As an IT/Linux enthusiast I've watched plenty of videos about homelabs. I’ve seen what people do at home and have always been trying to find a good excuse to dive into it.
My current homelab (if you can call it that) is made up of a Raspberry Pi 4 (RPi) running PiHole and a Synology NAS running some applications (file syncing, photo management, jellyfin). Clearly nothing spectacular.
The Seed
I don’t really know why, but since recently I’ve been reading and watching videos about Home Assistant (HA), and it has always sounded very appealing but I’m a bit change averse and don’t want to commit to something if I’m not sure that I’ll make good use of it. So, when I recently started seriously considering purchasing a Home Assistant Green (which is a preconfigured system running HA), my inner self pushed me into the hole:
Why don’t you build it yourself and try it out before commiting? Shouldn’t be difficult, should it?
In fact, the instructions to deploy HA via docker look quite straightforward, but then all the background of videos, podcasts, blog posts about different homelabs kicked in. Adding more questions to my mind in a sequence that looked similar to this:
- If I’m running multiple services in the same machine, do I want to use a reverse proxy?
- If I use a reverse proxy, should I invest in my own domain? Even if I only use it internally.
- Should I commit to use only rootless containers?
- What about privileged ports in rootless containers? Will I have any issues with that?
- Should I use this opportunity to add unbound to my PiHole setup?
- Should I try to configure tailscale to access the system from the outside?
This has always caused me choice paralysis, but I’m going through a complex moment (personally) and I think I must do better.
The Plan
First of all, I need a plan. If I want to achieve something with the little time and focus that I currently have, I need very scoped tasks and focus on incremental value. Thus, maybe the best choice is to defer the original idea (deploying HA) to a later stage.
1. Improve PiHole
The first step will be to deploy unbound in a rootless container and improve the existing PiHole installation.
Also, I'd like to update PiHole to a rootless container. For this, I need to decide what to do about privileged ports, because it will need some of them.
After reading about port forwarding, systemd socket forwarding, and some other options; I came to the conclusion that maybe I need to simplify it a bit. For example, I know I probably don’t want to use systemd socket activation because in PiHole I do want to see the incoming request IP (though I’m not an expert). The firewall option is discarded because openSUSE MicroOS doesn’t have one. I’m planning to migrate to Fedora IOT btw, but it’s been running so well that I’m just delaying it.
I think my best choice (simplicity / risk wise) is to simply modify the range of unprivileged ports in the system. From my limited understanding, this doesn’t sound too terrible. I’ll be using this in a RPi that's sitting in my home, with no open access from the outside and the containers will be running rootless as a user without sudo.
2. Traefik
Next step, to get familiar with reverse proxies, will be to add traefik to the mix. I chose traefik because it looks pretty straightforward to configure even with my optional requirements. Could I even use traefik to reroute to the Synology box in some circumstances?
2.1 [Optional] Custom domain name
It would be cool to have a custom domain name and learn how to set it up with traefik plus certbot to update the certificates. But I’ll call this a stretch.
3. Parallel roads
At this point I've got 2 different paths with no specific order:
3.1 Tailscale
Configure tailscale so that I can access the homelab when I'm not at home. Hopefully this shouldn't be too bad?
3.2 Home Assistant
The original idea 😅 built the last. There's quite a lot of documentation about running home assistant via containers. Sadly, it looks like I can’t (or shouldn’t?) run HA in a rootless container, but I need to dig a bit more into it.
Next?
I’m not a frequent writer, but every time I force myself to do so, it helps me focus and get personal projects moving. So, hopefully, there will be a couple of follow-up posts about this adventure 🤞️
Top comments (0)