This post exists to blog my expierences, both in success and failure, so others can hopefully learn from them or find inspiration on their own road to taking back their data and exploring technology for themselves.
A little Background
For the time I can remember I’ve been fascinated by technology and loved experimenting around with it.
Since I got my first PC in Elementary School and started soldering in Middle School, there’s been an urge within me to tinker and absorb as much knowledge as I can.
The way modern information technology enables us to change our lives for the better and accomplish things that were unthinkable just short periods of time ago are amazing.
But there’s been a dark trend within the industry for the longest time, which I have started to learn more about and tried to do more against year by year:
Technology is being used increasingly against its users; to exploit our privacy, freedom and dignity for the sake of profit and authoritarian control by companies and governments.
The Plan
So what am I planning to against that?
Take the technology into my own hands!
In recent years I’ve increasingly started to educate myself in the fields of Linux, Free Software, Self-Hosting and Networking. I am now trying to accomplish the following goals:
- Free myself as much as possible from closed-source and proprietary software.
- Take my data out of the cloud by self-hosting services or only using FOSS E2EE Software
- Be as private as possible while still using the technology I love and being funcitonal in society
I’ve had past experience with a lot of the puzzle pieces that will need to fit together so I can accomplish these goals, but it’s only been in the past year that I’ve been able to really get started as my life had put lots of trouble in my way.
Certain endeavours that I have already undertaken will be revisited later throughout this series of posts, as I am starting this blog already into my journey. But if I forget to go into detail on something you have interest in, feel free to ask me questions.
Currently Aspired Network Diagram
The New and Improved Homeserver (as the plan stands for now)
I’ve had experience with Proxmox and DIY Hypervisors in the past but am currently using TrueNAS Core on old and not very reliable Supermicro X9 Hardware and a Xeon E3 as a NAS as I was on a low budget more recently.
But since I’ve recently had the resouces to aquire good hardware once again, that NAS will be transformed into my new homeserver.
The Hardware:
- CPU: Intel Xeon E5 2620 V4, 8C/16T
- RAM: 64GB DDR4 2400MT/s ECC RDIMMs
- Motherboard: Supermicro X10SRM-F, has HTML5 KVM, 10 SATA Ports and enough PCIe for me
- Case (from old build): Fractal Design Define R5 for it’s excellent quality and noise isolation
- Mass Storage (from old build): 3x4 TB WD Red Plus HDDS for their quietness and low power usage
- Flash Storage: Asus Hyper M.2 Card with two 500GB NVMEs in a ZFS Mirror for Containers and VMs
The Software:
My End-Goal here is to go with Rocky / Alma Linux and Cockpit as a graphical management tool, but I’ve not yet become enlightened enough by the Linux Bible to go down this route.
For now, my choice is TrueNAS Scale, for the following reasons:
- It is superior to most other readily available Software when it comes to managing ZFS Storage and Data Safety Tasks
- Based on Debian, KVM and k3s, all open-source and free software. This will allow me to switch over to a DIY Linux Server when I’m ready to do so in maybe a year more easily.
- Uses KVM in an implementation that works well enough as of now. A Homeserver for me is a production system and not a Lab. Quickly Spinning up and Down VMs is what I do on my Workstation and not on a Server.
- Docker instead of LXC or something else, right on the host rather than virtualized.
Some of the Services I’ll be running on it include:
- Nextcloud, for Calendar, Tasks and Photo Sync
- Jellyfin for Streaming of my Video Media Library and, if everything goes well, my Youtube Feed
- Navidrome to replace Online Music Streaming Services
- HomeAssistant for Security and Automation
- Local NFS Shares for File Sharing and ZFS Snapshots that are duplicated to an online and offline backup
- Vaulwarden to host my own Bitwarden Password Management Server
- Cryptpad for collaborative Writing and Spreadsheets
Networking Gear
OPNsense Supermicro FIrewall + Router + DNS Server:
I have assembled this router two months ago after considering a Protectli for its coreboot, but couldn’t justify the price difference. I’ve paid 160 Euros all-in and have 6 Gigabit Ports and potent x86 Hardware.
- Supermicro 1U Box with an E3940, 4 Cores @ 1.6 Ghz Base
→ The CPU is on par and in some Areas (Encryption) better than Atom C2000 chips, while providing much better value out of the box - Intel i350T4 Quad Gigabit NIC on a PCIe Riser
- OPNsense handles inter-VLAN routing while applying it’s rules and at Gigabit Speeds as the downlink to my switch is a Dual Gigabit LACP
- All DNS Requests (HTTPS, TLS, Normal) get redirected into Unbound, which acts as a Recursive DNS Resolver and DNS Filter intead of Pi-Hole
- Power Usage: Only 13 Watts at the Wall all-in and under load!
Wifi AP:
For this Task. I’m using a Sitecom WLR-8100, which supports OpenWRT out of the Box.
I’ve configured OpenWRT to act as a dumb AP by bridging two LAN Ports for two VLANs on the back to one Wifi Network Each and disabling any internal routing and firewall features.
This way both WiFis are fully isolated from each other and the OpenWRT Control Interface, which is only accessible though a third LAN on the back for increased security.
I’m planning to create a Guide on this and some other things later on.
Switching and diverse:
- D-Link DGS-1210-24 24-Port Gigabit Managed Switch, no Layer 3 / Routing. Am Planning to hopefully upgrade this in the future, but I have other priorities for now.
- A bunch of CAT5e and CAT6a patch cables at around 3m long, which I bought in bulk for 1 Euro each in an eBay Auction years ago
- Fibre Media Converter is provided by the ISP and I don’t see a reason to replace it, as it’s luckily a dumb box.
Workstations
Both my wife and I have Fedora Workstatons with Intel CPUs and iGPUs, running most of the time Gnome Sessions with Wayland and Pipewire
This has provided to be an excellent choice as it’s a dream to work with in terms of Hardware Acceleration through the iGPU and overall stability, performance is excellent for what we do with them.
There is a strict no-closed-source policy on that VLAN and we try to use Free Software whenever possible, with a few exceptions like the Intel Media Driver, which is Open Source but not Free.
Phone
Pixel 4a 5G running GrapheneOS and only FOSS Apps, with the exception of one or two which are open source. Great Experience so far with only very minor hiccups.
Some of the Apps I use to replace proprietary counterparts include:
- OsmAnd+ for Navigation while Walking, Driving or Cycling
- Transportr to Navigate through Public Transport
- NewPipe for watching YouTube Videos
- Fritter for Reading Twitter
- Signal to Communicate with Family and Friends
Conclusion
That’s it for the First Post in this Series. In the coming days I’ll follow this up with a Build Log on the Upgraded Homeserver and some stuff around TrueNAS Scale.
To everyone reading this, thanks for taking the time.