Documentation of my homelab
- Intel NUC Kit NUC8i5BEH
- i5-8259U: 4 cores 8 threads.
- 32GB (2x16GB) DDR4 2400MHz CL16 16-16-16-39 latency
- Kingston Data Center DC1000B (SEDC1000BM8/480G)
- TP-LINK Archer C3200 (Internal; partially sandboxed)
- TP-LINK Archer AX10 (Fully sandboxed)
- TP-Link TL-SG108S (Used within SuperHub LAN; 2021)
- TP-LINK TL-SG108 (Used within C3200 LAN)
Used to mitigate attack surface from a malicious device spreading a worm
At present The following VMs are operated:
- VM-01: Production Web Servers
- VM-02: Testing Web Servers
- VM-03: NextCloud Server
- VM-04: DNS Server
- VM-05: MySQL Server
Each VM with their own static internal IPv4 address. The router has an IP address pool range reserved for the Intel NUC within 192.168.5.235-245.
- Reason for choosing QEMU over VirtualBox or bare-metal...
- Being able to assign VMs logical cores (threads)
- Use of virt-manager as UI management which supports tunnelling over X11
- Virt-manager is lightweight and supports VNC or SPICE
SWS Root CA X2 is the root authority for internally signed certificates as well as externally, such as cloud.private.safesploit.com.
Do make note that an intermediate authority is used. Hence, the wording of root authority.
For users without the SWS Root CA X2 certificate installed, another domain using Let's Encrypt is used, cloud.safesploit.com. Both cloud.private. and cloud. subdomains have similar configurations, as confirmed by SSL Labs. Except cloud.private. subdomain has been hardened to use a smaller set of more modern ciphers which results in less compatibility with older web browsers.
A sign certificate ultimately trusted by `SWS Root CA X2` being used by the internal domain `valhalla.sws-internal`