In summary, I wanted a place to safely try out new ideas and to learn about a stack that is similar to what I’m working with in my day job. Given the extra time on m hands to do shelter-in-place and a change of summer travel plans, I figured I’d do something constructive to further my skills and learning. So far I’ve built a new web service https://iscircleciup.net and am working on instrumentation, monitoring, and security projects around the service and the platform.
This is an overview page, there will be more detailed write-ups to follow.
My home network is based around a single device, a branch-office firewall appliance the Zyxel USG-20. It was cheap and had enough features for me. It allows me to run two separate networks. I have a network for all of my personal devices that primarily connect over WiFi and then I have my lab network that is all wired using self-made cables from box of CAT5 that I’ve been lugging around apartment-to-apartment for years.
I have an IPSec road-warrior setup between my personal laptop and the firewall which allows me to access my lab when I’m away from home. The need for this has been minimized as I’ve made the Nomad and Vault interfaces publicly accessible. Further the fact I’ve not had to leave my house in months has also reduced the need for VPN.
I started off with one Intel NUC that I had laying around. I was able to get the whole stack running on it, but soon wanted to start playing around with clustering services once I got the hang of Nomad. I’ve been spending my time on Ebay picking up Intel NUCs for $100 – $200 USD in whatever condition they come in. They are different models and of different configurations. This isn’t necessarily ideal for running uniform workloads, but this is a home lab! I’m willing to live with a diverse workforce.
Consul, Vault, Nomad, and Fabio
The home lab setup originally started off as a Nomad-only deployment. I soon realized that Consul would be necessary for service discovery. Consul and Nomad work very well together.I was able to launch services, find where they landed, and to store some basic configuration in the Consul KV store. Then I wanted to store database credentials, so Vault was a quick follow.
I’ll go more in-depth about each component’s configuration. At this time, each service runs in server and agent mode due to the limited amount of hardware I have. This is okay for my needs as a home lab, but in a production setting, you’d want to have dedicated servers for Consul, Nomad, and Vault.