My Home Lab Setup

1/26/2024

A quick overview of my home lab setup, showcasing the hardware, software, and services that comprise my home lab. This setup allows me to experience technologies and learn skills without breaking production.

Home Lab

Home Lab

Virtualization Servers

Hardware

The two HP Z800 servers each have two Intel Xeons with 6 cores and 12 threads, totaling 24 virtual cores per server. 48 virtual cores it is quite overkill for running a daily home lab, but it allows me to set up labs to practice cybersecurity concepts. One example of this is the Active Directory lab that I have set up simulating the OSCP's test boxes.

As for the memory, each of them has 32 GB and 1 TB of hard drive storage, which is not a roadblock due to having a NAS. Finally, they each have an NVIDIA Quadro FX 1800 GPU.

The main drawback with the servers is that they each consume 200W of power. This is quite a downside; but, it has a DVD player, so what can I say? Worthy tradeoff.

P.S.: Might sell one of the servers sometime soon.

Software

Currently, both servers just run XCP-NG. However, it was a long journey before I ended up sticking with that.

  • Initially, I started with Proxmox but I ran into multiple issues with drivers not loading properly due to the old hardware. Even when I managed to get it to work it was extremely buggy and slow. One of the servers installed Proxmox out of the box and perfectly fine btw and it had to be the first one >:(
  • So I moved to VMWare ESXi. This worked for the longest time; however, I wanted to do more. I wanted to control how the operating system worked and how the VMs were created. This was around the time some intrusive anti-cheats were released and I did not want to install that into my main system.
  • I decided that I would just install a KVM on a Linux distro and make my own mini version of Proxmox. This would allow me to have full control of the system and configure it exactly to fit my needs.
  • Choosing a RHEL-based distro allowed me to experience some enterprise tools and enhance the quality of my home lab. Red Hat's cockpit package offered me a wonderful interface to manage both of those servers and SELinux allowed me to securely run containers directly from the host.

After blocking the GPU drivers from loading on the host, disabling the Hypervisor flag from the CPU, and some other tweaks, I created a VM and ran some tests and viola it worked. This was a learning experience; however, I decided it was not worth playing the game if I had to risk getting banned or breaking TOS.

The final part of the story is when I got my hands on the Raspberry Pi 4 8 GB edition. I was stress-testing it by running all my services from there and it was astonishing! Sipping power averaging around 5-7W on idle and peaking at 15W. This excited me I was already thinking about migrating my services to AWS or running them on a VM from the NAS. But the Raspberry Pi came along and ran the services for a tenth of the power. So I made the move, RPi 4 running Debian and Portainer for remote management and a VM on the NAS for redundancy and fault-tolerance.

Now that servers are not required to maintain my services, I can use them to set up labs and experiment with technologies. So I did just that and installed XCP-NG to play around with. It was amazing to test out tools and had an amazing remote management interface.

I will talk about one of the labs that I have set up in a later blog.

NAS Server

NAS Server Internals

Inspired by this Linus Tech Tips video.

The CPU is an Intel i5-11400 6 cores 12 threads, with 32 GB of RAM. Now the juicy part, it holds 3 4TB Hardirives configured in a RAID 6 array and two 512 GB SSDs for redundancy.

It is running the TrueNAS Scale. I was able to move away from having the HP servers run as a main part of the home lab and instead use them to learn about new technologies.

Raspberry Pis

As I went about earlier, the RPi 4 that I have runs Debian and is a container host that runs various services that I want to run in the home lab. Because it stores data in the NAS, I can duplicate the services on a VM for a fault-tolerant infrastructure.

The RPi 3 is the home automation hub. Running home assistant, as well as, various other scripts that I have written to control the IOT devices at home.

I also have another Raspberry Pi! Yes, that makes it three. This one I got as a gift for helping out at my high school's computer lab. I mainly use it as a DNS server that is placed in another room, so if I trip the breaker, we don't lose access to the internet.

Networking

Network Diagram

Let me just quickly explain how the network is configured.

  • The untrusted network is where all the IOT devices are connected to. Like Smart TVs, Lights, etc
  • Then there is a router connecting me to the switch and the rest of the devices, a very basic firewall (just block all the devices from untrusted)
  • The trusted network is separated into two VLANs
    • VLAN 1 is where personal computers connect
    • VLAN 2 is where the servers/NAS connect. The services here are exposed to VLAN 1 using a reverse proxy

This segmentation of the network allows me to protect crucial devices and sensitive data.

What I have leaned

  1. Troubleshooting: There were a ton of issues that popped up while I was setting up this infrastructure. I learn about how to read the logs and look through documentation to fix issues.
  2. Technical Proficiency: Building and configuring various hardware components, such as servers, NAS systems, and Raspberry Pis, has significantly enhanced my technical skills. I've gained hands-on experience with virtualization technologies, network configuration, and system administration tasks.
  3. Security Awareness: Designing a secure network infrastructure and implementing measures to protect sensitive data has heightened my awareness of cybersecurity principles.

Overall, this allows me to learn about technology and get excited about things I can do and put into this lab. I will continue working on my home lab and scripting away tasks for the foreseeable future.