An Intro to Homelabs

A good homelab is a great way to improve your life, and to practice your system administrator skills. This will be an overview of some projects that you could build for your home. Each provides benefits for you and your network, and teaches some real world skills. This is not going to be an in-depth guide on each project, but will give you somewhere to start from.

Your Home Router

A great first project is upgrading your router. You are likely using either your ISP provided modem/router combo, or an off the shelf router. These are designed to get you online, and generally do a reasonable job for most people. However, they don’t often provide a lot of features that you would want in a homelab. If you own your router, there may be aftermarket firmware (like DD-WRT) that you could install to gain some additional functionality, although I’m going to recommend building your own router/firewall using pfSense.

pfSense is an OpenSource router/firewall operating system based on FreeBSD. It provides some great features for your homelab, and gives you a lot of control over your network. Features include:

• A very full featured firewall
• Traffic Shaping/QOS
• VLANs
• An NTP server
• A DHCP server
• A DNS server
• Several VPN options
• An extensive plugin system

To get started with your building your pfSense router/firewall, I recommend the follow:

• An old computer to turn into your pfSense system. Any computer from the past 5-10 years should be fine.
• A network card with at least 1 NIC (in addition to the onboard NIC.) I recommend getting one with 2 NICs, as pfSense seems to play best with Intel network cards and doesn’t always play nicely with whatever NIC came with your motherboard.
• A network switch. This could be your old router if it is all that you have, but it is best to use a dedicated network switch. An unmanaged switch can be acquired cheaply, but a managed network switch with built-in POE provides a lot more functionality. If you are on a tight budget, there can be some great options on the used market.
• A wireless access point. Again, this could be your old router, but a dedicated wireless access point often provides a lot more power and a lot more features. You can get something from Ubiquiti, Engenius, or other manufacturers. There are also some good options on the used market. Before purchasing hardware, be sure to reference the pfSense Hardware Selection guide as well as the their official documentation.

Once you have your hardware, and have configured pfSense, you may consider the following:

• Setting up a guest network VLAN
• Setting up a VLAN for your IOT devices. You could set this network so that IOT device can’t talk to other devices on the network, but can reach the internet
• Configuring QoS, to prioritize important traffic

TrueNAS

The next step towards building a great homelab is your home server. A home server provides file storage, container hosting, and a virtualization host. I recommend using TrueNAS Scale for your home servers operating system. TrueNAS Scale is Linux biased and utilizes ZFS for its file system. ZFS in itself is an amazing technology worthy of its own post, and provides a lot of functionality for your home server. TrueNAS makes it easy to manage your storage pool(s), create and manage file shares, and makes it easy to set up common home services using its plugin system.

For hardware, you may be able to acquire an old server that was retired by a local business. Sometimes you can find good hardware in the used market. You may also use an old computer if you’re not looking for a lot of horsepower. You could also build your own server. It is recommended to have at least one drive for your boot drive (preferable 2 mirrored drives for redundancy) and at least 2 storage drives (again mirrored). More storage drives are better and you could configure other RAID options with more drives. ZFS also supports some neat features like a cache drive.

Once you have your server setup with TrueNAS, it is time to create some shares for your data, and install some plugins. Here are some plugins worth checking out:

• Immich provides a Google Photos like experience while keeping you in control of your data. It is my preferred way to store my pictures.
• Jellyfin provides a Netflix like experience for your personal media and makes it easy for you to enjoy the content that you own.
• Frigate is an AI powered security NVR that gives you control of your security cameras. Frigate uses AI to detect objects that you’re interested in recording, and your recordings are stored locally on your own server.

Pi-hole

Pi-hole is a DNS server that makes it easy to block domains that you specify. This allows you to block the domain names of common advertising servers, known tracking servers, and anything else you don’t want being accessed from your network. In itself, this doesn’t prevent people from using another DNS server, but you can block this from your firewall. This isn’t required if you just want to block Ads or tracking, though. Pi-hole can be run on your TrueNAS server, or another system on your network, and is easy to configure.

Home Assistant

Home Assistant is an open source and locally hosted home automation system. It works with the majority of smart home devices, and supports Zigbee and Z-wave (with their respective dongles.) I’ve paired a variety of Zigbee lights, motion sensors, and door sensors to my Home Assistant, and use it to automate a variety of things around the house. Home Assistant’s dashboards can also show you all sorts of useful information, and I’ve even integrated Frigate into mine so that I can see my cameras at a glance.

WireGuard & Dynamic DNS

Once you have these services running in your home, you may want to access them remotely. An easy and secure way to do this is by setting up a VPN that connects back to your home network. pfSense makes it easy to set up WireGuard, but there are other VPNs that you can set up. Once you have your VPN setup on your firewall, you can connect your devices back to your home network using the VPN client. This allows your device to access your network’s internal resources as if you were on your home network.

One issue with doing this is that most residential ISPs will change your public IP address every so often. One way to work around this is to use a Dynamic DNS provider. Dynamic DNS will update a DNS record automatically when your IP address changes. A great free DynDNS option is DuckDNS. They have guides for setting up a variety of devices to update your record, including pfSense. From there, you can set up a CNAME on your domain name to point to DuckDNS. This allows you to configure your VPN clients to point to a domain that you own, and your devices will still be able to find your home network after your public IP address changes.

Conclusion

This may seem like a lot to do, but you don’t have to complete it all at once. It’s easy enough to pick one project at a time, and work on it as you have time. Pick one of the projects that sounds interesting to you, do a little research into the project, and work on it. As you complete more and more projects, you’ll find they get easier and that they each make your life a little bit better.