Training Tuesday - Discussions for certs, training and learning-at-home
from to on 01 Aug 2023 11:42

Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!

threaded - newest on 01 Aug 2023 13:55 collapse

Is it ok to post about homelab projects and journeys?

I stood up a home server in June of 2000, looking for a bit of that “whee I’m a sysop too!” social interaction I missed out on due to growing up poor. Gave out shell accounts and web hosting to anyone who asked. Surprisingly the server lasted until 2015, despite me being a terrible sysadmin with no idea what he was doing.

I’m trying to bring it back up as something slightly more modern. Recently got OpenLDAP loaded with my old users and mail set up, using seven VMs, each on its own vlan and /30 net: openldap of course, postfix, opendkim, dovecot, roundcube, and two for bind9. I figure I’m certainly going to forget things and get compromised, but hopefully this isolation will minimize how useful a rooted VM is.

I have this hesitation to ask for too much help, as I feel like it’s the same kind of help someone would use for a small business and would need to pay for. I feel like I should write this up and share it, once I get everything working. Most people doing this for commercial reasons wouldn’t share what they did on company time, I feel like. on 01 Aug 2023 14:50 collapse

Yep this is a good place to post anything learning related. Also I think you’d be surprised how helpful people can be so I wouldn’t be shy about asking. Ask here, ask on Mastodon too. on 02 Aug 2023 03:26 collapse

I don’t know if this is a reasonable thing to want, but I want to create it if it doesn’t. Or I need to understand why my expectations are warped.

I have this impression that, in 1995, you could just stand up a Solaris or Sys V UNIX box on the public internet, run some common default services that most people wanted on a “standard internet host” and they would more or less do ok. Try that today, of course, and things would not be ok.

I think there should be a guide for creating a similar environment with free (and/or “free”) software. My version would start with: you’ll need server hardware totaling around 32 GB of RAM or more, on one machine or several. Recycled laptops or corporate desktops work, though you’ll need vlan aware switching if multiple machines. We’ll assume a static ip and a domain with dnssec support. Here’s what that means.

And then a sort of step by step for a management vlan, a vm hypervisor, management vm, firewall, gsa/openvas, an apt-mirror VM, and then we start setting up services. Each service gets its own VM, and gets a /30 net and firewall rules allowing minimum permissions. DNS, then OpenLDAP, then haproxy, then email, etc.

I’ve been on a journey setting this all up for myself, and I think my biggest problem has been understanding the abstract concepts. I was following an OpenLDAP walkthrough, for example, without really understanding how different clients would be using it. I found a whole series of articles on setting up email, and was able to adapt their approach (single hosted VM, sql storage for user info) to my own (four VMs, LDAP storage for user info). But I’m still struggling with postfix mapping tables for example.

Setting aside if it’s possible to find this sort of “follow these steps for an exceptionally secure, though maintenance heavy, internet site!” walkthrough, is this even something people want? Maybe I’m being too egocentric, assuming everyone must want what I want. The whole thing is unmaintainable if the reader is just walked through the steps without getting a deep understanding of what and why. Maybe people looking for walkthroughs generally don’t want all of the extra steps.

Does what I’m proposing make sense? Should it exist? Does it already? on 02 Aug 2023 12:44 collapse

I think it makes sense. Not sure if it exists already. As for the question of “do people want it?” The Internet is a big place. No matter what you could possibly think up, there’s probably some folks out there who are interested. If you think it’s interesting than others probably do to. Go for it!