My infrastructure

The time is finally here. The 2020. is over and my infrastructure is at it’s best. Currently we can’t imagine life without it as it’s slowly replacing all third party services. But before we get into the details here is the list of services we run.

Services:

Some of this services I use for work and some for private stuff.

Networking

After a long stunt with Mikrotik (see the last device in the rack), I’ve went ahead and replaced the whole network with Unifi things. It’s far from perfect but it’s set nad forget which is very important to me. I don’t want to spend hours maintaining the infrastructure I need for daily life.

The router is Unifi Dream Machine Pro with a 6TB hard drive for video surveillance. This router also provides IPSec/L2TP VPN access to home for our devices when we are on the road. We connect to internet via PPPoE connection.

The switch is Unifi USW 16 port POE. It has 8 PoE ports which is enough for all the cameras and access points for the house. At this switch we also terminate all of the CAT6 runs thru the house.

All ports in the house are labeled and marked using the following system: XYY, where X is a room number, and YY is a port number. So if, let’s say, kitchen is room number 1 the third port would be 103.

Wifi is provided by two Unifi UAP AC Lites that run two Wifi networks, one main, and one emergency.

Video Surveillance

Currently I’m running only one Unifi G4 bullet cam, but I will be adding more in the future for indoor surveillance. Currently the camera records 247 and the motion detection is used in a few automations done by the Home Assistant server.

I’ll be adding three more cameras:

Main Server

Main server is running OpenSUSE Thimbleweed on IntelNUC. It’s not hyperspec’d but it’s enough for my scale:

Nothing on this server is done by hand. I deploy, update, and maintain all services using Ansible. Everything is backed up on Borgbase so it can easily be retrieved and accessed in the worst case.

Home Assistant

I run Home Assistant on a RaspberryPi 4 with 4GB of RAM. This controls a bunch of IoT stuff that I’ll explain in a another blog post later. Outside access is provided by Nabu Casa subscription since I wanted to support the team at Home Assistant.

The configuration is backed up on Borgbase as well, since this is the single most important service we run in the house. This is controlling our alarm system, home temperature, lights, media, etc.

The Diagram

Here is a diagram that tries to outline everything related to the infrastructure.

All of the HTTP Docker containers on IntelNUC are proxied thru Traefik so they can be HTTPS terminated. You can see on my blog post how this is configured.

The rack

This is the whole system in it’s glory. The iteration you just read about is a culmination of a lot of hours spent learning and building everything in the past cca 8 years of me maintaining my own infrastructure.

The color coding of the cables is straight forward:

The whole setup is using around 60W of power when running full tilt.

TODO

As with everything, this is far from being completed. I’m still working on a few projects that will make our life easier: