my home lab - PCHQ
You might see references to windowpa.in or PCHQ throughout this blog. What is windowpa.in, you might ask? Simple - it's my homelab. windowpa.in is just a domain I bought a while back, for long since forgotten purposes, which now serves as a handy domain for my home lab and experimentation purposes. Some of my home lab is publicly accessible, but the majority of it is not, protected by the vastness of... well, internal vs external subnetting. FUN. However, nearly all of it runs on open source software, and nearly all of it is publicly documented in the form of automation code, documentation and this very blog. You can learn from it!
It used to literally live in my apartment, but now lives at a friend's house in an unspecified location.
Why run a home lab?
For me, personally, running a home lab is something that I keep doing instinctively. It serves as an experimental place for me to learn about systems administration, play with distributed filesystems like MooseFS, store my media and do all the things I would normally do on a home network anyway.
The distinction between "home lab" and just "home network" is nebulous - but that's half the fun - for some people their home lab is just a NAS, or a Raspberry Pi - for others their lab is sprawling and runs all kinds of weird and wonderful stuff. My lab is a blend of these two extremes.
What are the specs?
Real-world (online and in service) specs:
- 6 ARM64 cores, with 4GiB of RAM (a lone Kobol Helios64 is the only remaining ARM hardware, after my ODROID HC4s were both retired)
- 180 AMD64 cores, with 916GiB of RAM
- Approximately 8TB of NVMe SSDs
- Over 1 pebibyte of mostly enterprise SATA storage (1184TB total raw capacity, with the bulk of made of 16TB EXOS hard drives from Seagate)
- 1000Mbps / 1000Mbps unmetered enterprise ethernet fibre from Aussie Broadband, on a 4 hour response, 24/7 SLA
- 6 ARM64 cores, with 4GiB of RAM (a lone Kobol Helios64 is the only remaining ARM hardware, after my ODROID HC4s were both retired)
- Standard 1gbps backbone (a cheap TP-Link switch)
Theoretical specs (includes experimental hardware, things that aren't online yet, does not include Oracle Cloud) that are slated to change:
- 308 AMD64 cores, with ~1428GiB of RAM
- ~16TB of enterprise SATA solid state storage
- ~5TB of NVMe PCI-e 4.0 storage (Intel P3605 based)
- 10Gbps between all nodes except the NUC/NUCalikes (1G) and the Helios64 (2.5G)
What does it do, though?
In terms of useful services? Right now, it does the following:
- Proxmox private virtualisation cloud for hosting various services
- Runs IPFS nodes and Filecoin experiments
- Farms Chia using FlexFarmer/Gigahorse, solely to cover the cost of power
- Provides DHCPv4 and DNS services for the lab
- Stores personal files and media using MooseFS Pro
- Serves media using Plex Media Server and Jellyfin
- Farms Chia using FlexFarmer/Gigahorse, solely to cover the cost of power
- (Soon) Runs the Brackish Aquarium, an experimental set of Bacalhau nodes.
- (Soon) Runs a Filecoin Lotus node on testnet
It also used to:
- Mine Ethereum using HiveOS (Ethereum is no longer mineable)
- Run a StorJ Storage Node (I no longer have time to babysit a StorJ node)
That's the summary of it for now. If you're dying for more details, read this blog and feel free to email me questions.
Why is it publicly documented? Isn't that a security risk?
Yes, it can a security risk to publicly document aspects of your home lab. One example of where it can go wrong is with Jeff Geerling's lab (hi Jeff!), which suffered DDoS and spam attacks after his home IP address was inadvertently leaked. However, that wasn't enough to change his mind on whether having a home lab and publicly talking about it was a good idea.
I document my home lab for myself and my own learning - writing down and explaining what I'm doing is a great way to reinforce the learning I'm doing, record mistakes and observations that may help others along the same path or help me to more effectively report bugs or weaknesses in the software, platforms and tools I use. Doing so publicly, blogging about it and keeping as much of the home lab open source as possible means someone nasty could poke a bunch of holes in it, but it hopefully also means I'm able to share my particular flavour of home lab with the world and see if anyone can learn from it.
But when it comes down to it... any security flaws covered up by being secretive about my home lab would eventually be uncovered by a sufficiently skilled or determined attacker.
Maintaining a largely open source lab is a challenge, but inspires me to write Ansible playbooks, bash scripts, Kubernetes manifests, Helm charts, and all kinds of other fun stuff.
Where did the name come from?
There are two theories.
One has something to do with cryptography, and is a story you'll need to extract from me if you're dying to know. The other is that it came from lyrics from "Eminem - Love The Way You Lie ft. Rihanna".
Now you get to watch her leave out the window...
Guess that's why they call it window pane.