George's blog

I've started again!

28 April 2020

So I’ve not blogged for AGES now. I’ve decided to start all over again because, well. I have.

I started a homelab project a couple of years ago and abandoned it. With the lockdown and all, and me being stuck working from home, surrounded by my lab equipment, I figured it was time to reboot the project. This time I’m going to document some of what I’m doing.

Wait, what’s a homelab? Welp, it’s a place where we nerdy types can play with our technology, servers, networking etc, in a place where failure shouldn’t be catastrophic. That’s the theory anyway.

Some people’s homelabs are very heavily network focused. They may be going for some Cisco certification or something, so that’s what they’re into. Me, I’m a dev and my lab is focused somewhat on giving me dev things to play with. Somewhere to deploy apps that isn’t a cloud, or my laptop, basically.

First time round, it was an Openstack cluster. But that’s old hat, and sucks donkey balls and was a pain. But now I’m back, and this time we’re all about the containers. Currently I’ve got a few things running in my lab - gitlab, concourse CI, a reverse proxy - and it’s all on one beefy Supermicro server using Docker, specificaly some docker-compose manifests. But I’m also building toward a k8s cluster. But that’s way down the line. For now, this will do.

So I’ve decided to blog about what I’m doing and how. Not because I’m some narcissist who thinks the world will be enthralled by me exploits. But because of rubber duck debugging, basically. Telling someone else about what I’m doing forces me to think about it properly. Even if that someone else doesn’t exist. If nobody else ever reads this, fine. It’s still making me do things.

With that in mind, I’d like to outline a few principles I insist on for my lab.

  1. Services to be exposed using FQDNs. No typing IP addresses into a browser.
  2. HTTPS everywhere it can be.
  3. No invalid cert warnings.

That means I absolutely have to have both DNS and PKI. Now because this is a homelab, I can mint my own certs. No LetsEcncrypt shenanigans. No paying for expensive EV certs. I do it myself, and distribute my own signing certs to everything in my estate.

So it makes sense that we start there. Next post, that’s exactly what I’ll do.