Skip to main content

Homelab - Humble Beginnings

Table of Contents

Introduction
#

Having recently emigrated, I got rid of most of my electronics stuff. One of such items was a Raspberry Pi. It worked perfectly fine, but felt like I could do without one for a while. Turns out, that isn’t true.

Inspiration sparked by youtube videos (mainly Jeff Geerling), I was eager to get started with my personal homelab. Buying a server rack and stacking it with switches and powerful servers is a future goal. For now, let’s start with a simple Raspberry Pi.

The Pi I chose is a Raspberry Pi Zero 2W. It’s got a whopping 512MB of memory and, as we’ll see later, that limit is easy to reach. I’ll start with the fundamentals and install some networking services.

As a side goal, I thought it’d be fun to learn Ansible. We’re using Ansible at work, so I might as well. This tool makes it easy to install software on a machine by capturing hosts, configuration and installation steps in yaml files.

This project can be found on my GitHub.

Case
#

My local library provides a low cost 3D printing service. I gladly made use of their service by sending them a small Pi Zero case design I found on Printables. It only cost 7 dollars and was ready for pickup after a few days. They even took into account my request to print the cover in white. Here’s the design:

The teeny tiny Raspberry Pi Zero 2W in its 3D printed case.
The teeny tiny Raspberry Pi Zero 2W in its 3D printed case.

Services
#

Due to hardware constraints, the number and complexity of services has to stay limited. I picked the following:

PiHole
#

Pihole is a DNS service that blocks network requests based on blocklists. These blocklists can be found online, but it comes preinstalled with one that’s just fine. The blocklist automatically stays up to date by pulling from a github repository.

Devices can be configured to use the PiHole as their DNS by entering the Pi’s local ip address in the respective device’s network settings. This will route all trafic from the device through the PiHole, which blocks ads and trackers.

Finally, PiHole is used to provide local DNS names. I want to reach services by a human readable name, not an ip address. PiHole gets pihole.jobmos.net, Prometheus get prometheus.jobmos.net, etc.

A screenshot from the PiHole admin dashboard.
A screenshot from the PiHole admin dashboard.

WireGuard
#

Services running inside your local network are blocked from the outside world, which is a very good thing. However, what if you have smart home applicances and you want to turn on/off your lights or heater when you’re at work. Enter the VPN WireGuard (with port forwarding).

WireGuard is a VPN that allows you to enter your home network from the outside world in a secure way. This requires opening a port on your router. The beauty of WireGuard is that it doens’t respond to invalid login attempts at all, making it impossible for attackers to know the network they’re targeting has an open port.

The VPN encrypts network traffic, but this means your internet speed will suffer severly. For example, my regular internet speed is 500 Mbit down which lowers to about 20 Mbit with wireguard. This is caused by the decryption of the network traffic. As the Raspberry Pi Zero 2W is not the sharpest tool in the shed, using WireGuard is remains a ‘when strictly necessary’ option.

Node exporter
#

To keep track how the Pi is holding up, I instaled Prometheus’ node exporter. This service exposes metrics for CPU, memory and disk usage.

Prometheus
#

Prometheus scrapes the node exporter metrics endpoint and saves the data in its internal database. The web interface provides some basic graphing functionality, but ideally you’d want to use a dedicated dashboarding tool such as Grafana.

Prometheus CPU percentage graph.
Prometheus CPU percentage graph.
Prometheus disk usage percentage graph.
Prometheus disk usage percentage graph.

Grafana
#

As great as this dashbaording tool is, it’s very hungry for resources. Grafana is able to read various data time series sources (such as Prometheus or InfluxDB) and presents them in dashboards. On installing this service (using Ansible Galaxy), the poor Pi quickly ran out of memory and started frantically rebooting itself. I need some stronger hardware or find a more lightweight tool for the job. I believe Home Assistant would be able to read Prometheus data, but Home Assistant is a project for another day.

NGINX
#

Finally, NGINX reverse proxy is used to forward traffic from the PiHole’s local DNS records to port numbers on the Pi. Nothing special here.