Motivation
I became more interested in personal privacy after myRoku started spying on what we were watching outside the Roku itself, our mesh WiFi router switched to a subscription model for “AI” and “cloud” features, and our smart home switches required access to “the cloud” just to turn on lights. TVs, WiFi routers, and smart home devices are all driving prices down by supplementing hardware sales revenue with personal data sales.
On top of that, after creating a custom smart lock , I saw first hand how Google and Amazon's smart home infrastructures are built around selling cloud services and capturing my personal data, while Apple HomeKit is designed to work without any internet access at all.
Given these consideration, I wanted a more robust router and firewall between my home network and the internet. I wanted to be able to completely block smart home devices from accessing the internet. And I wanted to do everything as cheaply as possible while maintaining compute resource (CPU, RAM, disk) separation between self-hosted services.
Setup
- 1x $59 Ubiquiti EdgeRouter X
- 1x $70 TP-Link 8 Port PoE Switch
- 4x $55 Raspberry Pi 4 Model B 4GB
- 4x $20 Raspberry Pi PoE HAT
- 3x $48 Seagate 1TB USB HDD
- Total: $573
The Ubiquiti EdgerRouter X is the router and firewall while the mesh WiFi is in “bridge” mode, effectively operating as a switch. IP addresses are assigned in ranges and firewall settings are used to block all devices from the internet except those that need it (Apple TV, Laptops, Phones, etc.).
Four Raspberry Pis host all self-hosted services.Public services like code hosting, federated social networks, and a bitcoin node. And private services like DNS-based ad and tracker blocking. (After using Pi-Hole for a while, I switched to AdGuard Home, which is just simpler and easier to maintain.)
Finally, power over Ethernet (PoE) with a PoE switch is used to reduce the cords to the Raspberry Pis.
Custom Racking
A downside of not using a standard rack-mounted host is the non-standard form factors of the Raspberry Pis and hard drives etc.
To handle this, I 3D printed a Raspberry Pi 2U rack mount . It's not used in a rack configuration but it's actually just a great way to have easy, uniform, and modular access to the Pis.
Hardware was purchased from McMaster-Carr.
- 1x $3.33 Super-Corrosion-Resistant 316 Stainless Steel Socket Head Screw, M2.5 x 0.45 mm Thread, 12 mm Long
- 2x $5.66 18-8 Stainless Steel Threaded Rod, M5 x 0.8 mm Thread Size, 300 mm Long
- 1x $3.79 Super-Corrosion-Resistant 316 Stainless Steel Thin Hex Nut, M5 x 0.8 mm Thread, 2.7 mm High
- Total: $18.44
For the hard drives, I designed and 3D printed a custom stand.
Configuration Management
Host configuration is managed with Ansible . The roles are written to be minimally invasive and optimized for low maintenance.
The Ansible roles areopen source.
Layout
For clarity, my specific Raspberry Pi Ansible playbook in provided below:
- hosts: rpis
roles:
- rpi-base
- apt-cacher/client
- prometheus/rpi-client
- hosts: admin.local
roles:
- adguard-home
- apt-cacher/server
- prometheus/server
- hosts: btc.local
roles:
- block-device
- bitcoind
- lnd
- bitcoind-prometheus-exporter
- hosts: media.local
roles:
- block-device
- plex
- transmission
- homebridge
- minecraft
- nginx
- hosts: web.local
roles:
- block-device
- postgresql
- pleroma/aws-s3-backup
- pleroma/otp
- writefreely
- mercurial/aws-s3-backup
- mercurial/web
- oragono
- prosody
- nginx
Conclusion
Using a hardwired router as the articulation point between the internet and the rest of a home network is a great way to get privacy, security, and self-hosting without really investing much.
# RaspberryPi # SelfHosting # Homelab # Linux # RaspberryPi # Homekit
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
