28 lines
4.6 KiB
Markdown
28 lines
4.6 KiB
Markdown
In this article we'll talk about how to get your homelab started, how to grow into what we have on-site, and how to plan for further enterprise scalability.
|
|
|
|
# Getting Started
|
|
|
|
Let's preface this with some expectations. You'll need to have a stable location at which to host your site. You'll need stable power and upstream Internet connectivity from some ISP. This usually also means a consistent physical residence in which to house the equipment. This is important, because it allows you to set a long-lived IP address for your edge access, and it creates a safe home where your equipment can be set up and not messed with regularly. If you're someone who doesn't have these resources, you can still create an AniNIX replica inside a VM farm with tools like Hyper-V, VirtualBox, and qemu. These resources just won't be externally accessible to the world.
|
|
|
|
The first things to buy are a surge protector, a flash drive, Raspberry Pi, and a [OpenWRT/DD-WRT-compatible router](https://wiki.dd-wrt.com/wiki/index.php/Installation). Once the router is flashed, install [Raspberry Pi OS](https://www.raspberrypi.com/software/) on the Pi and remount the /home partition with the flash drive. This gives you a more secured router with the Pi acting as your initial persistent server.
|
|
|
|
Easy services to install to this initial server are [web-based revision control](/AniNIX/Ubiqtorate/src/branch/main/roles/Foundation), [ssh protections](/AniNIX/Ubiqtorate/src/branch/main/roles/Sharingan), and [a DNS sinkhole](/AniNIX/Ubiqtorate/src/branch/main/roles/Nazara). Adding these two improves your security posture and gives you a good revision-controlled web frontend for your content with MFA authentication supported.
|
|
|
|
A good addition would also be a pair of backup drives to use for backups. More details on how we do offsite backups are with [AniNIX/Aether](/AniNIX/Aether#relevant-files-and-software).
|
|
|
|
# Initial Growth
|
|
|
|
Some easy wins to grow your ecosystem after this are a privacy server for OSINT research and a home IOT management system. We document [AniNIX/DarkNet](/AniNIX/Ubiqtorate/src/branch/main/roles/DarkNet) and [AniNIX/Geth](/AniNIX/Ubiqtorate/src/branch/main/roles/Geth) for these two functions respectively. These can easily be addded onto new Raspberry Pi's or onto a server as virtual machines.
|
|
|
|
# Single-site Enterprise
|
|
|
|
We recommend adding a series of [hypervisors](/AniNIX/Ubiqtorate/src/branch/main/roles/Node) on rackmount servers to reach enterprise functionality. For cost reasons, we do not use VMware or other paid solutions that support moving VM's from one hypervisor to another; depending on your businessd model that may be helpful. These hypervisors should be paired 1:1 with uninterruptible power supplies (UPS's) -- each pair of hypervisors should be cross-wired to each other's UPS's for maximum redundancy. You may need to add switches depending on the number of physically cabled systems you're using. However, a hypervisor layer simplifies remote power control and reduces the amount of time spent on rack-and-cable in your ecosystem.
|
|
|
|
An alternative to this is a large scale of Raspberry Pi's as a Kubernetes cluster. This would probably require a much more advanced switching stack for throughput, along with some kind of GlusterFS or similar distributed redundant filestore for storage. Network Chuck did a demo on how to [build such a cluster](https://www.youtube.com/watch?v=X9fSMGkjtug). We haven't extensively pursued this option yet, as it still comes with a [performance hit compared to virtualization](/AniNIX/Wiki/issues/14) or bare-metal.
|
|
|
|
It's at this stage that one would start looking at adding convenience services like [AniNIX/Singularity](/AniNIX/Ubiqtorate/src/branch/main/roles/Singularity), IDS/IPS/SIEM solutions, and development CI/CD orchestration into the ecosystem.
|
|
|
|
# Multi-site Enterprise
|
|
|
|
This is our future state, and one we're still exploring. The idea is that one would scale out the number of replicas at various different physical sites and anycast their network front-end with BGP or similar technologies. The anycasted services would need to be replicated -- PostGreSQL, InspIRCd, Graylog, and a number of other tools we're using have clustering configuration to make this possible. For larger organizations serving a large customer base, having at least two physical offices with their cluster racks would be best. ISP's will offer dark-fiber backend connections between these sites to secure the replication with point-to-point VPNs. The goal here is improved availability and throughput for the additional customers. Network edge throughput will probably require business-grade connections.
|