I've recently got some inspiration to finally make use of some of the equipment I got a while ago recently and basically tore down all my existing stuff to build it back up better. Current setup/future plans:
Router: VyOS running on a HP T620+. I chose VyOS over OPNsense since you can update everything via an HTTPS api which allows me to automate anything I need to whenever I deploy a new server. I have all my static IP addresses handled via the DHCP server so being able to just send it the mac address of the server and desired IP is much easier than in OPNsense where I had to manually update it whenever I wanted a new static lease. On the hardware side I chose the T620+ since it was pretty cheap on ebay (~$130) and came with a 4 port gigabit nic. One of the ports goes to my modem for WAN access, and the other 3 are used for the different VLANs i'm running. The second port is for my LAN VLAN which is where my hypervisor and any of the network infrastructure will live. The third port is dedicated to the CAM VLAN which will have all of the security cameras I eventually install. The last port is running two separate VLANs one for the guest network, and one for the IOT network. I have these 2 on the same port as they won't be using as much throughput as any of the other vlans will so they should be ok running on a single interface.
Main virtualization host: Dell R620 with 2 xeon cpus that have 8c/16t each and 128GB of RAM. It's running Esxi 6.7 with the trial license and I setup a cronjob that automatically renews it each day so I don't have to worry about it running out.
Current services:
DNS: I'm running a local DNS server so that I can resolve everything locally via hostname instead of needing to remember the ip addresses for each server individually. I'm running dnsmasq and it pulls entries from the /etc/hosts file to serve up for dns. I'm working on creating a little program that periodically checks the active leases the router has and updates the /etc/hosts file so that way I don't need to do it manually at all.
Wiki.js: I've learned my lesson from previous setups and at work that documentation is crucial, so I setup a little wiki where I can write down configurations, how to's, installation instructions etc. as I setup new stuff.
TP Link Omada controller: I have a TP Link EAP620 wireless access point that i'll be setting up soon so I have the controller software setup to manage that, and any future ones I also add in to improve coverage throughout the house.
Future services:
Jellyfin
Home Assistant
*arr suite
Some sort of dashboard
Prometheus monitoring with Grafana dashboard
Storage:
The R620 has 4x1.2TB hdds in it that are used as the pool for virtual machine storage.
I'm in the process of building a NAS that will have all my media storage and anything else that isn't part of the virtual machines. I have the CPU, motherboard, and 4x14TB hard drives. I'm slowly buying parts to finish it as they go on sale. The plan is one 10 gig sfp connection direct to the R620, and another 10 gig sfp connection to the main switch so multiple hosts can access data at gig speeds at the same time. Any new network runs in the house are going to be with CAT 6A so it will support 10 gig in the future.
Deployment strategy:
I'm attempting to automate as much as I can with deployments that way it's just one command the machine automatically gets deployed and configured properly. To facilitate this i'm using a few different tools:
Packer: I'm using packer to generate golden vm images that I can then clone into new machines whenever I need them. These are using a CentOS 8 Stream for the OS and I have 3 different sizes generated depending on what the application calls for. I install all base packages I need along with my ssh key so i'm able to login to them without a password. I also setup a cronjob to run ansible-pull which i'll talk about in the next section.
Ansible: Instead of the traditional ansible push style architecture, i'm using ansible-pull so I can have the machines auto update their configs from a remote git repo. This means once the machine is created, there's nothing I have to do manually and it will automatically install all the necessary software and configure everything to work. I have the machines run an ansible playbook based on it's hostname that way I can have the same cronjob for every machine and the software it gets is just based on it's hostname.
Terraform: To deploy the actual virtual machines i'm using terraform since that's what i'm familiar with from work. Having all my machines defined in code lets me easily see what should be running vs what is, and even if everything gets wiped out I can deploy them all out again in one command, and then ansible will take care of getting all the services up and running.
Remote Access: Fiber was brought into our neighborhood recently so I hopped on that with symmetrical 500MB speeds for the same price I was paying comcast for 60 Down 5 Up. The only downside is they use CGNAT so I can't expose any of my services to the internet directly. To get around this I set up a small instance in GCP running wireguard with a tunnel back to my router. This allows me to connect from my laptop wherever I have internet access and it is as if i'm on my lan directly. I can also easily switch to having all my internet traffic routed through my house when i'm remote too if I want which is nice. Secondly i'll have a reverse proxy on the GCP server that can then forward requests down the wireguard tunnel to be handled by whatever service is being requested.
I'm curious to see if anyone else has some setups they are interested in sharing or has any ideas in ways I could improve mine or new things to host.
Router: VyOS running on a HP T620+. I chose VyOS over OPNsense since you can update everything via an HTTPS api which allows me to automate anything I need to whenever I deploy a new server. I have all my static IP addresses handled via the DHCP server so being able to just send it the mac address of the server and desired IP is much easier than in OPNsense where I had to manually update it whenever I wanted a new static lease. On the hardware side I chose the T620+ since it was pretty cheap on ebay (~$130) and came with a 4 port gigabit nic. One of the ports goes to my modem for WAN access, and the other 3 are used for the different VLANs i'm running. The second port is for my LAN VLAN which is where my hypervisor and any of the network infrastructure will live. The third port is dedicated to the CAM VLAN which will have all of the security cameras I eventually install. The last port is running two separate VLANs one for the guest network, and one for the IOT network. I have these 2 on the same port as they won't be using as much throughput as any of the other vlans will so they should be ok running on a single interface.
Main virtualization host: Dell R620 with 2 xeon cpus that have 8c/16t each and 128GB of RAM. It's running Esxi 6.7 with the trial license and I setup a cronjob that automatically renews it each day so I don't have to worry about it running out.
Current services:
DNS: I'm running a local DNS server so that I can resolve everything locally via hostname instead of needing to remember the ip addresses for each server individually. I'm running dnsmasq and it pulls entries from the /etc/hosts file to serve up for dns. I'm working on creating a little program that periodically checks the active leases the router has and updates the /etc/hosts file so that way I don't need to do it manually at all.
Wiki.js: I've learned my lesson from previous setups and at work that documentation is crucial, so I setup a little wiki where I can write down configurations, how to's, installation instructions etc. as I setup new stuff.
TP Link Omada controller: I have a TP Link EAP620 wireless access point that i'll be setting up soon so I have the controller software setup to manage that, and any future ones I also add in to improve coverage throughout the house.
Future services:
Jellyfin
Home Assistant
*arr suite
Some sort of dashboard
Prometheus monitoring with Grafana dashboard
Storage:
The R620 has 4x1.2TB hdds in it that are used as the pool for virtual machine storage.
I'm in the process of building a NAS that will have all my media storage and anything else that isn't part of the virtual machines. I have the CPU, motherboard, and 4x14TB hard drives. I'm slowly buying parts to finish it as they go on sale. The plan is one 10 gig sfp connection direct to the R620, and another 10 gig sfp connection to the main switch so multiple hosts can access data at gig speeds at the same time. Any new network runs in the house are going to be with CAT 6A so it will support 10 gig in the future.
Deployment strategy:
I'm attempting to automate as much as I can with deployments that way it's just one command the machine automatically gets deployed and configured properly. To facilitate this i'm using a few different tools:
Packer: I'm using packer to generate golden vm images that I can then clone into new machines whenever I need them. These are using a CentOS 8 Stream for the OS and I have 3 different sizes generated depending on what the application calls for. I install all base packages I need along with my ssh key so i'm able to login to them without a password. I also setup a cronjob to run ansible-pull which i'll talk about in the next section.
Ansible: Instead of the traditional ansible push style architecture, i'm using ansible-pull so I can have the machines auto update their configs from a remote git repo. This means once the machine is created, there's nothing I have to do manually and it will automatically install all the necessary software and configure everything to work. I have the machines run an ansible playbook based on it's hostname that way I can have the same cronjob for every machine and the software it gets is just based on it's hostname.
Terraform: To deploy the actual virtual machines i'm using terraform since that's what i'm familiar with from work. Having all my machines defined in code lets me easily see what should be running vs what is, and even if everything gets wiped out I can deploy them all out again in one command, and then ansible will take care of getting all the services up and running.
Remote Access: Fiber was brought into our neighborhood recently so I hopped on that with symmetrical 500MB speeds for the same price I was paying comcast for 60 Down 5 Up. The only downside is they use CGNAT so I can't expose any of my services to the internet directly. To get around this I set up a small instance in GCP running wireguard with a tunnel back to my router. This allows me to connect from my laptop wherever I have internet access and it is as if i'm on my lan directly. I can also easily switch to having all my internet traffic routed through my house when i'm remote too if I want which is nice. Secondly i'll have a reverse proxy on the GCP server that can then forward requests down the wireguard tunnel to be handled by whatever service is being requested.
I'm curious to see if anyone else has some setups they are interested in sharing or has any ideas in ways I could improve mine or new things to host.
