This thread is for anyone working on personal projects to share their progress, and hold themselves somewhat accountable to a group of peers.
Post your project, your progress from last week, and what you hope to accomplish this week.
If you want to be pinged with a reminder asking about your project, let me know, and I'll harass you each week until you cancel the service.
Jump in the discussion.
No email address required.
Notes -
I got a new house. It's significantly bigger than my last house. I think I'm looking at like 5-10 hours of home network engineering to get it put together. Please critique my stack.
The house has existing coax cable runs to various rooms, which must go. I'm thinking of taping cat6 cable to the coax terminals and pulling them to try to re-run those paths as cat6. This way the coax jacks are replaced with Ethernet jacks. Avoids drilling new holes. Have them all terminate at the switch in the garage. Can put either full desktops or APs on the ends.
I'm planning on 2 vlans. One for the humans and home services. The other vlan for cloud-IoT shit that can only access the Internet and not even cross talk to each other.
I've had good experiences with Omada APs, they can be a little finnicky but most prosumer-level AP solutions can be. I have multiple SSIDs with various VLAN tags applied. My suggestion, especially since you're pulling cable, would be to use wired ethernet as the backhaul medium to connect the APs. Don't use wireless mesh backhaul, if Omada even supports that. I've heard you can use 6Ghz as the backhaul if your APs support it, but that just gives me the ick, I'm a wired-first person.
TP-Link has their Omada management platform as a software you can run on-prem, someone packaged it as a docker container that works very well. You can disable the cloud stuff and just manage it through the local network or over a VPN of your choosing.
What router OS are you planning on using for the Linux box?
I agree with gattsuru's suggestion to get a bigger switch, and bring it in the house, if possible. 16 port (let alone 24 port) managed gear can get expensive fast, but if you plan to only have one switch, it might be worth it to search ebay for older 'smart' switches with manual vlan-tagging capability. But you just bought a house, so... maybe go for gold? My fiber hookup (for 1Gig, far better than what was here before but not anything fancy) gives me an ONT that converts to copper. You may have an actual box that you'll have to set to pass-through mode. (Don't double NAT.) If you have something similar, you can run a cable from the ONT to literally anywhere in the house -- home office, network closet, anywhere -- and not have to worry about your equipment being out in the cold. You wouldn't do that to poor network equipment, would you? I guess maybe your coax terminates in the garage? In that case it might have to stay there. Sarah McLachlan judges you.
You could use one of the technically-standard home networking wall panels, but they are NOT deep, and I wouldn't put much equipment in it if any at all.
It's possible your coax is stapled in places, and so it may not be possible to pull on it. Home telecommunications wiring has always been a bit slapdash; you should see the rats nest in my parents' attic. If some of the coax can't be pulled, you can try and use MoCA to get ethernet through it... though I've had only bad experiences with MoCA, so your mileage may vary. Make sure you use solid-copper cat6 and terminate to jacks. Riser cable will work, don't pay for plenum-rated cable.
Your vlan separation is good, that's the recommended kind of segmentation for home networks nowadays. Make sure that they're not just on separate VLANs but separate SSIDs, and are blocked at the firewall level, so they can't just layer-3 route between each other. I'll note that a lot of home IoT gear can be... annoyed at the prospect of being separated from your personal devices, depending on how their system is designed. mDNS is the bane of my existence. Apple gear is particularly poorly behaving in terms of dealing with complex home networks. A lot of Apple/HomeKit/AirPlay stuff assumes a mostly flat LAN and can get grumpy across VLANs unless you set up mDNS/Bonjour reflection carefully... and I couldn't tell you how to do that, I'm still figuring it out myself. IoT devices that go straight to the cloud can probably do fine just with internet access.
One thing you could do with your BEEFY linux box is run your own DNS, with ad-block capabilities. You could use Pi-hole or AdGuard Home for that. I love it. Makes the internet feel actually usable. I'd recommend using virtualization for it, so you have flexibility. People love Proxmox, I have a soft spot for XCP-NG, not because I have any love for Xen but because their management and backup platforms are more flexible.
Congrats on the new house! I hope your home internet turns out great. Funiculus coaxialis delendus est.
Thanks for the detailed response!
Debian. Seems like I just need dnsmasq, nftables, wireguard and networkd to party.
Might convince myself glibc is too risky for an internet facing host and switch to Alpine.
Oh, I think I'd probably just put a patch panel on the wall so that the runs between the switch and the jacks don't directly tug on the switch itself. The switch could go in an 16U cabinet or some such.
Actually, since we're planning to put our home gym in the garage (and no cars) y'all have convinced me that me and the machines would be a lot happier with a dessicant dehumidifier. Between that and an short cabinet with top exhaust we should be good. But I wouldn't have thought of this at all without posting!
I don't have much Apple gear and this sounds like one more reason not to start! Thanks ^_^
I used to virtualize stuff on my beefy box but moved away from it since taking stable and delta efficient backups was a lot more convoluted than I'd like. I ended up moving each service into its own user and hermetically sealing their dependencies to the user account so that a top-level
kopiawould take efficient enough snapshots. It's not quite nix-level but close enough that I should probably ask Claude to convert each one to a nix flake. (Some things like Immich are in docker and I just live with that, the important stuff is in a mapped filesystem anyway). Efficient matters because Irsyncthem off-site once a month. I plan to do the backups weekly once I have fiber with better upload speeds.I'm thinking this should live on the router since I'm a lot more likely to reboot or rebuild the beefy Linux box.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link