The setup of my homelab
• public
Table of contents
As someone asked me to detail more about how I built my homelab, here it is!
The aim of this project
I wanted to have a server at home to experiment with stuff and to have all of my workflows at home. I also wanted to build a NAS for the storage and to install some stuff that needs to be always available without using a VPS.
I already have a mini PC with an Intel N100 chip which is already great but I wanted more and also to have space for real storage. That's why I changed my options.
The hardware
It was possible to use an old computer and just buy new elements or build myself a full computer. But I'm not a hardware guy and I wanted something simple but still customizable.
I choose the AOOSTAR WTR PRO which is an already made hardware with a Ryzen 7 5825u chip and 4 bays for HDD. It's also possible to push 2 M.2 SSD on it. It was a great option for me as everything was already made, and it is pretty beautiful too.
I bought it empty to choose the RAM and storage myself. And for that, I took 2 M.2 SSD of 1To to store the VM and the app data, and then 32 GB or RAM.
I finally took 4x4To HDD that I will use as my main storage for the NAS.
The WTR Pro was 400 euros, each disk was around 100 euros. The total was around ~900 euros for this build.
I know that it was totally possible to get something cheaper by doing it myself, but compared to other solutions like Synology, the price is pretty good and I can do exactly what I want.
The Software
Now that everything is installed, I wanted to be free to install easily anything. I choose to install first Proxmox to manage multiple virtual machines on it. Then, I was able to install multiple VMs.
To connect all my machines and access it easily, I use Tailscale, each machine, and each VM has Tailscale on it with a specific name, and I can access it from anywhere as long as I'm connected to Tailscale.
Truenas
To manage all of my storage, I decided to give a try to Truenas Scale and install it as a VM. I passed all of my disks to it ( 1 M.2 SSD and 4 HDD ) using a direct PCI device.
On Truenas, I created 2 datasets, one with the SSD for the app data, and one for the storage. It was pretty annoying to understand everything on Truenas, and you have different ways to create shares on it.
The first one is SMB, pretty simple and creates an SMB share and you have different users with different roles. You also have NFS. I tried both and I had a problem, the speed. Because I wanted to use this share as the app data, and when I tried to use it on docker containers on another VM it was too slow for me. Caido wrote a lot of data and it was impossible to use it.
So I used the last option on truenas, which is to create an iSCSI share which is that you pass a full block disk. With that, it's the VM that manages the disk and it's viewed as a real disk on the VM. And the performance is way better.
I finally have my 1To ssd separated into 2 partitions iSCSI for my two other VMs.
For the storage, I did a RAIDZ1 of my 4 disks which means that a disk can burn and everything will be alright. And for that, I'm using NFS and SMB as I use it only for storage so the speed is less important.
Work part
Now that the storage is good, we can work on it. I created another VM on Proxmox using a simple Debian image and installed docker on it. And I mounted all my storage.
For this part, I wanted to install all the stuff I can use on a daily basis and be free to extend it easily. I first installed portainer to manage all my docker containers.
Caido
I installed Caido, to have my proxy directly on it and not on my computer anymore. This way I have more storage for huge programs, but I also have to opportunity to work from where I want, and without a computer. I can also easily connect a phone to it, connected to my tailscale and log my requests of everything.
It will also help me later when I'm going to start doing more recon as I can pass everything into Caido and use some workflow into it to detect some weird stuff and keep it direct, and with my computer closed during the night which is great.
EzXSS
This is very useful to hunt on Blind XSS, I recommend it, and it's pretty easy to install too. But here it is. For most of the tools, it's only accessible through my tailscale using the VPN and not on the internet. How can I manage to access the EzXSS from everywhere to use it?
Multiple options, install a reverse proxy and open the ports on my internet router. It's pretty annoying as I don't want to use my home IP to do so. So I used Cloudflare Tunnel. It's pretty simple and it works well.
You have to install a soft on your server and then tell Cloudflare to set for instance aituglo.com to point to 127.0.0.1:5000 on your server. This way, you don't have to open any port and your IP is hidden. It's not the perfect solution as you have to trust Cloudflare, but for my needs, it's alright. And you can also put in front of that a login panel directly in Cloudflare which is great.
N8N
I also installed N8N which is great to automate stuff. I already made some automation to get all my programs, put into a database and manage them, but I need to work more into it and use the agent mode into it to build amazing stuff, but it will be in the next weeks ( months ? )
Payloads
You always need to have some payloads accessible on the internet when you want to POC xss or import files or stuff like that. So it's always good to have it. It's a simple httpd server that serves my static files from a folder into my NAS.
This way I can simply add new files from my computer and I can then use them.
Sysreptor
As I'm doing more and more pentest, it's better to have a tool to write good reports and I'm using sysreptor. It's now installed on this server. This way, it's not accessible on the internet, and all my client data is safe at home. I'm also doing encrypted backups for most of my important files.
InteractSH
I also wanted to get my own ssrf setup. It was possible to create a VM only for that but here you need to open many ports and it's not that safe. So I installed the interactSH into a VPS using it only for that, and it's easier this way. If you want to set it up, the best tutorial so far is the one from doomer :
Other tools
I also plan to install other tools and to set up a database to do recon and install my tools there. But for now, it's all I have installed.
Homelab
I also have another VM which is quite the same as the work one, but more for home lab.
I preferred to separate work and fun stuff into two different virtual machines.
Here are some stuff I installed into it
- Pihole to have a great DNS server without ads
- Immich to back all of my photos
- Plex and *arr stack to manage my family film and movies I own 🤫
- Duplicati to backup important stuff
It's approximately all I installed into it. It works perfectly for the moment. Maybe I will need to upgrade the RAM then, but now it's great.
I will play with it in the next weeks and tell you if it was worth it or not. But this way now that I have this setup, I can easily install a new VM just to play with something. I can have a Windows soft and simply open a Windows VM and play with it. It will be helpful for research on more vulnerabilities for me.
If something isn't clear, feel free to ask me, or if you have better suggestions for some parts, I'm open to changing some stuff too.
