Homelab

From StdOut
We are moving to a new house — it's going to take some time to settle in, and get this back up and running.
Homelab rack, with UPS, servers, ATS, PDU, and more

The homelab rack sits in my home office, just left of me as I type this text. Because it’s so close I’ve paid attention to keeping the noise as low as possible; I’ve tried buying second-hand servers, but they are just too loud. So I built the computers myself instead, focusing on keeping them quiet.

Introduction

I like Linux, so all my computers run Linux; servers are Ubuntu, desktop and laptops are Arch Linux. I run all my services virtualized with either KVM or LXC, and back up the images and configurations to my file server and the cloud every night. So if anything breaks or I have to take a server down for maintenance, it’s easy to move the guest OS or container to another machine. For that reason, I try to keep network settings the same on the servers; bridges and such.

Top to bottom

Layout drawing of homelab server rack

Front

Back

Computers

Omicron

Omicron media server

Media server; Ubuntu 18.04

CPU Intel Core i5-4690S @ 3.20GHz, 4 cores
7424 avg. mark
Memory DDR3 1600MHz, 8GB
Storage 120GB SATA 6G 2.5 SSD
Network Intel I217-LM 1Gbit
Type HP EliteDesk 800 G1 USDT

Upsilon

Upsilon Arch desktop

Desktop; Arch Linux, i3 tiling window manager

CPU Intel Core i5-3470 @ 3.2GHz, 4 cores
6714 avg. mark
Memory DDR3 1600MHz, 8GB
Storage 128GB SSD
Network Intel X520-DA2 Dual 10Gbit
FTLX8571D3BCV-IT SFP+ transceiver
Power 240W PSU
Type Dell Optiplex 9010 SFF

Epsilon

Main article: Homelab/Epsilon
Server Epsilon; Hypervisor

Hypervisor; Ubuntu 18.04, KVM+LXC

CPU Intel Core i5-3470 @ 3.2GHz, 4 cores [specs 1]
Memory DDR3 1600MHz, 16GB
Storage Samsung SSD 860 EVO 250GB
Network Intel X520-DA2 Dual 10Gbit [specs 2]
Power 240W PSU (25W idle)
Type Dell Optiplex 9010 SFF
  1. 6714 avg. mark
  2. FTLX8571D3BCV-IT SFP+ transceiver

Sigma

Main article: Homelab/Sigma
Desktop computer; Sigma

Desktop; Arch Linux, i3 tiling window manager

CPU Intel Xeon X5680 @ 3.33GHz, 6 cores [specs 1]
Cooler Master Hyper TX3 Evo cooler
Motherboard ASUS P6T Deluxe V2
Memory Corsair XMS3 DDR3 1600MHz, 12GB
Graphics card GeForce GTX 1050 Ti
Storage Samsung 850 EVO 250GB SSD
Network Mellanox MNPA19-XTR 10 Gbit [specs 2]
Power EVGA 500W PSU (100W idle)
Case I&S EYE-4808BK (4U, 528mm)
Fans
  • 1 x Noctua NF-A8 FLX 80mm
  1. 8407 avg. mark
  2. MFM1T02A-SR SFP+ transceiver

Alpha

Main article: Homelab/Alpha
Server Alpha; Hypervisor

Hypervisor; Ubuntu 18.04, KVM+LXC

CPU Intel Core i7-7700K @ 4.2GHz, 4 cores [specs 1]
Noctua NH-U9S cooler
Motherboard ASUS Z170-P
Memory Corsair Vengeance LPX DDR4 3000MHz, 48GB
Storage
  • Samsung 960 EVO 250GB M.2 PCIe SSD
  • Samsung 850 EVO 250GB SSD (LXC/ZFS)
  • Samsung 850 EVO 500GB SSD (CCTV)
Network Intel X520-DA2 Dual 10Gbit [specs 2]
Power EVGA 500W PSU (40W idle)
Case Inter-Tech IPC 4U-4129-N (4U, 650mm)
Fans
  • 2 x Noctua NF-A8 FLX 80mm
  • 4 x Noctua NF-S12A ULN 120mm
  1. 12038 avg. mark
  2. FTLX8571D3BCV-IT SFP+ transceiver

Zeta

Main article: Homelab/Zeta
Server Zeta; Storage

File server; Ubuntu 18.04, ZFS

CPU Intel Pentium G4560 @ 3.5GHz, 2 cores [specs 1]
Noctua NH-U9S cooler
Motherboard ASUS Prime B250-Plus
Memory 24GB total
  • HyperX Fury DDR4 2400MHz, 8GB
  • Corsair Vengeance LPX DDR4 2666MHz, 16GB
Storage Samsung 850 EVO 250GB SSD
Controller: LSI 9201-16i [specs 2]
ZFS pool, 36TB usable
  • raidz2 vdev, 24TB usable
    • 3 x Seagate Ironwolf 4TB
    • 5 x WD Red 4TB
  • raidz2 vdev, 12TB usable
    • 1 x WD Red 8TB
    • 3 x Toshiba N300 NAS 8TB
    • 2 x WD Black 2TB
    • 2 x Seagate Barracuda 2TB
Not configured
  • 1 x WD Blue 3D 500GB SSD
Network Intel X520-DA2 Dual 10Gbit [specs 3]
Power Corsair RM750x 750W PSU (125W idle)
Case Inter-Tech IPC 4U-4416 (4U, 688mm)
Fans
  • 2 x Noctua NF-A8 FLX 80mm
  • 3 x Noctua NF-S12A PWM 120mm
  1. 4866 avg. mark
  2. With Noctua NF-A4x10 FLX 40mm fan
  3. FTLX8571D3BCV-IT SFP+ transceiver

Noise

To keep the noise down I only use 4U cases, this allows me to use big (and quiet) fans and CPU coolers. I always replace the stock fans with Noctua silent ones.

I have also mounted a 120mm Noctua fan next to my UniFi US-48 and US‑16‑150W switches, this pushes air through their cases — lowering their temperature enough that their internal fans never turns on. On the 16XG, which doesn't have temperature controlled fans, I mounted a resistor in series to lower the RPM and noise.

I've measured the sound level 1 meter in front of the rack and on the right side, where my desk is located. Measurements were done with the ventilation system turned off, and all computers running.

1 meter in front
42.1 dBa
Right side, desk
40.7 dBa
40 dB: Library, bird calls (44 dB); lowest limit of urban ambient sound. (dB vs. dBa)

Services

Network

Homelab network diagram

I’ve got a 500/500 fiber internet that comes into the home office and goes through a media converter on the wall above the rack. From there, an Ethernet cable goes to the Edgerouter and to the Unifi US-48 and Unifi 16XG switches, which are the backbones of my home network. All computers in the rack are connected to the network with 10 Gbit multi-mode fiber.

In addition to the two backbone switches, I also have a Unifi 16 POE-150W switch, used for PoE devices, such as CCTV cameras and WiFi access points. The PoE switch is connected to the backbone with two Gbit aggregated fiber connections. On the wall behind the rack is a 24 port patch panel that connects the homelab rack with the house network.

The network is split into multiple VLAN; LAN, DMZ, and CCTV:

LAN
This is the default network, and it can access devices in all the other networks.
DMZ
The demilitarized-zone, all services accessible from the internet is placed here — things like the NTP server, reverse proxy, SSH jump host and the Atlas probe. It also serves as the wireless guest network. No one trusts each other, and all servers are firewalled. Access to other networks is denied but can be allowed to and from known hosts on specific ports.
CCTV
No access is allowed to any of the other networks, accept from the CCTV server. This prevents the cameras from contacting any internet services and provides a bit of extra protection if someone were to connect to the Ethernet cables running outside.

Here is what /etc/network/interfaces looks like on Alpha:

# Loopback
auto lo
iface lo inet loopback

# LAN
auto enp6s0f0
iface enp6s0f0 inet manual

# LAN bridge
auto br0
iface br0 inet static
        address 192.168.1.4
        network 192.168.1.0
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-nameservers 192.168.1.1
        dns-search lan.uctrl.net

        bridge_ports enp6s0f0
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

# DMZ VLAN
auto enp6s0f0.10
iface enp6s0f0.10 inet manual
        vlan-raw-device enp6s0f0

# DMZ VLAN bridge
auto br_dmz
iface br_dmz inet manual
        bridge_ports enp6s0f0.10
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

# CCTV VLAN
auto enp6s0f0.20
iface enp6s0f0.20 inet manual
        vlan-raw-device enp6s0f0

# CCTV VLAN Bridge
auto br_cctv
iface br_cctv inet manual
        bridge_ports enp6s0f0.20
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

As you can see the br_dmz bridge is traffic tagged with VLAN ID 10, and br_cctv with 20. The two VLAN bridges do not have IP addresses, only the virtual networks that use those bridges get IPs.

Power

Homelab power diagram; ATS, MBS, UPS, and PDU

The homelab rack connects to two different branch circuits of the house, through an automatic transfer switch. The primary power source is a dedicated circuit for the home office; the secondary is the basement circuit. The automatic transfer switch, or ATS for short, provides the ability to switch input source if one should fail. This switch typically takes 9 to 12 ms and is transparent to the load.

Any load on the rack that does not require UPS protection is connected directly to the ATS, such as my workstation computer, monitor, laptop charger and a few other things.

The ATS powers the UPS through a maintenance bypass switch (MBS); this allows me to bypass the UPS for maintenance or testing, without turning off any of the connected devices. When the MBS is in bypass mode, the system is without UPS protection.

At the end of the power distribution chain, is the power distribution unit, or PDU for short. The PDU has eight C14 sockets that can be individually controlled and measured.

The ATS, UPS, and PDU are all communicating with a Raspberry Pi — that is acting as a power controller and monitor. The UPS has a network management card (NMC) that allows nut to communicate with it over Ethernet. The ATS and PDU are connected via serial port and uses a Python library, that I have written, to communicate.

Collected metrics like load, running time, voltage, current, power, and temperatures are read and published as MQTT topics; which Home Assistant subscribes to. The values are also stored in InfluxDB, where they can be read by Grafana to create graphs and cool looking dashboards.

Power loss video

This video is also available on YouTube.

Power walk through video

This video is also available on YouTube.

Ventilation

My home office is 10.5 m2 (113 ft2), in the basement and pretty well insulated. With the heat output from the homelab and nowhere for that heat to go, it could potentially get pretty hot. But with my ventilation system, that heat is either vented outside or cooled with a portable AC.

Ductwork in the ceiling for ventilation exhaust intake above homelab rack

Exhaust

Pulls in air from two places — the ceiling above the rack, and through a fume extraction arm on the electronics lab bench. Both inlets have valves to regulate the flow of air or shut them off completely. The fume extraction on the desk is only open when I solder or do other things that make nasty fumes.

This video is also available on YouTube.

Fresh air inlet

An insulated duct transports fresh air from outside into the center of the room; this is done passively when the exhaust fan is running. It has a valve that can be closed if it’s freezing outside.

Insulated ducts suspended from the ceiling and fresh air intake

Internal inlet

I have two 100mm (4") inlets coming from the adjacent room, with valves that can be adjusted. I normally keep them closed and pull in outside air. However, in the hot summer months, they can be opened if the basement air is cooler than the outside.

Air intake from the adjacent room

AC

I have a portable AC unit with a dedicated and insulated exhaust duct to outside. When running, it exhausts quite a lot of air. That creates a negative pressure in the room, which pulls fresh air through the inlets.

Portable AC connected to an insulated duct. Fresh air intake under the ceiling


I use a Raspberry Pi with DS18B20 temperature sensors and a Python script to measure the room temperature. The temperatures, along with an average, is published as an MQTT topic which Home Assistant subscribes to.

A Home Assistant automation script starts the exhaust fan when the temperature reaches 25’C (77’F). The fan keeps running until the temperature has dropped to 23’C (73.4’C).

Grafana graphs, showing homelab and outside temperatures