What would you recommend to a guy whose just getting started out and pursuing his trifecta?
Setting up a small website hosted locally helped me understand the whole stack so much better. Roles / permissions / firewall rules / ports/ webservers / appservers / devops / daemons / docker / DNS and a bunch more
My active passiv pihole cluster helped me to understand clusters.
I learned how to use docker containers by setting up my minecraft server.
My homeassistant VM and OPN sense test VM helped me to understand hardware passthrough.
By setting up wireguard i learned how routing works.
I was experimenting with GPOs in a test active directory running completely in VMs. That way i learned some basic stuff about active directory.
I really recommend setting up a proxmox server or something similar for experimenting.
I was experimenting with GPOs in a test active directory running completely in VMs. That way i learned some basic stuff about active directory.
I want to learn more about this too! Do you have any recommendations for resources? How did you go about, did you try to set up something specific, or were you just exploring and following tutorials?
I went with the Evaluation Version of Windows Server and Windows 10 Enterprise. I was following some tutorials Ehen i got stuck. I dont really have any ressources apart from the microsoft documentation. I just did some basic tasks. Here are some examples:
- giving the user a network share
- disable and hide some settings from the User or force some settings
- set a desktop background for all users
- disable USB devices or only allow some specific devices
- autostart some programs
And so on you can basically tweak everything via GPOs or registry edits.
Just set it up and take a look in the administrative templates from microsoft.
Now grab cis benchmark for windows and see what is considered secure setup
Why passthrough for opnsense? Shouldn’t bridges should be good enough?
What kind of VM do you run to test and play with active directory and GPOs?
Having users. It helped me understand users are a PITA. ;).
I have users sitting half way across the world giving me a hard time when things change. It’s almost easier to fly over to the company and hand hold them through a change.
Especially having REMOTE users.
I was super grateful to past me for having bought systems with Bypass NICs. My parents, my in-laws, and my wife and I live on 3 separate continents.
Every once in a while, I’ll have a brain fart and do something stupid and kill some part of the network at their homes from the other side of the world (e.g. a failed proxmox upgrade that hosts OPNsense and Pihole).
With bypass NICs, just have them unplug the server and hit reset on their router and boom, back to factory settings and I’ll just fix it next time I visit.
You are a brave soul operating Proxmox, PiHole, or opnsense for a relative from different continents…
DNS is ALWAYS the issue
Yeah, I’ve become the unpaid IT guy for the whole family and even some of my mom’s friends. It has taught me to deal with some very weird glitches in layer 8 and 9
SO is it true, the 9th layer of hell is a frozen lake?
I learned Oracle by setting up bunches of Oracle VMs, doing horrible things to them, getting rid of the bodies, and starting over. Their sacrifices have helped me be a competent entry-level Oracle DBA. I’m learning Python on a VM configured with Eclipse and another VM with Jupyter. I’m actually a SQL Server DBA, and we don’t have much of a SQL Server test environment where I work. I test what I can in VMs in my homelab. Flashed a consumer router with OpenWRT and learned tons about networking, and confirmed why I never aspired to be a network engineer LOL. Trying to access my homelab remotely taught me a lot more about information security. Wanting to know what’s going on with my infrastructure (InfluxDB+prometheus+Grafana) has given me greater insight into SRE.
Is there a reason you use Jupyter and Eclipse? And specifically in their own VMs? Seems like a lot of overhead for just learning python
I’m new to Python so part of the learning is trying out different development environments. In the beginning at least, I wanted to keep those environments separate to rule out possible conflicts or other problems. I used Jupyter more for the initial learning of the language so I may decommission that VM (and keep the most recent backup). It’s a little early to tell though.
Ah okay. If you haven’t already done, look into virtual environments or venv’s and the pip package manager. You can create a venv and manage your packages individually for each project. It basically serves the exact reason you created VMs, to rule out possible conflicts.
Also instead of Eclipse I recommend either working just with a text editor like vim/ sublime that way you don’t even need a GUI or if you want a GUI you could try VS Code/ PyCharm. PyCharm is an IDE specifically made for Python.
BTW you already have a homelab so running your own version control tool like Gitea or GitLab could be interesting for you.
More rabbit holes to fall down, thank you LOL! I’ve been thinking about VS Code but the tidal wave of search results kept me from finding out about PyCharm. Right now my code “management” is simply copying the latest version of my code to my NAS, so I’ll give Gitea a go as well.
The easier way to do any kind of pregaming lab stuff is to set up a VM with Ubuntu server or any other distro with ssh and then running visual studio code on your computer and connecting to the VM through ssh. With Python I suggest using poetry for environment management and then you can also run Jupyter notebooks in visual studio code and you don’t need to bother with the actual web interface.
Do horrible things to Larry Ellison and half the world will help you get rid of the body.
What about the other half?
My test setup for an enterprise DAM helped me to better understand Active Directory, ADFS, SAML and mixed OS environments and the challenges.
If it is to easy you are missing a firewall
Setting up my own OPNsense router, setting up my own mail server (testing in homelab, then moved to DC as production), Univention Corporate Server as active directory for centralized authentication.
-
Linux/server os’s with command line administration
-
Hypervisor VMs and Containers
-
Setting up external access to a service via a reverse proxy and a FQDN.
-
Pihole, understanding DNS and the different effects it has on things
-
VLANs for different devices to stop things accessing the internet or putting guests on a different network.
-
A Pfsense/opnsense VM taught me how networking works. Before I set it up, all I knew about was port forwarding. I learned about firewall rules, LAN and WAN, VLANs, VPNs, DNS, Dynamic DNS, reverse proxies, bufferbloat, DHCP, etc.
I’m also learning how to make my own CI/CD pipelines with self hosted GitHub Actions as well as dockerizing applications.
-
Build your own router, segment your network. I suggest OpenWRT. Openwrt is less stream lined, which means you learn more. You’ll learn trunking, VLANs, sub netting, DNS. Do it all through CLI.
-
Reverse proxy, internal and external. Use Traefik or caddy.
-
Encryption keys. Seems simple. But learn and master ssh keys. The Internet works by communicating from point A to point B. And keys help encrypt the traffic. You should be able to type “ssh hostname” to get into any server you want access to, without the need for a password. Bonus points for finding a secure way to set cronjobs to automatically cycle keys, for security practice.
-
Docker machine. Master docker. Learn docker compose. Everything CLI.
-
Proxmox. Put everything on a VM or container. Create a nas, for storage for your VMs. Bonus if it’s strong enough to run many VMs, you can use to host a instance of any software that you are trying to learn. I for I stance am loading windows server 2022 and multiple windows 10 and 11 instances that I can control.
Do everything through CLI. Take notes on what you did (you won’t remember, it’s ok, no one remembers). Practice documentation.
-
Setup a Plex/Jellyfin server and then oversubscribe it to family and friends.
For me it isn’t the specific projects that help me understand IT, it is when things don’t work or break that I learn the most.
I work in IT support day job, Microsoft shop but home lab is all Linux so there isn’t much cross over in terms of specific apps, but the troubleshooting approach and techniques are transferable skills.
- Installing Server 2016 and learning to provision machines and set group policies in active directory.
- Running Wazuh and lerning how to remediate issues and errors across Windows, Mac, and my Linux machines…or at least learning what they are.
- Using Windows, Mac, and Linux.
I remember one interview where the subject of Home Assistant came up and one of the interviewers was having an issue with his set up and I told him how to fix it. I got an offer from that company.
So, in my experience, a general interest in technology and continuos learning…just because you genuinely like it, helps.
Software developer here and I had to learn k8s for work (small startup, we didn’t have devops people). We manually were provisioning Debian servers to add more api backends, and it took us one hour per instance. Figured there had to be a better way. So in no particular order:
- docker / containerization.
- secure certificates for everything: nginx / reverse proxy / certificates.
- k8s.
Super steep learning curve. Easier to do on the cloud than it is in the homelab. In the homelab:
- segmenting home network into different VLANs, firewall rules.
- Tailscale for multi-site access.
- cloudflare zero-trust tunnel for secure off-site access by friends.
- reverse proxy backed by let’s encrypt TLS for secure private connections.
- getting all the *arrs setup via docker. plex on nuc, media share on NAS, accessible via NFS. Orchestrating so that either restarting is recoverable.
- Prometheus / grafana for monitoring
- setting up alerts for everything
Current project:
- migrate off docker into k3s on top of metallb for ingress, longhorn for persistent storage, helm for charts, argocd for gitops, ansible for automation. I never want to SSH into a server again. And I want to manage all my infrastructure through a git repository. Totally overkill for the homelab but guaranteed to get you multiple offers in Silicon Valley.
I think setting up active directory domain controller with all the DHCP/DNS and group policies is a number one thing to do, if you don’t know how to do that.
Another thing would be running a Linux server and have a website. Learn how apache and Nginx works. And how to use them together.
It also helped to understand networking and virtual networking from non Cisco perspectives. I have a ccna and net+ and setting up opensense+pihole with network services was very weird, it felt completely different compared to ccna and net+ studies.
Well and of course having experience with virtualization. Learning different types of virtual storage and just in general how virtualization works.
The last thing is options but it is something that I decided to do, that can help you with networking(however there are other things you could set up that would be more useful). I would set up the gns3 server. This would help you with networking, especially if you are trying to study for network certs after ccna. But like I said, there are other projects that you can set up, that will be way more useful as a beginner.
Any chance you have a recommendation for a directory application that can be used to manage Linux, Mac, and windows?
Gonna echo some of the other replies on what I’ve used at home that’s helped me out.
-
Media - Used Windows Media Center on Windows XP/7 to start with > XBMC/Kodi > Plex - on several different machines
-
Networking - First wireless router was a Netgear N750, and it was great until the wife spilled some water on it > Netgear Nighthawk R7000 > Ubiquiti Edgerouter ER-X and UAP-AC-LR Access Point > still using the ER-X router but got a U6-Lite AP and then an Engenius controller and ECS-357 AP > ER-X and Aruba AP315/325 converted to be IAP models.
Got a Meraki MS120-8LP switch for POE for my APs. Ended up getting a bunch of Cisco switches and routers of different models to use at home from my current job. Still haven’t setup a working lab with those yet.
- Compute - This has been the most recent developments due to getting disposal mini desktops from work. Currently have a 3 node Proxmox cluster with 2 Windows server 2022 eval vms. One is a domain controller and the other is going to be setup for MECM(new acronym for SCCM).
I reckon that’s it for now.
-