibabox.eu
heimdall.shibabox.eu -> infra01.de.shibabox.eu
gs2.shibabox.eu -> node01.us.shibabox.eu

The Future

And now we come to the term of what I hope to be running in the near future and what the entire infrastructure should look like most optimally. This should solve alot of problems and put my ressources to way better use. Hopefully.

node01.de.shibabox.eu (mail.shibabox.eu)

  • NGINX RP (No GUI)
  • Mailcow Mail Server (for now atleast)
  • Crowdsec
  • Ghost-Blog (This very website)
  • Pterodactyl Panel
  • Uptime Kuma for myself and Friend's Project
  • Graylog
  • Prometheus + Grafana
  • SplunkForwarder
  • (Possibly Wireguard Tunnel to Home Network)
  • (Wazuh Endpoint Protection Server)

node02.de.shibabox.eu

  • Crowdsec
  • Prometheus + Node Exporter
  • SplunkForwarder
  • Wings (Gameservers in Docker)
  • Jellyfin + external HDD
  • Planka Kanban
  • Piwigo (art gallery for my furry shit, might switch to danbooru tho)
  • Omada SDN (Network Management)
  • ipupdate (Dynamic DNS IP Updating Tool)
  • Authentik (Identity Management)
  • Psono Password Manager (replacing Vaultwarden, integrates with Authentik)
  • DiscordGSM Gameserver monitoring Bot for Discord
  • Wiki.JS for internal documentation

infra01.de.shibabox.eu

  • NGINX RP (With GUI, only internal)
  • Pi-Hole
  • Crowdsec
  • Ansible Control Node

node01.us.shibabox.eu

  • NGINX RP (No GUI)
  • Crowdsec
  • Prometheus + Node-Exporter
  • SplunkForwarder
  • Wings (Gameservers in Docker)
  • Nextcloud
  • Business Cards

In the future I plan to add a NAS to my homelab, it'll host Jellyfin / Plex + my private Storage, the Nextcloud will stick around so I can send my photos to friends / customers from conventions and the likes.

I will probably update this site as my planning goes along. I definitley want to look into automating my container updates in the near future, could be that I set up a AWX Tower for this and make some scheduled jobs that will pull the latest docker image for stuff like nginx or Wings etc.

I would also be hoping on streamlining using one database with multiple tables instead of multiple seperate containers.

Thanks for reading! If you have any input, feel free to reach out!

Photo by Minh Pham / Unsplash