Home IT Infrastructure
2025-06-22 15:53 by Ian
This post will be a running log of my personal IT infrastructure.
Power
There are two in-phase power feeds entering the rack. One is directly from the grid, and another from the battery-backup inverters. Details of the battery backup system can be found here.
The rack has a modest power draw of about 3 kilowatts, peak (by the numbers). But I rarely see draw above 1kW. Most of the standing draw comes from my application server, and the fact that I have lots of PoE gear hanging off my network. Still, I want that gear to remain powered and responsive when the power goes out.
| Systems under battery backup: | Systems allowed to fail with grid power: |
|---|---|
| Network gateway | LOUDMOUTH, and associated audio amplifiers |
| Network switch with 250W PoE | BLACKHAND, and its associated test hardware |
| The modems | The console monitor |
| iAN-APP (My home application server) | |
| HOME-iOT |
Cat pipes (ethernet)
My first project upon moving into a new house is to wire it all with ethernet. This time, I used shielded 24ga CAT-6. Blue cable is bottom floor, yellow goes to the top floor and the roof. This is the convergence point (where the rack lives) in my lab in the basement. The 48-port patch panel occupies the top U in the rack.
Ubiquity
Slots #2 and #3 are taken by A Ubiquity 250W PoE switch, and a Ubiquity Security Gateway.
I love Ubiquity's gear. They aren't paying me to say this. It's just really good. The software stack isn't rent-seeking and freely available, and none of it requires connectivity back to them for anything other than firmware updates (if you choose to enable those). So I'm running their stuff wherever I can. WiFi AP, PoE switch, and firewall/NAT. It has all worked flawlessly since I installed it, and it is a breeze to manage with as much granularity as I've felt need to.
Segregation of VLANs, mirror-ports on switches, PoE rationing, WiFi band-steering, custom DHCP options, analytics, firmware management (including roll-back), static routing tables... All of it broken out into a sensible UI. Seriously, guys.... well done. I will some day write a specific gush post about how I use their tools to build heterogenous contained IoT networks. But for now, suffice it to say that Ubiquiy's gear makes IoT suck far less than it otherwise would.
Console
The next 12U are taken by the console monitor and KVM switch. 2U below that is an upside-down shelf that have modems, HOME-iOT, and various DC/DC converters bolted onto it. It is mounted upside-down to give extra hand clearance for the 2U keyboard drawer underneath it.
BLACKHAND
Squished into a 1U drawer is my hardware CI support. There is a RasPi4 lurking in here that hosts a gitlab runner instance that is tagged to build and test hardware drivers.
LOUDMOUTH
LOUDMOUTH is the sad looking 3U box without a faceplate. It is the house's PA system. Mostly, it just hosts amplifiers, but also has the ability to be a PulseAudio sink, and has some custom hardware to do audio switching and some simple mixing. This machine is documented here.
iAN-APP
This is my primary application server. It hosts the following:
- Storage and file services: NFS/Samba was the first reason I started running a home server in my teens and remains my mainstay use-case for running a hardware application sever. Isolating my data storage concerns from those of my main workstation has saved me tremendous grief over the past 30 years. File sharing, backups, and noise isolation are all made far simpler. My primary workstation has been a laptop for the past decade, and carrying my life's work around with me in my backpack is simply not feasible. I've accumulated many terabytes of data that I don't want to lose, and often want to share. The NAS role is being filled by a brace of 14TB platter drives in software RAID-1, and a non-critical space of 12TB.
- OpenVPN: For outside access. I used to run SSH directly, but even with fail-to-ban and knockd, it was a bit of a liability. And realisitically, every time I SSH in, I am on a computer with an assigned VPN cert, anyhow.
- DNS: Until very recently, I hosted the house's DNS via MyDNS. When the package became defunct in Gentoo, I held out for another year before finally migrating DHCP users to PiHole on HOME-iOT. But I still run MyDNS on iAN-APP for the occasional cases where I want to test or reverse-engineer something.
- OpenCL: I've done both dev work and cryptomining on this box at one point or another. There is an (outdated) ATI GPU running in the server. But these days, it mostly just renders htop to the console.
- DistCC: I ran distccd in my rack for many years. But since my local machines outpaced iAN-APP, I don't feel the need to do this anymore. Many of my RasPi-based builds would still benefit from it, so it might be reinstated the next time I want to avoid full system rebuilds on my security cameras (for instance).
- Home VoIP: iAN-APP hosts a telco interface card and asterisk installation for my home VoIP arrangement.
- Docker: Docker is one of the best pieces of software I've been introduced to in the past 10 years. It allows me to containerize without the overhead of a VM, but also allows the creation of highly-specific environments for deployment elsewhere. For those reasons it is often the last step for a service in my lab before deployment. And even if the service never leaves the host, it still allows me to easilly setup goofball environments that don't conflict with the sane setup on the host. I run my local gitlab instance as a permanent facet of my infrastructure in this manner.
- Piwigo: When you have children, you will collect family photos. This is how I organize them.
- Gentoo mirror: There may be as many as seven gentoo installs running in my house (I'm not even sure anymore). There is no sense having them all pointed at different mirrors. So I run an rsync daemon to provide a house-wide mirror. I can then stage my local gentoo environments by my own update cycle.
- Minecraft: My boys and play this from time-to-time. And we needed neutral configurable ground. So I host a few worlds here.
Cover plates and toolboxes
The bottom space in the rack is filled by cover plates and storage space. Basic stuff. Not much to say about them.
Lux-Turpis (not shown)
Lux-Turpis is my ISM radio tinker box on the roof. It is also serving as a stratum-1 NTP server via GPS/GNSS. My DHCP setup points all systems on dynamic IPs to use this as the preferred NTP server. This machine is documented here. It is powered by PoE, and so will run during a power outage.
Previous: 2024.06.07: Beekeeping, year #3
Next: Hardware CI Arrangement