my debian homelab
Homelab Build Recommendations⌗
Softwares⌗
OS: Debian 11 (Bullseye)⌗
Due to its stable and rock solid. No ubuntu with much more bloat.
Can upgrade to next release Debian 12 (Bookworm) if necessary.
Things to do after installing Debian⌗
Enable sudo⌗
Install sudo by root:
apt install sudo
Add the user to group sudo:
usermod usermod -aG sudo $USER
Enable Firewall⌗
Install UFW:
sudo apt install ufw
Enable it and configure the rules (open for ssh and reverse proxy server):
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
sudo ufw allow http
sudo ufw allow https
sudo ufw allow proto tcp from any to any port 80,443
Set up SSH public key authentication⌗
Can read from here.
Some tools maybe needed for faster commanding⌗
If install from source then need to add to bashrc and symblic link to /usr/local/bin for sudo. Noted that symboic link need to be full path like /home/zyx/sample/bin.
- exa - an alternate of builtin
lswith color support - ouch - an alternate of traditional
tarwith shorter command - bottom - an alternate of
topwith color support - kibi or micro - an alternate of builtin
vi/nanowith common keybindings
Some easy apps for deploy web services or external remote⌗
- caddy - a web server and reverse proxy with automatic HTTPS, alternate of nginx, apache, traefik..
- GoDNS - a dynamic DNS client tool with easy config, alternate of ddclient
- Tailscale - The easiest, most secure way to use WireGuard and 2FA.
- cloudflared - the Cloudflare Tunnel client (formerly Argo Tunnel) for exposing to the open web. Other solutions: ngrok, Tailscale or just open port in modem
- Monit - With all features needed for system monitoring and error recovery. It’s like having a watchdog with a toolbox on your server
- sysstat - performance monitoring tools for Linux
Some other apps maybe will be needed⌗
- Syncthing - an Open Source Continuous File Synchronization
- ownCloud Infinite Scale Stack - a file sync & share platform
- udev-media-automount - auto mount removable media devices by means of udev rules
- File Browser - a file managing web interface
Hardwares⌗
| ID | Comp | Product | Q | Remark |
|---|---|---|---|---|
| 1 | CPU | AMD Ryzen™ 3 PRO 4350G / 5 PRO 4650G / 7 PRO 4750G | 1 | 3.8GHz 4 cores 8 threads / or up |
| 2 | mobo | ASRock B550M Pro4 | 1 | or up Steel Legend / X570 |
| 3 | RAM | 16GB DDRL4 ECC UDIMM 3200Mhz | 1 | Mobo support DDR4 3200Mhz Max. 64GB ECC unbuffered |
| 4 | NVMe | SSD MSI SPATIUM M450 1TB NVMe M.2 2280 PCIe Gen 4 x 4 | 2 | Install OS, data. Mobo supp PCIe 1xGen4x4 + 1xGen3x2, RAID1 so max 3.0x2 |
| 5 | SATA | 2TB HDD/SSD | 0 | Maybe upgrade, 4 spare slots, 6 SATA3 total but 5-6 share lane with M2_2 |
| 6 | UPS | APC or Eaton with USB port | 1 | 8-10 mins for shutdown server when power outage |
| 7 | USB | 64GB-128GB SSD BOX | 1 | flash drive hot swappable for data transfer by non-tech user |
Note⌗
- run monit for system monitoring, alert CPU usage or ssh login..
- run services locally then comunicate with outside via reverse proxy
- run godns daemon for Dynamic DNS, no need static IP. IPv6 is prefer if the ISP support it
- syncthing for share backup to other pcs, run crontab bash script for backup daily at 3.am
- run iostat when need to know cpu report since last boot
- build this pc based on desktop components so it can last on low cost, easy to upgrade or change the purpose. can buy a real-server when the time come
- the AMD Ryzen Pro APU is the good choice with low power when idle. ECC support nearly by all ASRock AM4 mobos. AMD CPU are supported, APU are supported only for PRO version.
- because those data is important so ECC is prefer
- this pc will good for NAS or some personal projects with low request
Read other posts