My self-hosted home setup

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨tiller@programming.dev⁩ to ⁨selfhosted@lemmy.world⁩

https://programming.dev/pictrs/image/12c4ce6d-00fc-4fa0-a212-740306795604.png

Dedicated wifi for automation allows me to have devices such as Xiaomi Vaccuum, or security camera not phoning home. OpenWRT with good firewall rules completely isolate my “public” containers/VMs from my lan.

Image

Server was built over time, disk by disk. I’m now aiming to buy only 12TB drives, but I got to sacrifice the first two as parity…

Image

I just love the simplicity of snapraid / mergerfs. Even if I were to loose 3 disks (my setup allows me the loss of 2 disks), I’d only loose data that’s on these disks, not the whole array. I lost one drive once, recovery went well and was relatively easy.

Image

I try to keep things separated and I may be running a bit too many containers/vms, but well, I got resources to spare :)

source

Comments

Sort:hotnew top

transmatrix@lemmy.world ⁨1⁩ ⁨year⁩ ago
As an FYI: this set up is vulnerable to ARP spoofing. I personally wouldn’t use any ISP-owned routers other than for NAT.

source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  I’m not well versed in ARP spoofing attack and I’ll dig around, but assuming the attacker gets access to a “public” VM, its only network adapter is linked to the openwrt router that has 3 separated zones (home lan, home automation, dmz). So I don’t think he could have any impact on the lan? No lan traffic is ever going through the openwrt router.
  
  source
  - transmatrix@lemmy.world ⁨1⁩ ⁨year⁩ ago
    The risk is the ISP Wi-Fi. As long as you’re using WPA with a good long random passkey, the risk is minimal. However, anyone who had access to your Wi-Fi could initiate an ARP spoof (essentially be a man-in-the-middle)
    
    source
    -> View More Comments
tuff_wizard@aussie.zone ⁨1⁩ ⁨year⁩ ago
That’s… not all hand written is it? No one who is good at computers can write that well. We got into this BECAUSE we couldn’t write well, right?

source
- lemming@lemmy.sdf.org ⁨1⁩ ⁨year⁩ ago
  Looks like excalidraw to me. I use it all the time to quickly make diagrams like these.
  
  source
- twack@lemmy.world ⁨1⁩ ⁨year⁩ ago
  It’s not, look at postgres under both DB in the last picture. That’s not just the same writing, it’s identical.
  
  source
  - tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
    programming.dev/comment/2512899 :)
    
    source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  🙈
  
  source
SpaceNoodle@lemmy.world ⁨1⁩ ⁨year⁩ ago
I like the WiFi 6 just going out into the ether. Like you’re just throwing morsels out to the peasants.

source
half_built_pyramids@lemmy.world ⁨1⁩ ⁨year⁩ ago
Oh God yes, I never knew I needed illustrated self hosting architecture.

Need more. Could you also add like, a curious cat that asks questions?

source
- jws_shadotak@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
  Hate to break it to you but this is a font. It’s all typed.
  
  source
Huschke@programming.dev ⁨1⁩ ⁨year⁩ ago
I would never use an ISPs router for my home network. It just causes so many issues that you can easily avoid by either using your own router directly or if that is not possible putting the device into “bridge” mode and using your own router behind it.

What are some of the issues?

The devices the ISPs use are usually the cheapest hardware imaginable and therefore introduce substantial unnecessary latency.

Where I live some ISPs also used to use tools that genereted wifi passwords based on the devices MAC address. While this is apparently fixed now, a lot of non tech savvy users still use these old devices that are basically open to anyone now.

To save even more money, they sometimes deliberately send out faulty devices (as in devices that drop connection frequently, restart for no reason, etc) which is just horrible.

I know these issues because I worked in that field and there are a lot more unfortunately…

source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  WIth my previous ISP, I swapped the ISP’s router with my OpenWRT’s and everything worked fine. With my current ISP, it appears that it’s not that simple to swap the router altogether. But I’ll be honest, the biggest factors are price and number of routers/switch. As I want 2.5gbps, I’d need a router with at least dual 2.5gbps ports. The WIFI6 offering is also quite nice. And if I can’t swap my ISP router, it would just add another device. In a perfect world, I’d have a single router running openwrt, with wifi6 and couple of 2.5+gbps ports (but unfortunately openwrt doesn’t play nice with most wifi6 routers and these routers can get very expensive) For now, my ISP router does the job and I haven’t had any issue (yet)
  
  source
  - foggenbooty@lemmy.world ⁨1⁩ ⁨year⁩ ago
    What are too currently using for your OpenWRT router? I just got one of these and I would highly recommend it: a.aliexpress.com/_mq4HxaS
    
    Get the N100 barebones version because you can slap an SSD and RAM in there for cheaper and have more selection. It has four 2.5Gb NICs and the internal PCIE slot for a WiFI card if you really want, though I would recommend getting a Ubiquiti AP to go along with it.
    
    You can put OPNsense on it bare metal, or proxmox and then run your network related VMs there instead of your main server. Your choice.
    
    source
    -> View More Comments
  - ddx7@lemmy.world ⁨1⁩ ⁨year⁩ ago
    Not a net ops person but I had to change my WiFi router MAC to the one from the ISP to make it work
    
    source
    -> View More Comments
  - ElderWendigo@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
    You could spend a little for a prosumer router and AP. I have a very similar setup with a cable modem, edge router X (ubnt), a single UniFi AP, and a service running on my server (this could be replaced with a separate hardware device or Raspberry Pi, but the server is going to be running anyway).
    
    source
Bjornir@programming.dev ⁨1⁩ ⁨year⁩ ago
That is a great quality post! Congratulations and thank you

Your home network is not too shabby either ;)

source
doublejay1999@lemmy.world ⁨1⁩ ⁨year⁩ ago
I like the way you wrote this in history class

source
Sotuanduso@lemm.ee ⁨1⁩ ⁨year⁩ ago
Hmm, nice detailed specs on your home network. Mind sharing your IP? For, uh… totally trustworthy reasons. Asking for a friend. >: )

source
- Nails@lemm.ee ⁨1⁩ ⁨year⁩ ago
  192.168.0.1
  
  source
  - Sotuanduso@lemm.ee ⁨1⁩ ⁨year⁩ ago
    Got it. Sending the virus to 192.168.0.1…
    
    source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  I heard everyone on the internet is nice and have good intentions. Did they lie to me?
  
  source
  - GBU_28@lemm.ee ⁨1⁩ ⁨year⁩ ago
    Here’s my password to show trust:
    
    source
    -> View More Comments
TCB13@lemmy.world ⁨1⁩ ⁨year⁩ ago
Congrats for keeping your setup simple!

source
danl@lemmy.world ⁨1⁩ ⁨year⁩ ago
Upvoting because Balsamiq

source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  I’m afraid I can’t take your upvote sir… excalidraw.com
  
  source
  - danl@lemmy.world ⁨1⁩ ⁨year⁩ ago
    Oh damn! I must be out of practice. Still a great tool
    
    source
Decronym@lemmy.decronym.xyz ⁨1⁩ ⁨year⁩ ago
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters

AP WiFi Access Point

IP Internet Protocol

NAT Network Address Translation

[Thread #100 for this sub, first seen 1st Sep 2023, 11:25] [FAQ] [Full list] [Contact] [Source code]

source
AndreaHill@lemmy.world ⁨1⁩ ⁨year⁩ ago
For the stupid among us, what’s the purpose of the switch?

source
- TheButtonJustSpins@infosec.pub ⁨1⁩ ⁨year⁩ ago
  Maybe the ISP router only has one port?
  
  source
  - Moonrise2473@feddit.it ⁨1⁩ ⁨year⁩ ago
    That would be a smart idea for the ISP. Sell a 5 gigabits fiber connection but force the customer to use their router which comes with a single gigabit port
    
    source
    -> View More Comments
Ac5000@lemm.ee ⁨1⁩ ⁨year⁩ ago
Thank you for posting this with the explanations and great visuals! I am wanting to upgrade to a setup almost identical to this and you’ve basically given me the bill of materials and task list.

Anything you wish you had done differently or suggest changing/upgrading before I think about putting something similar together?

source
coolasbreeze@lemmy.world ⁨1⁩ ⁨year⁩ ago
Very nice

source
tgxn@lemmy.tgxn.net ⁨1⁩ ⁨year⁩ ago
Interesting setup, mines very similar. Except with ZFS and no DMZ 😅 I’m thinking of setting up vlans for automation too, how do you handle updates and software downloads on that lan?

source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  If I ever need to update any device on the home automation vlan, I’d add an exception to the firewall for this specific host for the time of the update
  
  source
NanoooK@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
[deleted]
source
- tiller@programming.dev ⁨1⁩ ⁨year⁩ ago
  Thanks, excalidraw.com if you’re ever interested
  
  source

Fewer Letters	More Letters
AP	WiFi Access Point
IP	Internet Protocol
NAT	Network Address Translation