💾 Archived View for axionfield.space › gemlog › 20210427-hardware.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Hardware Rig

Before I decided to revamp all my personal infrastructure, I used mostly Apple

hardware. I had a MacBook Pro and iPhone and an iPad as consumer devices, an old

Apple Extreme as router and backup system, and a few Apple Express to extend the

wifi range. The reason was simple. It was all working pretty well, was simple to

use, and all basically turn key.

But obviously it was limited. As soon as I wanted to do something a bit off the

main road, I mostly ended up in bugs, missing feature and absolutely no way to

get it done, unless some random dude at Apple decides it is good.

I don't have any serious grudge against Apple. They have a serious privacy

policy that they seem to respect. But the problem is not what they do now. It's

what they are going to do tomorrow. They also go more and more into a

service-based model, that is exactly what I wanted to move away from.

iCloud

iCloud is extremely well integrated into the Apple ecosystem. The first thing I

needed to do was to replace every service with something similar and open

source. I started experimenting with some AWS virtual machines various open

source solutions. It was just a sandbox, to see if it was feasible without

putting too much work into it. While I was perfectly aware that self hosting

would require more work and maintenance, I do not want it to consume my entire

life either. I basically went for Nextcloud for documents, pictures, calendars,

address books, reminders, notes and music streaming.

NextCloud

Email

For the email, I was using Gmail and while I have no grudge against Apple, I

have serious issues with Google. I don't like what they have become, and I don't

like where they are going. I used to self-host my emails in a previous life, and

it was perfectly working. However, I had to move to another country 10 years

ago, and I realized I would spend months without emails, since my rig would be

in a shipping box on a boat for a long time. So I will not self host my emails

again. I moved to a paid plan with Proton Mail and I'm super happy since. I only

regret you need the enterprise plan to have a catch-all email address, but I

digress.

ProtonMail

NAS

For everything else I will need a server. I looked around for various NAS

products, and it appeared quickly that as I wanted only open source software,

either I would need to do everything by myself, or I would need to buy a

TrueNAS. These are pretty good machines and I did not want to spend time into

storage. I don't really enjoy storage, so a ZFS based turn key solution was

ideal. FreeNAS (the OS, basically FreeBSD) provides a nice web interface, good

documentation, a system of official and community plugins based on BSD jails,

raw BSD jails, and the possibility to boot virtual machines if you need to. All

good. I started my life on NetBSD, so I'm fine with the system. A bit rusty for

sure, but I was not expecting any major hurdle and ZFS is awesome.

The machine is a TrueNAS Mini and runs an Atom C3558 @ 2.2GHz, 16Gb of RAM, 4x4

TB disk for 8 TB effective storage. A nice baby. Also threw in an APC Back-UPS

Pro 700VA that will prevent crappy power surge, continue to power the modem,

router and the NAS in case of power failure for around an 1h, then gracefully

shutdown everything and restart as soon as the power comes back. FreeNAS will

also send me an email when that happens, since the UPS connected to it.

Beautiful.

TrueNAS Mini

APC Back UPS 700

The network

I'm lucky to live in a good spot, where I'm able to get a fiber channel

connection. The ISP, while deploying its own fiber network, was still relying on

AT&T for where I live. So I had to get one of this shitbox that does everything

poorly. Since it was not an option for this thing to live in my network, I

hacked it for a few minutes to put in bridge mode. It turned out that they

definitely did not want people to do so, but in the end, it's what it is.

Then I needed a router. When you think of open source and router, you obviously

think of OpenWRT ( at least, you should). It was a no brainer. So I went for a

Linksys WRT3200ACM, that was known to work well with OpenWRT and had pretty good

specs.

OpenWRT

Lynksys WRT3200ACM

Home automation

For home automation, I was using a heterogeneous bunch of services glued

together with bugs, mostly orchestrated by SmartThings. SmartThings was actually

a very good solution. They provide a way to run your own functions in their

cloud, had an online IDE and were allowing sharing code by pointing to some

github repositories. Then Samsung bought it and it has only be downhill since

then. But that did not matter, since I wanted to get off the cloud anyway.

So I ended up looking at Home Assistant. Turns out this is a magnificent piece

of software, full of features, support for gazillions of devices and never

disappointed me in term of possibilities or stability. I took one of the

Raspberry PI 4 that was sitting in a drawer, installed Home Assistant, soldered

a radio transmitter (to control 433.92MHz devices), added a Zigbee shield,

plugged a ZWave USB dongle and a IR blaster. Packed all of that in a 3D printed

case and that was it. The best fully local, fully open source home automation

system ever. I was even able to remove internet access from my Roomba and

Nanoleaf, and control the them directly from Home Assistant. And the best part

is I never have to think about it. It just works, infinitely better than the

previous online services. Cloudless is the best.

Home Assistant

Anti intrusion

Last but not least piece of hardware, a simple Raspberry Zero that runs

OpenCanary. OpenCanary is a tool that exposes bogus services on the network

(like a webserver, ftp, email server etc) and will alert by email if anyone

connects there. If someone runs nmap on the subnet for instance, I'm immediately

notified.

OpenCanary

Everything else

The rest consists on software. I have a plethora of self hosted services (as

Jails mostly) that makes my network secure and accessible. But I will detail

software in a different post.