-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Welcome to the Home_Server wiki!
As people age, they find it harder to interact with the technology that is flooding their environment, regardless of how seamless the interaction within the items in a single ecosystem is, the setup, maintenance and security around this becomes a daunting task and often ends up making them more vulnerable, not to mention feeling overwhelmed and impactng their overall state of mind.
I am a firm believer that you can use something without having to know how it works behind the scenes, but... This is not true in technology, if you are unaware of how it works, you will be prey for someone that does. And here is where the story of why I need to build this comes into existence.
My mom is almost 90 years old, she is functional and aware of her surroundings and does not need any special assistance for everyday life. Her sons have bought several different gadgets to make her life easier, she uses her tablet every day, she uses her phone and emails/texts and installs and uses apps as any person would. The problem starts when something (for any reason) does not work as expected. Netflix goes down, for example... She may try to fix it herself since she does not want to inconvenence us, or she may ask a friend (also in her age group) for advice... This inevitably makes the problems worse.
Now in this scenario we had no malicious intent. But lately there has been a sharp increase in targetting her age group to scam them in several ways. And it happened.
So what is the answer for this? making things simple for her, and providing her with an AI assistant that she can turn to that is contained within her home, and whose back-end is a larger AI that runs over the secure network I set up to ensure there is a minimum set of security and safety items deployed (Firewall, DNS, Antivirus, Home safety, and some basic biofeedback). This makes it so that she can ask this AI in plain words what she wants it to do, and it will interact with the underlaying equipment for her.
NOTE: if the AI or interaction were to fail, she will need to call, if the larger AI has not been able to restore operations within a logical amount of time.
I want to be able to do this without breaking the bank, and taking away most of the items that become the top 10 reasons something stopped working.
By removing remote controls and using IR blasters, we can eliminate the problem of her needing to fiddle around with the TV remote, the cable box remote and the sound system remote. (You have no idea how many times the issue is having tuned off or destroyed the configuration of the environment by using the wrong remotes, and it has happened to me as well, so I would rather fix this from the start.)
Now there are other items that are a little more difficult. Like updating the laptop, ensuring she does not go to scam sites, reducing the amount of possible risk she is exposed to without eliminating her freedom to do things. A firewall is great, but every so often there is a game or app that complains about ad blockers, or a firewall rule does not allow you to go to a site or do something you legitimately need to. And I cannot expect my mom to know how to fix that, or to have to feel inadequate becasue of things like this.
So, being the nerd I am, I will start with the automation of the basic setup for the home, and build from there.
This can be expanded and modified to be used in different scenarios, possibly even at enterprise level as I am able to mature the system and the decision making, interaction beyond the basic LLM, etc.
I want to take a Microservice based approach to build this environment, so it becomes easier later on to upgrade and modify it for different uses.
So, the high level architecture is:
4 sites are interconnected. (all homes) Each site will host its own set of services that vary depending on the need (for example one home may have an IPTV setup and another may not, one may have Wifi and another may not, etc.. but they will all need a base, core set of services to be deployed: AI, FIREWALL, HOME AUTOMATION)
A central AI will:
- Take care of metadata harvesting to define top 10 for each site and dynamically push the appropriate scripts to be locally housed while the local AI purges the least/never used scripts.
- Handle failure requests for the deployment of the core services and re-deploy/fix/patch them as necessary.
All automation is based on an Infrastructure as code base. To automate the build of a Physical/virtual environments by basing myself in Ansible, Terraform, k3s, and others.
Every MD file in this folder will contain the expalanation to the code in the correponding folder. This code is provided with no support, as this is documentation of my own lab projects.
Please feel free to use the code for your purposes I am trying to keep the code as clean as possible while allowing the users to choose the passwords being used or generating them randomly and therefore eliminating the possibility that I or anyone else would be able to know the passwords/secrets for the new deployments.
I am updating this code based on a Debian 12 and an Arch 2024.04.01 distribution, and will test with other builds in the future.
Change log can be found in: Changelog.md
WARNING: Always examine scripts downloaded from the internet before running them locally!! >
This project looks at tthe automation of the build of a Physical/virtual lab for Kubernetes along with the deployment of the basic workloads that I would use for a home environment. This can also be modified for use with any workload. Key features: I am testing an AI using an LLM and access to my documentation, will continue training the AI based on the issues I encounter until it is functional across several domains, curenlty it is used to help me in: 1) Domotics 2) Chatbot/writing tasks
For this project every component is tracked separately, as there may be updates and changes to the configurations that are required based on the use cases. PXE boot capability
Ansible CAREFUL:THIS IS A BASH SCRIPT
Terraform
K3s Manual install or K3s Ansible
The lab is a series of small separate mini-pcs. I have a mix of Lenovo (2x), Dell (2x) and Protectili (1x) mini PCs that host the virtual machines and containers. i also have a NAS device as well as a Mac M1 used for the AI system. (You can always deploy without the AI or use a Windows machine with an appropriate GPU, I have not tested on Linux with GPU. Not recommended to place it on a Virtual environment unless you can do PCI passthrough of the GPU, as performance is impacted heavily without this.)
I have decided to use Arch Linux as the base OS for everything in my Lab environment, this makes it easier to support, although you may want to use a different Linux Distro, adn this is ok. The exceptions to the Arch systems are the Firewall, running FreeBSD and the AI system that is running MacOS.
If there is anything I cannot build with Arch Linux, I will try to use FreeBSD or if not Debian. PXE build instructions contain the Debian netboot image as well, so any systems that will need this OS are covered. I will add the ther OS later if needed.
Overall the way this is built is all systems are connected to a switch in a separate network for my lab, this gives me a sandboxed environment that I can completely separate from the Internet and my other networks, Production and Management for all testing to ensure that the functionality is there even if there is no Internet.
For ease of use, I will be utilizing my existing Terraform, Ansible and PXE boot solution in my management Network. This is since I currently have a server down and do no thave the spare cores to set all of this in the lab
Simplified Network diagram:
┌───────────┐
┌───────┤ Terraform │
│ └───────────┘
│
│ ┌───────────┐
┌─────────────────┴───┐ │ PXE │
┌───────┤ Management SW ├───┤ ANSIBLE │
│ └─────────────────────┘ └───────────┘
│
┌──────────┐ ┌────┴─────┐ ┌─────────────────────┐ ┌──────────┐
│ISP Router├──┤ Firewall ├──┤ LAB SWITCH ├────┤ LOCAL AI │
└──────────┘ └──────────┘ └──────┬─┬─┬─┬────────┘ └──────────┘
│ │ │ │
│ │ │ │ ┌────────────────┐
┌───────────┐ │ │ │ └───────┤ Bare Metal K3s │
│ │ │ │ │ └────────────────┘
│ NAS ├─────────────┘ │ │
│ │ │ │ ┌────────────────┐
│ │ │ └─────────┤ Bare Metal K3s │
└───────────┘ │ └────────────────┘
│
│ ┌────────────────┐
└───────────┼─Bare Metal K3s │
└────────────────┘
In order to make this deployment flow in a logical manner I suggest you deploy the systems out in this order:
-
Database server: You will need it for semaphore and other items to come.
OS: Arch Linux Packages: MariaDB -
Ansible with semaphore: Will help you deploy all the rest of the servers in the build, but needs a database
OS: Debian Linux - Semaphore is officially released as an RPM, DEB and for FreeBSD only. Since I want to use my database so I can integrate Ansible with other Infrastructure as code projects, and don't want to use snap or docker, I am running an LXC container dedicated to Ansible. Packages: Ansible Semaphore -
Webserver: First one built with Ansible, used to test deploy scripts in Semaphore. Good test as this is a simple server. OS: Arch Linux Packages: NginX - This will start by hosting my PXE boot files so I can use HTTP instead of TFTP to make the transfers faster and more reliable. It will host other items as project progresses.
-
PXE Capability: Milestone REACHED! Now we are able to PXE boot our servers and have Ansible finish the deployments. Required all previous servers to be deployed.
OS: Freebsd Packages: OPNSENSE Firewall - Configs vary depending on your deployment (baremetal vs virtualized, amount of NICs, VLANs needed, etc.) Only providing instructions for PXE portion of the setup, assuming you have a working firewall config.