Homelab
Introduction
I wanted to build a Homelab for myself in order to get enterprise experience without having an enterprise-caliber occupation. I then started doing research and asking around until I found a setup that worked for me. This write-up is my journey through creating my Homelab.
Materials
Hardware
Firewall
Protectli Vault 4 Port​
319.00
Power strip with surge protector​
Tripp Lite 650VA UPS Battery Backup, LCD, 325W Eco Green, USB, RJ11, 8 Outlets ​
95.08​
Server​
Dell PowerEdge R710 2U Server X5650 2.66GHz 12-Cores / 64gb / 3x 1TB SAS / 2xPSU​
326.76​
Cat 8 Ethernet Cable​
Cat8 Ethernet Cable, Outdoor&Indoor, 6FT Heavy Duty High Speed 26AWG Cat8 LAN Network Cable 40Gbps, 2000Mhz with Gold Plated RJ45 Connector, Weatherproof S/FTP UV Resistant for Router/Gaming​
8.99
Cat 7 Ethernet Cable​
Cat7 Ethernet Cable 1.5 ft (2 Pack) RJ45 Connector - Double Shielded STP - 10 Gigabit 600MHz​
7.49
Cat 7 Ethernet Cable​
Amazon Basics RJ45 Cat 7 High-Speed Gigabit Ethernet Patch Internet Cable, 10Gbps, 600MHz - White, 5-Foot​
6.99​
Unmanaged Switch​
NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS105NA)​
28.99​
Power Cord​
Cable Matters 2-Pack 16 AWG Heavy Duty 3 Prong Computer Monitor Power Cord in 15 Feet, UL Listed (NEMA 5-15P to IEC C13)​
24.99​
Total
818.29
Software/OS
Firewall
pfSense
Virtualization (Type I Hypervisor)
VMware ESXi 6.5U3​
Cloud​
NextCloud​
RSS Feed​
FreshRSS​
Password/Hash Cracking​
Kali Linux​
Media System
Jellyfin
Dashboard
Homer
Firewall Setup
Protectli Vault 4 Port
pfSense
Installation
www.pfsense.org/download
Architecture: AMD64 | Installer: USB Memstick Installer | Console: VGA | Mirror: New York​
Download the .gz file and decompress it​
You can use 7-zip for this​
You should end up with a "pfSense......-amd64.img" file​
Download Rufus or Etcher (flashing programs)​
Flash the pfSense file onto a USB device​
Power down Vault, if not powered down already​
Connect a USB keyboard and monitor to the Vault​
Insert USB into another USB port​
Power on the device​
Press Enter on all of the defaults​
After the installation is complete, disconnect the USB keyboard and Monitor​
Go to 192.168.1.1 -> user:admin / password:pfsense​
Click Advanced to allow the page to load​
Accept all defaults by clicking "Next", "Close", and "Finish"​
Activate Ports
Activate Ports (only applicable for 4-port & 6-port)​
Access the pfSense Web interface​
"Interfaces" -> "Assignments"​
Click "Add" option next to each empty port​
Repeat until all ports have been added​
Save Changes​
Click through each new port ("Interfaces" > "Opt1"/"Opt2")​
Enable each port by checking the first box​
Save change​
Do this for all ports​
"Interfaces" -> "Assignments" to continue for the next port​
When finished with all of them, apply changes in the upper right​
"Interfaces" -> "Assignments" -> "Bridges"​
Click on "Add" to create a new bridge​
Select the LAN option and the other ports that was added with a CNTRL-CLICK or CMD-CLICK​
Provide a description, such as "bridge", and then hit "Save"​
"Firewall" -> "Rules"​
Click each port (Opt, Opt2, etc.) and click the "Add" button (up arrow) for each​
Change "Protocol" to "Any"​
Click "Save" after each port is modified​
Apply changes in the upper right after all the ports have been added​
"Interfaces" -> "Assignments"​
Click on "Add" next to "BRIDGE0" and click "Save"​
Click on a bridge, maybe called "Opt3" or "Opt5"​
Enable the Interface and change the description to "bridge"​
Click "Save", then "Apply Changes"​
"Firewall" -> "Rules"​
Click on "Bridge", then the "Add" button (up arrow)​
Change the "Protocol" to "Any" and click "Save"​
Apply changes in the upper-right​
Prevent DNS leakage
"System" -> "General Setup"​
Add "1.1.1.1" as a DNS server, and choose the "WAN_DHCP-wan" interface​
Click "Add DNS Server"​
Add "1.0.0.1" as a DNS server and choose the "WAN_DHCP-wan" interface​
Disable "DNS server override"​
Click "Save"​
Enable AES-NI CPU Crypto & PowerD​
"System" -> "Advanced"​
Click on the "Miscellaneous" tab​
Locate the "Cryptographic & Thermal Hardware"​
Select "AES-NI CPU-based Acceleration" in the drop-down​
"System" -> "Advanced" -> "Miscellaneous" -> "Power Savings" -> Enable "PowerD"​
Disable Notifications​
"System" -> "Advanced" -> "Notifications"​
Under the "E-mail" section, disable "SMTP Notifications"​
In the "Sounds" section, check the "Disable startup/shutdown beep"​
Click "Save"​
Privacy
Server Setup
Dell PowerEdge R710 2U Server X5650 2.66GHz 12-Cores / 64gb / 3x 1TB SAS / 2xPSU | VMware ESXi 6.5U3
FreshRSS​
NextCloud​
Kali Linux​
Jellyfin
Homer
My server came cleaned or "Factory Reset" so my steps are going to be after that is completed. ​
Network Setup
This part was straight forward on my end. I connected a Ethernet cable from the server to my switch (which was connected to my router) .
The ethernet cable on the left (white cable) is for the network of the server.​
I connected a monitor and USB Keyboard to my server so I can see what is going on. My server is a bit older so it booted up for 3-4 minutes, and then it showed an IP Address for the server. You should be able to connect to that IP Address through your browser (as long as you are on the same network). I have IDRAC (Integrated Dell Remote Access Controller 6), so that is what I am accessing on the web. After the login screen (user: root / password: calvin), I then went on the login screen: ​
RAID-5 Setup
VMware ESXi Setup
If you do not use RAID, you will still need to "virtualize" your disks that way ESXi can use it as storage.​
I do not have screenshots for this part, but I can try to type out what steps I took:
Plugged in my USB 2.0 with the Dell ESXi ISO flashed on it​
Connected my second ethernet cable to one of the 4 ethernet ports in the back :
Powered on the server​
Waited until I was able to press "F11"​
Booted off of the USB​
When asked for where to setup ESXi, I chose my RAID-5 virtual disk​
I then waited for the packages in ESXi to download, and I ended up on a page (half yellow / half black)​
This shows the IP the ESXi is on your network​
I then was able to connect to the ESXi host, and start making VMs​
My Setup
At this point, the server was built. Now I just had to modify it to my liking. I will go into detail about what I did so it is clear if someone in the future wanted to replicate it.​
ESXi VMs
NextCloud
Ubuntu Linux
2
6 GB
200 GB
Dashboard
Ubuntu Linux
2
6 GB
30 GB
Jellyfin Media Vault
Ubuntu Linux
3
10 GB
800 GB
Kali Linux
Debian Linux
4
16 GB
45 GB
Nextcloud: My locally hosted cloud, so I do not have to rely on third-party software or SaaS providers.​
Dashboard: This is an Ubuntu VM with 2 docker containers and Grafana:​
Grafana Dashboard Setup
Here are the steps I took to setup the Grafana Dashboard:
I then installed InfluxDB using the commands from the same website:
I then ran the following commands to test that my InfluxDB setup is running:
I then typed in influx on the terminal, and got a small prompt with the IP address of the influx database. Here I entered the following:
I then created a retention policy for the logs
Installed Telegraf on Pfsense (System -> Package Manager -> Available Packages -> Search for Telegraf)
Enable SSH on your pfSense
System -> Advanced -> go to Secure Shell under Advanced and check Secure Shell Server
Login to pfSense with SSH
Change directory to /bin
cd /usr/local/bin
Configuring Telegraf in Pfsense (you will have to change the IP to the IP of your DB):
The password for the InfluxDB should be WRITE_PASSWORD.
I then pasted the following into the compartment for Additional configuration for Telegraf:
Installing Grafana on Ubuntu
Ran the following commands to download Grafana onto my VM:
(Optional) Install other Panels
Adding Data source in Grafana
Configuration > Data Sources
Add data source
Select: InfluxDB
Name: pf_firewall
URL: http://<IP_address of InfluxDB>:8086
Database: pf_firewall
User: pf_firewall_read
Password: READ_PASSWORD
HTTP Method: Get
Adding JSON to Grafana for display
Upload JSON file to Grafana to take in data
Restart the Telegraf service on pfSense
Physical Setup
Setup Diagram
Last updated
