Riff Labs

You might see references to riff.cc or Riff Labs throughout this blog. What is Riff Labs, you might ask?

Riff.CC is an ongoing project which is aiming to improve free and open access to information and culture. Riff Labs is my home lab, which lives on the riff.cc domain for simplicity. Some of my home lab is publicly accessible, but the majority of it is not, protected by firewalls and routing. However, nearly all of it runs on open source software, and nearly all of it is publicly documented in the form of automation code, documentation and this very blog. You can learn from it!

It used to literally live in my apartment, but now lives at a friend's house in an unspecified location. (And since I wrote that, it now lives at a different friend's house in a different unspecified location).

Why run a home lab?

For me, personally, running a home lab is something that I keep doing instinctively. It serves as an experimental place for me to learn about systems administration, play with distributed filesystems like MooseFS, store my media and do all the things I would normally do on a home network anyway.

The distinction between "home lab" and just "home network" is nebulous - but that's half the fun - for some people their home lab is just a NAS, or a Raspberry Pi - for others their lab is sprawling and runs all kinds of weird and wonderful stuff. My lab is a blend of these two extremes.

What are the specs?

Real-world (online and in service) specs (Somewhat out of date)

  1. 230 AMD64 cores, with ~1536GiB of RAM
  2. 16TB of NVMe M.2 SSDs (consumer)
  3. 120TB of a mix of SAS and SATA enterprise flash storage
  4. Over 2 pebibytes of mostly enterprise SATA storage (2850TB total raw capacity, with the bulk of made of 16TB EXOS hard drives from Seagate)
  5. 1000Mbps / 1000Mbps unmetered enterprise ethernet fibre from Aussie Broadband, on a 4 hour response, 24/7 SLA
  6. Dual 10gbps networking core

Theoretical specs (includes experimental hardware, things that aren't online yet) that are slated to change:

  • 486 AMD64 cores, with ~2304GiB of RAM
  • Additional 5 storage chassis
  • Dual 25gbps networking core

What does it do, though?

In terms of useful services? Right now, it does the following:

  • Proxmox private virtualisation cloud for hosting various services
  • Farms Chia using NoSSD, solely to cover the cost of power
  • Provides DHCPv4 and DNS services for the lab
  • Stores personal files and media using MooseFS Pro and CubeFS
  • Serves media using Plex Media Server and Jellyfin
  • Provides storage using Sia

It also used to:

  • Mine Ethereum using HiveOS (Ethereum is no longer mineable)
  • Run a StorJ Storage Node (I no longer have time to babysit a StorJ node)
  • Run IPFS and Filecoin disposable test infrastructure, as part of my work for Protocol Labs

That's the summary of it for now. If you're dying for more details, read this blog and feel free to email me questions.

Why is it publicly documented? Isn't that a security risk?

Yes, it can a security risk to publicly document aspects of your home lab. One example of where it can go wrong is with Jeff Geerling's lab (hi Jeff!), which suffered DDoS and spam attacks after his home IP address was inadvertently leaked. However, that wasn't enough to change his mind on whether having a home lab and publicly talking about it was a good idea.

I document my home lab for myself and my own learning - writing down and explaining what I'm doing is a great way to reinforce the learning I'm doing, record mistakes and observations that may help others along the same path or help me to more effectively report bugs or weaknesses in the software, platforms and tools I use. Doing so publicly, blogging about it and keeping as much of the home lab open source as possible means someone nasty could poke a bunch of holes in it, but it hopefully also means I'm able to share my particular flavour of home lab with the world and see if anyone can learn from it.

But when it comes down to it... any security flaws covered up by being secretive about my home lab would eventually be uncovered by a sufficiently skilled or determined attacker.

Maintaining a largely open source lab is a challenge, but inspires me to write Ansible playbooks, bash scripts, Kubernetes manifests, Helm charts, and all kinds of other fun stuff.