For the past few years I’ve been building and maintaining website/blog at www.pragmaticcoding.ca. It’s mostly about programming, and more specifically it’s ended up having a lot of content about JavaFX with Kotlin.
Lately, I’ve been spending all of my time building out my own homelab and self-hosting the services that I need. I’ve got a little stack of M910Q’s running in a Proxmox cluster with an HP T740 running OPNSense.
Since I’ve been spending all - and I do mean all - of my time futzing about with this self-hosted stuff, I thought I’d try to add some content to my website to help people doing the same thing. My idea was to make it more “bloggish”, talking about the tricky things I’ve had to master along the way as I implement various services.
But I feel like there also needs to be some foundational content. Articles that explain concepts that a lot of people, especially people without professional networking experience, find difficult to grasp. So I’ve started working on those.
While I think of myself as mostly a programmer, my career (now, thankfully over) had me as an “IT Guy” more often than not. I spent 24 years at the same mid-sized company with a tiny IT department and simply had to get involved with infrastructure stuff because there was nobody else to do it. It was very hands-on at first, but as we grew I was able be limit my involvement to planning and technical strategy.
Since the mid 90’s, we went from self-hosted physical servers, to colocated servers, to colocated virtual servers to cloud servers and services. So I feel like I have the insight to provide help.
Anyways, this is the first article in this new section. I’ve seen a lot of people posting questions about how VLAN’s work and I know that it’s mystifying to many. So I wanted to push it out before I have the supporting framework put together on the website, and it’s just sitting there as the first post that’s not about programming.
My goal is to provide practical, pragmatic advice. I’m not particularly worried if some particular facet of an article isn’t 100% totally correct on some obscure technical level…as long as the article gives solid practical advice that readers can act on.
Anyways, take a look and let me know if you think this kind of article might me of use to yourself or other people getting started on self-hosting.
I get the security aspect of it, but in my case I can’t see a reason to go through the hassle. My smart switches talk to home assistant running on my server. I want new devices to be able to access the plex server without manual config. And my server is arguably the most sensitive machine on my network, so if I can’t protect that, I don’t think it’s worth protecting anything.
Do your smart switches talk to your HomeAssistant server???
Or does your HomeAssistant server talk to the devices?
It’s probably the latter, and in terms of network security the difference is huge. You can restrict your smart switches to their own, untrusted zone with no outgoing permissions and then give HomeAssistant access to them from its zone.
I would also argue that your personal devices and desktop computers are far more sensitive than your HomeAssistant server.
That’s a fair point. I think home assistant initiates the connection, but I’m not sure how status updates work from the smart switch to home assistant. Could be home assistant polling, web sockets, or the switch broadcasting.
I have my AP connected with a trunk link and configured to offer different SSIDs for different VLANs. I connect IOT devices to the IOT WiFi, and home assistant can see them since the machine running it is connected to that VLAN as well. Apart from the initial setup, this feels like less of a hassle, as firewall rules are already set up for this VLAN (no connection to internet or other VLANs). If I had to manually make sure that every new IOT device I add is incapable of talking to the internet, I think I’d go mad.