💾 Archived View for axionfield.space › gemlog › 20210427-hardware.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Before I decided to revamp all my personal infrastructure, I used mostly Apple
hardware. I had a MacBook Pro and iPhone and an iPad as consumer devices, an old
Apple Extreme as router and backup system, and a few Apple Express to extend the
wifi range. The reason was simple. It was all working pretty well, was simple to
use, and all basically turn key.
But obviously it was limited. As soon as I wanted to do something a bit off the
main road, I mostly ended up in bugs, missing feature and absolutely no way to
get it done, unless some random dude at Apple decides it is good.
I don't have any serious grudge against Apple. They have a serious privacy
policy that they seem to respect. But the problem is not what they do now. It's
what they are going to do tomorrow. They also go more and more into a
service-based model, that is exactly what I wanted to move away from.
iCloud is extremely well integrated into the Apple ecosystem. The first thing I
needed to do was to replace every service with something similar and open
source. I started experimenting with some AWS virtual machines various open
source solutions. It was just a sandbox, to see if it was feasible without
putting too much work into it. While I was perfectly aware that self hosting
would require more work and maintenance, I do not want it to consume my entire
life either. I basically went for Nextcloud for documents, pictures, calendars,
address books, reminders, notes and music streaming.
For the email, I was using Gmail and while I have no grudge against Apple, I
have serious issues with Google. I don't like what they have become, and I don't
like where they are going. I used to self-host my emails in a previous life, and
it was perfectly working. However, I had to move to another country 10 years
ago, and I realized I would spend months without emails, since my rig would be
in a shipping box on a boat for a long time. So I will not self host my emails
again. I moved to a paid plan with Proton Mail and I'm super happy since. I only
regret you need the enterprise plan to have a catch-all email address, but I
digress.
For everything else I will need a server. I looked around for various NAS
products, and it appeared quickly that as I wanted only open source software,
either I would need to do everything by myself, or I would need to buy a
TrueNAS. These are pretty good machines and I did not want to spend time into
storage. I don't really enjoy storage, so a ZFS based turn key solution was
ideal. FreeNAS (the OS, basically FreeBSD) provides a nice web interface, good
documentation, a system of official and community plugins based on BSD jails,
raw BSD jails, and the possibility to boot virtual machines if you need to. All
good. I started my life on NetBSD, so I'm fine with the system. A bit rusty for
sure, but I was not expecting any major hurdle and ZFS is awesome.
The machine is a TrueNAS Mini and runs an Atom C3558 @ 2.2GHz, 16Gb of RAM, 4x4
TB disk for 8 TB effective storage. A nice baby. Also threw in an APC Back-UPS
Pro 700VA that will prevent crappy power surge, continue to power the modem,
router and the NAS in case of power failure for around an 1h, then gracefully
shutdown everything and restart as soon as the power comes back. FreeNAS will
also send me an email when that happens, since the UPS connected to it.
Beautiful.
I'm lucky to live in a good spot, where I'm able to get a fiber channel
connection. The ISP, while deploying its own fiber network, was still relying on
AT&T for where I live. So I had to get one of this shitbox that does everything
poorly. Since it was not an option for this thing to live in my network, I
hacked it for a few minutes to put in bridge mode. It turned out that they
definitely did not want people to do so, but in the end, it's what it is.
Then I needed a router. When you think of open source and router, you obviously
think of OpenWRT ( at least, you should). It was a no brainer. So I went for a
Linksys WRT3200ACM, that was known to work well with OpenWRT and had pretty good
specs.
For home automation, I was using a heterogeneous bunch of services glued
together with bugs, mostly orchestrated by SmartThings. SmartThings was actually
a very good solution. They provide a way to run your own functions in their
cloud, had an online IDE and were allowing sharing code by pointing to some
github repositories. Then Samsung bought it and it has only be downhill since
then. But that did not matter, since I wanted to get off the cloud anyway.
So I ended up looking at Home Assistant. Turns out this is a magnificent piece
of software, full of features, support for gazillions of devices and never
disappointed me in term of possibilities or stability. I took one of the
Raspberry PI 4 that was sitting in a drawer, installed Home Assistant, soldered
a radio transmitter (to control 433.92MHz devices), added a Zigbee shield,
plugged a ZWave USB dongle and a IR blaster. Packed all of that in a 3D printed
case and that was it. The best fully local, fully open source home automation
system ever. I was even able to remove internet access from my Roomba and
Nanoleaf, and control the them directly from Home Assistant. And the best part
is I never have to think about it. It just works, infinitely better than the
previous online services. Cloudless is the best.
Last but not least piece of hardware, a simple Raspberry Zero that runs
OpenCanary. OpenCanary is a tool that exposes bogus services on the network
(like a webserver, ftp, email server etc) and will alert by email if anyone
connects there. If someone runs nmap on the subnet for instance, I'm immediately
notified.
The rest consists on software. I have a plethora of self hosted services (as
Jails mostly) that makes my network secure and accessible. But I will detail
software in a different post.