Project #34 - Creating a Certificate Authority for the HomeLab Infrastructure

I have been needing for a long time to create a Certificate Authority so that I will not be using self signed certificates and simply avoiding the checks on various equipment.  This needs to change so that it provides a measure of security in the HomeLab that makes sense.

There have been a number of articles about creation of a Certificate Authority, however one in particular seems to be the one that I could use best.  The reason is that it provides intermediate certificate authorities. That article is at https://jamielinux.com/docs/openssl-certificate-authority/index.html.  I have made a pdf of that site to work its magic.

Obviously, this will require me to make some modifications to make it easier to accomplish, such as using some scripts for the process.  I might also make use of an ACME like internal Certificate Authority to automatically update the certificates. Note that this is in addition to the certificates already created in the Tailscale VPN implementation.

Trying to Get Back into the Groove of HomeLab

I admit it, I have been relaxed in updating this blog.  Lately it's been because of the death of an immediate member of my family and the birth of another. So, I have been experiencing the lows and highs of emotion.  However, I intend on getting back on task since I need to have a focus area.

I intend on revisiting the projects that I have not completed; dropping some, attacking the remainder, and coming up with new projects to keep the entry into HomeLab fully up to date.  I think that I will focus on three things:

• Setting up a certificate authority/creation process so that all infrastructure is encrypted
• Setting up a NAS for my HomeLab
• Setting up PiHole so that I can use its features to start removing ads

Since I have the PiHole located in the Living Room, I will start there by connecting the PiHole to the FLINT router.  I am still going to use the DHCP server on the FLINT but may cause the DNS to come from the PiHole.

Project #33 - Moving the DHCP and DNS over to PiHole

This is one project that has stuck in my craw for a number of years.  I am now in a situation where I am about to change out my network to be in two pieces.  I have enough computers to think about a centralized DHCP/DNS server for the network.  I have used PiHole in the past but now I want to make that the default for all of the routers in my network.  The rub is, I have all of these vlans that need attention when I am giving out IP addresses.  This will be an effort to consolidate the IP gathering and DNS entries into one location that is easier to control.  Some specifics of what I want to do are:

• setup my Netgear switches to force certain IP ranges to certain vlans
• use PiHole to issue DHCP IP addresses tied to their MAC addresses
• if the MAC address is unknown, push it to a guest network
• include both the FLINT and FLINT2 routers in the mix
• modify my FLINT2 setup to have one guest network vlan that is passthrough

Altering the rack connection so that floor work can be done

Well this is the first time that this has happened, fortunately I have enough time to respond. I am having some flooring replaced under my desk/table that is next to my rack.  My roll around chair evidently has caused the flooring to buckle since I did not have a carpet under my chair.  So I went looking for ways to change the connections between the rack, the desk/table, and the power strip across the back window sill.  I want to be able to disassemble everything in case the flooring installers need more room for their work.

I have USB cables, HDMI cables, and Ethernet cables going between the rack and the desk/table.  I also have a power connection and ethernet cables going to the walls and back window sill power strip.

State of the Network in December 2024

So I have not been blogging about my network for some time.  I have been busy at the end of the year with other things including family and my newfound hobby of genealogy,  I am also adding some WoodShop activity in there as well. So, my time with my network has taken a sideline.  However, now that I find that my Retirement Community is going over to a different way of doing things, I find myself coming back to the rack for some more experiments.

• I have changed the configuration of the rack and have removed the switch for the xPod, and removed both of the special purpose Edgerouter-X boxes
• I added a 24 port 1U keystone panel at the bottom to use for projects in the future
• I removed the SLATE router from the living room, since I was not using it very much
• I am first going to start by modifying a test RPi to have two or more namespaces using OpenVSwitch to provide a NAT router function between the NS
• I will also setup the routing tables to make the two NS get their IPs from different DHCP servers
• I am also going to setup a set of Docker containers that lie on either side of the NAT router
• I want to test the idea that normal flow across the NAT is controlled
• I want to test the setup being done via Ansible
• I am going to print a rack panel to mount a GS108T and ER-X at the bottom of the rack for future projects

State of the Network - September 2024

I haven't posted in a while so I thought I might get the blog up to speed.  I have been busily pushing things in the rack to an everyday state.  To do that I had an epihany about the connection between the living room manaaged switch (GS108Tv2) and the back bedroom managed switch (GS116Tv2).  It turns out that instead of using a Powerline adapter, I would be able to use a 35 foot flat Ethernet cable to accomplish the same thing.  So I obtained a flat Ethernet cable, ran it along the floorboard, through the balcony door, around the back of the balcony, through the bedroom door, and plugged into an extension Ethernet cable coming from the back bedroom managed switch.  In doing that, I managed to get the speedtest to triple on downlink (at times) and double the upload speed (at times) [201.9/237 Mbps].  I assume that this means I am approaching the 1Gbps speed between the two managed switches.  This also means that I am not susceptable to power fluctuations on the Ethernet line between the Powerline adapters.

I have also been busily rearranging the rack equipment to use the Netgear M4100-26 and Ubiquity Edgerouter-12.  The Netgear and Edgerouter have been changed to always power on when the rack has power.  This simplifies the overall structure of the rack and eliminates the need for using the two Edgerouter-X routers and another GS108Tv2 switch.  I can now power off those three components until I might need them again.  I left them plugged into the Ethernet patch panel on the bottom.  The only disadvantage is that the Netgear M4100-26 now runs hotter; but the fans at the top are putting out cold air which indicates that it is not as hot as I might assume in the rack; currently at 104 degrees F.

I am now trying to configure a monitor system that can gather statistics and send out commands to update, reboot, shutdown, etc. equipment in the rack.  I hope to continue to get closer to an automatic mode int he rack which will support experiments in the future.

State of the Network - April 2024

Lately I have been working some electronics projects, genealogy, and really haven’t had time to really work on my HomeLab.  Sensing that I haven’t posted for some time I thought I might post about the HomeLabs current condition.  While I am working on the electronics projects most of the equipment is turned off.  In fact, I normally have only the Edgerouter-12 and the Netgear M4100-26g turned on since my laptop is pretty much permanently connected to the Server Admin vlan. So here are some bullit points  to explain where the HomeLab sits:

• I now have a managed switch at the top of the rack to connect to the outside (powered on with the rack)
• I have pushed the two Edgerouter-X routers and one managed switch into the back of the rack with their ports coming out to the front
• I now have a 24 port patch panel that connects to some ports on the top 24 port patch panel, the two ER-Xs, the managed switch, and to the 5 input ports on the Proxmox server
• I can now power the xPod, Monitor Network, Proxmox server, some specific rack RPis, and the ER-12/M4100-26g separately
• The external managed switch behind the rack has been wired differently to accomodate the changes and additional experiments on the HomeLab table
• I now have two LED strips on the front of the rack to illuminate the patch wiring
• I also have two LED strips under my laptop holder on the HomeLab table to illuminate electronic circuits on the table
• I have incorporated an UAP-AC-AD to output four specific vlan connections; one of which goes to my development vlan

These are items that I have changed but I still have items that I haven’t implemented yet. My thoughts about what I want keep changing as I come up with other ideas.  So here are some future items that I want to implement:

• I recently obtained an Edgerouter-12P which will provide POE capability in the rack and beyond; I need to determine how I will use it
• I also obtained a couple of UAP-AP-LR WAPs which I hope to use to form a wi-fi link to the back bedroom (I am unable to get an Ethernet cable pulled from the living room to my back bedroom) because the Power adapters only give me 130 Mbps throughput.
• I hope to spin up two RPi Zero Ws at opposite ends of the Ethernet over power link to monitor failures
• I hope to spin up a RPi 4B in the living room as a PiHole to be the definition of connections within my network
• I hope to be able to use my SLATE router, connected to a 2.4 GHz wi-fi connection as a fall over from the FLINT router
• I also hope to figure out how to integrate Midi into my HomeLab including a new Zynthian Synthisizer on an RPi 3B+