Introduction
My home lab setup has changed a lot since my last post in 2018. Now it’s 2021 and hype dictionary has change significantly.
I’ve spent the last year or so adopting the cloud-first mindset and my infrastructure has evolved. This will be a 2 part series where I’ll showcase my home lab services and some of the interesting challenges I faced while building them.
In this post I’ll list all the applications I am currently running and what’s their use case and in the second part I will go into detail of how I built them and some of the more interesting challenges I faced during this endeavour.
Service Showcase
(sorted alphabetically)
Bind9 DNS Server
-
Used as a primary DNS for
viktorbarzin.me
zone.╰─$ dig -t NS viktorbarzin.me ; <<>> DiG 9.16.11-RedHat-9.16.11-2.fc34 <<>> -t NS viktorbarzin.me ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56877 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 1ffbde5b921461e7010000006031b8f7ce52dd866264225d (good) ;; QUESTION SECTION: ;viktorbarzin.me. IN NS ;; ANSWER SECTION: viktorbarzin.me. 86400 IN NS ns2.viktorbarzin.me. viktorbarzin.me. 86400 IN NS ns1.viktorbarzin.me. ;; ADDITIONAL SECTION: ns1.viktorbarzin.me. 86400 IN A 213.191.181.130 ns2.viktorbarzin.me. 86400 IN A 213.191.181.130 ns1.viktorbarzin.me. 86400 IN AAAA 2a00:4802:360::367 ns2.viktorbarzin.me. 86400 IN AAAA 2a00:4802:360::367 ;; Query time: 57 msec ;; SERVER: 10.0.20.1#53(10.0.20.1) ;; WHEN: Sun Feb 21 01:35:51 GMT 2021 ;; MSG SIZE rcvd: 196
Dnscrypt
- Service to issue DNS queries over HTTPS thus improving privacy.
- You can read more about it in my blog post about DNS over HTTPS.
- Everything that uses internet on my network does DNS resolving via this dnscrypt which anonymises outgoing queries .
- Terraform module.
Drone CI/CD
- Continuous Integration/Continuous Delivery service for dynamic infra update.
- Terraform module.
Build Status | |
---|---|
Infra | |
Website | |
F1 Stream
- Aggregator site which I use update and use to watch F1 without the annoying pop-ups.
- Links to existing services but I block all annoying popups and ads.
- Accessible at http://f1.viktorbarzin.me (Important to open as http because some streams use http as source and browser get annoyed by mixed content and I’m too lazy to reverse proxy them).
- Terraform module.
Hackmd
- Service for Real-time collaboration on documentation in markdown.
- FOSS version of google docs and quip.
- Accessible at https://hackmd.viktorbarzin.me
- Terraform module.
KMS Licensing Server
- KMS server that I use for licensing Microsoft Windows and Office packets.
- Instructions on how to use at https://kms.viktorbarzin.me
- Don’t abuse :-)
- Terraform module.
Kubernetes Dashboard
- Dashboard for visualizing Kubernetes resources.
- Accessible at https://k8s.viktorbarzin.me (client certificate required).
Mail Server
- SMTP, IMAP mail server used for accounts in
@viktorbarzin.me
domain. - Try it out - send me an email at
contact@viktorbarzin.me
. - Terraform module.
metallb
Network Load Balancer
- Network load balancer to allow kubernetes services to use
LoadBalancer
service type and obtain an IP from outside the cluster. - Removes the coupling and hence the single point of failure between kubernetes nodes and externally mapped ports (more on this later).
- Terraform module.
Monitoring Services
Prometheus
- Used for collecting metrics for the entire infra starting from Kubernetes resources to iDRAC SNMP readings and OpenWRT stats.
- Accessible at https://prometheus.viktorbarzin.me (client certificate required).
Grafana
- Used for prettier visualization based on the Prometheus metrics.
- Dashboards - https://grafana.viktorbarzin.me/dashboards
Alertmanager
- Used for alerting based on Prometheus metrics.
- Accessible at https://alertmanager.viktorbarzin.me (client certificate required)
Example email alert:
Pihole
- Service to block Ads on DNS level which proves to be more effective than installing extensions.
- Accessible at https://pihole.viktorbarzin.me (client certificate required).
- Terraform module.
Privatebin
- Service to securely share snippets. Similar to pastebin but content is encrypted.
- Accessible at https://pb.viktorbarzin.me and https://privatebin.viktorbarzin.me
- Terraform module.
Status Page
- External status page to monitor my external availability.
- Accessible at https://status.viktorbarzin.me
- Terraform resources part of monitoring module.
Webhook Handler
- A small project I used to get more experience with Golang.
- Used for handling arbitrary webhooks from various services and execute actions on the cluster side.
- Mostly deprecated in favor of Drone CI.
- Accessible at https://webhook.viktorbarzin.me/
- Terraform module.
Website
- This website you are currently looking at.
- Terraform module.
Wireguard VPN
- My VPN service of choice.
- Migrated off from OpenVPN due to better performance but mostly operational simplicity and hype.
- There is also a web ui to make certificate creation easier.
- Accessible at https://wg.viktorbarzin.me/
- Terraform module.
High Level Overview
All of these services are deployed inside a Kubernetes cluster with 1 master and 5 worker nodes. Each node is a VMWare virtual machine all of which run on a single ESXi host.
More technical details in part 2.