Homelab Rebuild
Over the last years I have slowly created, expanded, configured, broken and fixed my homelab. Having a homelab is a great source for learning networking and system administration, especially if you have a setup that you can break and fix.
This summer I have decided to do a complete overhaul of my home network, and homelab. The motivation for this comes from a vast amount of new knowledge from my second year at Noroff, where I study network and IT-security. The biggest improvements that I can make in my network is mainly security based upgrades, and I want to implement things like a Web Application Firewall (WAF).
Current setup
Today my network use Ubiquiti UniFi system as the networking equipment, and I am very satisfied with the ease of using this, and all the advanced things it is capable of. For servers I have two "servers", which are basically mini-PCs that I have installed Proxmox on.
Planned setup
For my new setup the hardware will stay all the same of course, but a new set of IP ranges will be used, better segmentation and stricter firewall rules. As far as I can, new VMs will be built on NixOS, as this is an operating system I have grown really fond of since I installed it as my main OS almost two years ago.
Planned segmentation:
| Segment | Subnet | Hosts | VLAN |
|---|---|---|---|
| DMZ | 10.1.1.0/27 | 30 | 10 |
| Test | 10.1.1.32/27 | 30 | 50 |
| IoT | 10.1.1.64/26 | 62 | 20 |
| Homelab | 10.1.1.128/26 | 62 | 30 |
| Main | 10.1.1.192/26 | 62 | 40 |
DMZ network
I want a network segment for internet-facing applications I run. These services are mostly running inside my k3s Kubernetes cluster, but I do have some services that run outside the cluster as well. The most important thing I will have in this network is the entrypoint to my services, which will be a NixOS based WAF + reverse-proxy. The DMZ network will also include entrypoints to game servers that I host.
IoT network
Today I have an IoT network for all my smarthome devices, even though most of them are only speaking locally. Today this is blocked from speaking to my other networks, with the exception of some Sonoff devices with Tasmota firmware which are allowed to contact the MQTT server. With the new setup I am considering full device isolation, and only allow the specific devices access to required MQTT server.
Homelab network
This will be the general network for all services that I host on both my Proxmox servers and on my other random hosts such as some Raspberry Pis etc.
Main network
This will be my inner circle where my most trusted machines live, such as personal devices, gaming/workstation PC, Laptop, Phone etc.
So follow along my journey as I will rebuild my homelab over the summer! - The first project will be creating Proxmox VMs with NixOS.
Comments ()