Summer is rolling around which means the setup in the garage is beginning to be put to work again. I’ll cover a bit about what the setup looks like right now, what problems I am having and what I’m planning on doing about it.
The servers live in a cabinet in my garage made out of a shipping container my company got when we ordered a NetApp. Basically its a crate that was made for a server rack so it works pretty great. To keep things cool, I took an AC unit that would normally go in a window, cut a hole in the cabinet and put it in there. This works wonderfully, but running AC 24/7 is a terrible idea, so I would open the door at night and close it on hot days. That’s not very fancy, so I installed a linear actuator, some temperature sensors and a Raspberry Pi and boom, it’s automatic!
So what’s the issue? My garage is almost always much hotter than the air outside. The solution? Not completely sure, but I am starting with ventilation. I ordered a garage vent that has a fan, kind of like what you would have in a bathroom, but supposed to go in the wall. Right now the plan is to have it plugged into a Belkin WeMo plug and figure out a way to turn it on and off automatically based on the same temp sensors used to control the door. If this doesn’t do the trick, I’ll add a passive vent in the side door to help.
The other issue is the door on the crate, that wasn’t meant to live forever, is beginning to fall off the hinges. I believe this has a lot to do with the single actuator holding just the one side, so I’m gonna add a second one on the other side and I’m gonna reinforce the areas where the hinges are held.
Well that’s what is going on currently. I’ll be posting a followup post with pictures once its all cleaned up and looking good.
Old topic I know… It took a bit to wait for some new cables (red for the vlan), and waiting for a good time to potentially break things. But I did eventually do it and so far so good!
It actually went pretty smooth. The hardest part was configuring the switch. I assumed that a trunk would just pass vlans around no problem, which Mike, my Cisco dude confirmed, but my switch wasn’t playing nice until I joined the required ports to the specific VLAN.
The only issue that remains is that when I tried to implement the firewall rules to keep traffic from going over the WAN when the VPN is down, it all just died. I’m not so worried about this, since the VPN rarely goes down and is more of a bounce than anything. I will go back and take a look at some point though, at least just for the education of how pfsense (and I guess pftables) handles things. Sometimes you just need to step back and come back later to get a fresh look, especially when following a guide to implement something. I’m sure it will all make a bit more sense when I go over it later.
The upgrade seemed to go well but docker started behaving a little weird.
What started making me worry was the fact that my docker is using the btrfs storage backend and making tons of subvolumes. As far as I know, there is no way to move those over. So I just copied and pasted and crossed my fingers. Of course this didn’t work. Everything started up fine, but once you try to update an image and things like that it freaks out.
If you have done things right, don’t waste your time trying to fix things. Just stop docker, remove everything in /var/lib/docker and start docker up like its fresh and re create all your containers.
Anyways, node1 is much happier now so I consider this a success.
node1 has a small SSD right now and because of all the docker images and volumes and stuff, I’ve been having issues keeping it happy. So tonight it’s getting a second SSD. The plan is to add it as a second drive, format it with btrfs and then setup subvolumes for the various locations (like /var/lib/docker). This will let the 1TB be used without having to decide which folder needs what amount of space. Should work pretty nice.
Right now I have to vpn on the specific client that I want to protect. I don’t always browse on a vpn but sometimes it really comes in handy. So I had a crazy idea that maybe I could have my router connect to the vpn and then when a device is on a certain vlan, all their traffic will go through the vpn.
So here is the plan, I have a server running pfsense as my router and it has a 4 gig trunk to my switch and one of its remaining 2 ports is the WAN connection to my cable modem. I figure I can just use the remaining port to vlan into the switch. pfsense doesn’t appear to have a way of separating a physical interface into virtual ones so I can’t simply use the 4 gig trunk. I think I can then just have all my switch ports basically trunk all vlans, since the default vlan will just remain like I’m not using vlans at all and then anything tagged will do its thing.
This is mostly a way to learn a bit more about vlans and routing in general. I have a basic understanding of these things and as far as I know what I am planning is totally doable. I am not completely sure how to setup pfsense to route a vlan to another interface. Like I don’t know if it’s done with a routing rule, or with firewall rules. Another thing I’m not sure about is how to config pfsense to server separate dhcp and dns on the vlan. I also don’t know if just setting all the ports on the switch as trunks will work.
A after project would be trying to setup the docker host so I can put a container on the vpn network, for example, I run a pihole container right now, but with this new vlan I wouldn’t want to use that same one, but it might be nice to put another one on there just for that vlan.
I added a hardware page to show what hardware I am using. I still have stuff to add to it, but I wanted to get it started. When I can I added links to the hardware itself if someone wants to see specs and such.
It’s time to get something on this domain. I thought about making something from scratch, but everyone knows I would never finish so I thought I would try out wordpress. The idea is to get some pages up about the hardware and topology of my server setup and have a place to document projects and thought related to them. Like this post talking about why this site exists. Nothing else to say right now… but I really needed a post for testing and getting things looking “right”.