This month is going to be a busy month for the homelab. I’ve compiled a list of homelab improvements I want to make over the next few months:
Deploy Antivirus (AV) Monitoring on unRAID
Personally, I find the argument that “Linux doesn’t get viruses” to be extremely foolish. The only second-most foolish thing to rival it is the logic that seems to pervade on the internet that because no antivirus provides 100% protection, you shouldn’t implement any antimalware protection at all. It’s absolutely ridiculous. The same argument could be made for any security measure, which is why security is best implemented in layers of protection.
As unRAID is the central storage server on my network, antimalware monitoring on the cache drive offers an ideal place for edge monitoring before new files have a chance to make it to cold storage for access by other devices.
Completed (5/10/20): Created a GUI-based Docker container featuring ESET NOD32 Antivirus. Since the ESET binary wasn’t natively made for Docker, there was originally a problem with ESET’s on-access scanning. I taught myself bash scripting, as well as the finer points of awk and sed (+ regular expressions), and created a set of bash scripts that run as a service in the Docker container that will monitor a directory for changes (/mnt/monitor). Once files have been written to the directory (on close_write), a second service manually runs the ESET file scanner over the modified directories. My Dockerfile and bash scripts can be found here on Github.
Upgrade Servers (VMs) to Ubuntu 20.04 LTS
I had a (nearly) disastrous upgrade from Ubuntu 19.10 to 20.04 LTS (Focal Fossa) on my Lenovo. Thankfully, I was able to recover, but with the amount of traffic this site is now getting, downtimes are way more unacceptable.
Therefore, before upgrading, I need to make sure I have known-good backups (remember: You don’t have backups, until you’ve restored from them.). I may even go with a clean install.
Mount NFS Shares Inside VMs
In preparation for the upgrade to Ubuntu 20.04, I may end up going with clean installs just for the opportunity to start anew. In certain VMs, such as the one that hosts the blog, I backup my Ghost content to unRAID using SMB (CIFS) shares. The biggest problem with CIFS/SMB is that it doesn’t handle Unix-specific things like symbolic links very well. Therefore, I want to swap these SMB mounts out with NFS shares instead.
This creates an additional problem in that my web servers (VMs), lie in the DMZ, which is isolated from the rest of the homelab by access control lists (ACLs). Again, security is best done in layers.
Therefore, mounting NFS shares inside of the DMZ VMs will require:
- Updating the ACL rules
- Since NFS requires rpcbind (which randomly assigns ports for NFS), and we need predictable port assignments to whitelist through our firewall/ACL, updates will also have to be made to the unRAID server to configure static ports for NFS.
Automate Offsite Backups for unRAID
Backups are great but, like having both of your medics sharing the same foxhole, problematic if they’re stored in the same physical location. A natural disaster, fire, or well-placed grenade can take out everything. While things like Github are great for storing most of what I’m concerned with (i.e. my code), it’s probably not the best place to store my tax returns.
I’ll update this post as the various steps are completed. It’s likely that some new guides/tutorials will come out of it. Stay tuned!