I regularly get questions about how my network and applications are organized at home. That's why I made this blog post. To share my setup and learnings with you.
The server cabinet
Until recently, there was quite a mess underneath our countertop. Somewhere between the potatoes and the milk, you could find our modem and a lot of wires. To untangle this mess, I bought a small server cabinet.
Inside this server cabinet, the Internet enters via a modem owned by our ISP Telenet. This is a modem-only model. That model does not have WiFi, but also no built-in router, so (if you already have a router yourself) you will not suffer from double NAT.
Tip: Telenet can be a PITA about providing such a modem. Contact them via WhatsApp, tell them you're having problems with your VPN (not lying in my case), and ask if you can pick up a modem-only model at the Telenet shop.
Unifi Dream Machine Pro
The modem is connected to my router: the Unifi Dream Machine Pro. It has 8 UTP ports and 1 SFP port for a fiber optic backbone cable.
The Dream Machine Pro is a serious machine that offers a firewall with IPS/IDS, VPN and clear insights into what is happening on our network.
The UDM Pro also allows the network's different devices to be divided into virtual networks (VLAN). For example, a Windows machine running under VMware can be isolated from the rest of the network.
On top of the UDM Pro lays a Synology NAS. It contains media, important documents, and backups (Time Machine). Every night important things are synchronized with the cloud.
The Synology NAS also serves as a Docker host. Docker is a virtualization environment that allows applications to run in containers. Docker allows applications to run on their own islands without depending too much on the running operating system.
I have a lot of containers running. These are the most important:
- Plex: the most famous media server. It allows us to play media stored on our NAS on our Apple TV or anywhere on the go. Synology has a package for Plex, but they're lagging behind the official releases.
- Pihole: blocks trackers and ads. I already wrote a blog post about it before. The DHCP server of our UDM Pro returns the PiHole as a DNS server. You should set it up with a macvlan network so that it gets its own IP address on your network (see my docker-compose below).
- Traefik: a reverse proxy, ensures that all Docker services are accessible via easy to remember URLs and provides SSL certificates.
- route53-dynamic-dns: updates our external domain name.
- Watchtower: updates our docker containers automatically.
- Portainer: a management environment for Docker. This way, you don't have to remember all the Docker commands.
- Freqtrader: a bot that trades crypto.
- Heimdall: a portal site for all network services.
Synology has its own package to create Docker containers, but this is fairly basic. It is more flexible to create a docker-compose.yml file in which you describe all containers.
Also in the server cabinet: a Raspberry Pi 4 running Home Assistant. We have quite a few things in the house that are "connected": our Hue lights, Apple TV, Google Home, washing machine, and even my bike and car.
Home Assistant allows us to view all these things in one interface and do fun stuff with it. For example, our Google Home says when the laundry is ready, or I get a push notification every time our car is parked somewhere and is not locked.
Soon I will write an article about everything I do with Home Assistant.
There is also a 7-year-old Mac Mini in the server cabinet running VMware ESXi. This is (free) virtualization software. I run old operating systems like Windows 95 and BeOS for fun, and Windows 10 to test sites in Internet Explorer.
The last thing that lies in the server cabinet is an ESP8266 microcontroller with DHT11 sensor. It runs eSPHome, a firmware for automation purposes, and gives HomeAssistant the server cabinet's temperature and humidity.
Both a fiber optic and a regular UTP CAT6 cable depart towards the second floor from the Dream Machine Pro. Should the fiber optic connection fail (due to a break or something), the UTP cable will take over. Putting cables through a ceiling sucks, so it was easier to do 2 cables at once.
This cable enters an Unifi Switch 8 150W. All ports are occupied by the Apple TV, iMac, game consoles, a Philips Hue bridge, and the WiFi router.
Our house has many floors, and WiFi has always been problematic here. Simple repeaters repeat every package they hear and are therefore amplify the noise. The solution is mesh-WiFi, where an access point is placed on each floor. Each antenna knows which devices it operates, and the mutual access points communicate among themselves over their own channel.
I chose Ubiquiti's Amplifi system a few years ago. This works flawlessly since day one. Everywhere in the house (besides in the basement), the range is excellent. It does not do WiFi 6 or PoE, so I expect to replace it with access points from big brother Unifi within a few years.
We have a washing machine with WiFi. It sends out notifications when the laundry is done. One problem: there is no WiFi signal in our basement. That's why another UTP cable goes down from the server cabinet, into the basement. An old Apple router serves as an access point for the washing machine.
In the basement there is also an ESPHome to measure the temperature and humidity.
Internet of things
Over the years I have acquired a lot of "smart" devices in my home. We currently have this in house:
- 3 ESPHomes (temperature/humidity)
- 3 WLEDs
- Roborock vacuum cleaner
- Withings Smart Scale
- Withings Home Baby Monitor
- Withings Aura
- Some more (smart) speakers
- The doorbell
- 6 Nest smoke detectors
- The washing machine