• 0 Posts
  • 19 Comments
Joined 2 years ago
cake
Cake day: July 4th, 2023

help-circle
  • I have a bit of knowledge on how it works and when its use could be a good choice, but I have only played around with it. Either way I would strongly suggest you look into Rancher and Harvester by Rancher. I’m most likely to personally use them too thanks to their help with setup and configuring security for your K3S cluster. Also look into thier Longhorn software when it comes to the storage part. I hope I could be of help!







  • RymdLord@beehaw.orgtoHomelabpf/opnsense question
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Well depends on your current setup. If your current setup is a 1 WAN and 1 LAN(No Vlans) and your ISP doesn’t use PPPoE or similar it should be out of the box good to go, exept you needing to maintain it aka update and monitor. You can setup auto updates but checking logs and maybe setting up IDS/IPS would be a good idea.

    What do you mean “ditch a router” pf/opnsense are firewall/routers. If you want WiFi you will need a AP(Access Point) that can either be a dedicated AP like what Ubiquity offers or a WiFi router that allows you to disable all “router” features. As for dongles I would think that it’s a bad idea. I personally use a Unifi 6 Lite that is running OpenWRT. Also I use Opnsense due to the hardware support and it having a better layout in my opinion also some nice to have plugins.

    Also if I was you I would recommend OpenWRT it might be a better fit :)


  • Well experience and the concept of pods

    Edit: Just reread my response and thought it was quite bad so with this edit I hope to fix it. To answer your question regarding a one node setup with K3S compared to Docker Swarm is the following. When you later might want to expand your cluster or swarm K3S will be more flexible due to how it is built (Its architecture). Also you get the advantage of what is called pods that have way more isolation when setup correctly. Also if you use something like Harvester by Rancher or Proxmox you can turn one server into several this would allow you to have a several nodes and therefore also load balance and higher availability. I suggest you check our Kubernates(K8s) and K3S documentation and get to know the architecture of it! And the last and probably bigest advantage is that you will learn K3S and therefor K8S, this is a skill that is sought after in the IT industry!

    I hope this is a better response :)



    1. Yes
    2. Don’t virtualise your router as it creates more attack surface and risk for miss configuration as well as providing less stability. Can recommended OpenWRT & OPNsense 3.Depends if they are on the same device or not. 4.Can’t help with this one, sorry. 5.Look up the 321 storage rule 6.Any thing of site and example a cloud storage provider and encrypt your backups to them so your data is safe. 7.Depends on what you want to backup I would recommend photos, videos, documents & config files.

    Good luck :)



  • Two things, one and I’m sorry for this one but have you tried Linux? It has way less overhead it should even be able to run on your MacBook air. Second I would recommend something more built for heavy loads. An example would be System76s powerful laptops category I would also check out TuxedoPCs laptop offerings. Also why I recommend Linux is because if you are coming from macOs it will be really familiar, also you can make so Linux works and behaves like any macOS version without big hassle. (I have a preference bias but all my hardware recommendations work with windows to. They can also be a good reference)






  • RymdLord@beehaw.orgtoHomelabSanity-check my plans
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Hey! I only have some recommendations on security (I’m a security nut). I would recommend you setup several vlans minimum 2 so your IoT(Smartbulbs, printers etc) are on their own virtual lan. Why? Simple your IoT stuff doesn’t get updates the same way as your other devices so they always are higher risk I would actually suggest that you block their internet connection completely. I would also not use Upnp at all especially with printers/IoT they are known to open ports via Upnp aka exposing themselves to the entire internet! I would love to help you more tbh I’m also learning, and setting everything up!



  • Are you sure you aren’t looking for a router/firewall? Because if it will be directly connected to your ISP they will not be happy. If you are looking for a managed switch you should not put firewall rules on it but rather let your router and server be your firewalls. Also if you have 1Gbit you only need a switch that can Handel 1Gbit plus all the internal connections. Also how many ports do you need? I can recommend the Netgear GS108T but I would recommend using OpenWRT on it and for a router either a Thin Client with OPNsense or a OpenWRT compatible router.