Home Server
Basement rack installation (Old setup)
Homelab Rack Build
This homelab rack was built using standard 19” profiles from Thomann, mounted on a simple wooden frame and placed above the basement stairway.
The rack contains the following items:
- Dell PowerEdge R610
- Dell PowerEdge R710
- Rack compatible extension cord with multiple outlets to power the multiple devices from the single UPS output
- UPS unit for backup power
To power this rack, I drawn a dedicated power line from the house’s main electrical cabinet, protected by its own circuit breaker to power this setup. For networking, a direct CAT.7 Ethernet cable (Sommer Cable) connects the rack to the house router and allows for future high-speed upgrades.
In addition, an externally powered USB hub (visbible on the middle of the diagonal bar on the right) connects additional devices to the R610 server. For example, two TNT TV tuners are attached, enabling direct streaming of multiple TV channels across the network.
Finally, two Ethernet cables from the R610 are routed to:
- The home security camera network
- A hub distributing the LAN Ethernet to different rooms in the house
N.B. Even though iDRAC provides remote KVM access, I also set up a console screen with a USB keyboard on a movable arm, just in case hands-on management is required.
System
Both servers act as hypervisors running Debian distributions with all drives encrypted (except for the bootloader).
The R610 on top hosts most of the front-facing and application services of the system.
Firewall
The R610 runs a virtualized pfSense firewall, separating the network into three zones mapped to the server’s physical Ethernet ports:
- WAN (Port 1): Connected to the ISP router. This port is directly exposed to the internet (bypassing ISP firewall rules).
- DMZ (Port 2): Hosts public-facing services such as web servers. The VM on this network (and on this machine) are bridged to the same virtual interface directly, which avoid hardware botlenecks.
- LAN (Ports 3 & 4): Connect to the internal home network and equipment.
In addition, the firewall provides a VPN service: originally OpenVPN, later replaced by WireGuard for higher performance. It also runs a Squid proxy configured with a blacklist from Université de Toulouse to block ads and improve caching efficiency.
Web Servers
Standard HTTP(S) ports (80 and 443) are redirected to a dedicated virtual machine acting as a reverse proxy, powered by nginx. This VM manages TLS encryption and virtual hosts, allowing multiple websites to be served from a single IP address. Certificates are provided by Let’s Encrypt with automatic renewal through certbot and crontab.
Another virtual machine handles most application services, primarily using Docker, including:
- A home website: this Jekyll site is built as a Docker image and is automatically deployed via GitLab CI/CD when a push on master is triggered.
- A GitLab instance for hosting and versioning projects, with a small dedicated runner.
- A Jellyfin server that exposes my music and movie libraries to common clients (web, desktop, Android clients, etc.).
- A Nextcloud instance for on-premise personal cloud storage, calendar, etc.
- A qBittorrent instance for seeding long-term torrents (e.g. Linux ISOs).
- A MeTube instance for downloading YouTube videos.
- An OpenSpeedTest instance for benchmarking connection speeds from various locations (I still enjoy running it whenever I reach a new place ;-) ).
- A PartPilot instance for managing my electronic parts inventory.
Storage
The R710, located at the bottom of the rack, is responsible for storage. It is fully populated with 2 TB hard drives configured in hardware-accelerated RAID 5. Cold backups are maintained on multiple external drives over the network (a less-than-ideal approach, I must admit).
For remote file access, the server provides:
- sshfs (chrooted for security)
- Samba shares for Windows machines that only support the SMB protocol.
This server also hosts several databases:
- SQL: PostgreSQL, MariaDB
- NoSQL: Redis, MongoDB
In addition, it runs two dedicated virtual desktops (a Windows VM and a Linux Mint VM) to provide always-on sessions, although these are rarely used in practice.
Current Home Lab Setup
After several upgrades, the original rack-based system was replaced with a more compact, discreet, and quiet machine hosted directly in my living room. The UPS was also downsized to an APC Back-UPS Pro 900, which integrates easily with Linux.
This new system is built on an AMD Epyc CPU, a SuperMicro motherboard, and includes an Nvidia RTX 2080 Ti.
Changes Compared to the Old Setup
The goal was to simplify: a smaller footprint, greater efficiency, lower noise, and something reliable enough to just work in the background. Notably, the system now runs on a single machine, and external optional gadgets such as the TV tuners have been removed.
The addition of a GPU enables new projects involving machine learning workloads, such as:
- Stable Diffusion WebUI for image generation
- Ollama with Open WebUI for prompting and running LLMs through a web interface, similar to ChatGPT
- Open-source speech-to-text and text-to-speech projects like CoquiTTS, first tested here for work-related projects
In addition, I recently developed a custom PCIe board, powered directly by the server’s PSU, to control home lighting. This integrates with a Home Assistant instance running on this very same machine.