Table of Contents
Homelab - This article is part of a series.
Let me guide you through my journey for a simple homelab.
The idea of this article is to document how I did things and why, and to help me remember how to setup X and Y if needed.
We want to go from a basic setup to something simple:
flowchart TD A[Internet] --> B[IAP box] B --> C[LAN]
flowchart TD A[Internet] --> B[IAP box] B --> C[pi-hole] C --> D[LAN]
Doing so will allow us to manage and customize our network using our pi-hole, it will be the authority for many core services such as DNS or DHCP.
In the future I will show different setups and how I did them.
Setup your IAP box #
In order to setup our network, we will need to do some tweaks:
- Force a static IP for our pi-hole
- Set the DNS to our pi-hole
- Disable the DHCP to let our pi-hole do it
Depending on your model and provider those steps will be different, google is your friend.
Install pi-hole #
First, assing a static IP on your machine if you can’t set a static lease on your internet box.
I installed pi-hole on a RPI4 using
pip install pi-hole (depending on your setup you will want to RTFM instead).
Setup pi-hole #
The setup wizard is very easy to use and understand, once again if stuck, go check the doc.
Once all setup you will want to manage your DHCP: change the IP range, set the local domain, set static leases… Don’t forget to set your gateway to your internet box.
You can then add new DNS blacklist to block more ads domains.
You should be ready to go by now, all your connected devices will use the pi-hole, once their previous DHCP lease expire.
Setup wireguard #
Now that your local devices are safer from ads, you want to be able to block those from anywhere, and manage your local network remotely.
apt install wireguard
1# generate keys 2wg genkey > wg.key 3cat wg.key | wg pubkey > wg.pub 4 5# create conf 6cat <<EOF > /etc/wireguard/wg.conf 7[Interface] 8Address = 10.0.0.1/24 9SaveConfig = true 10ListenPort = 51820 11PrivateKey = <priv key in wg.key> 12 13[Peer] 14PublicKey = <peer pub key in home.pub> 15AllowedIPs = 10.0.0.2/24 16EOF 17 18# allow forwarding 19cat 'net.ipv4.ip_forward = 1' > /etc/sysctl.conf 20 21# enable wg 22systemctl enable --now wg-quick@wg 23 24# check for service 25wg show
1# generate keys 2wg genkey > home.key 3cat home.key | wg pubkey > home.pub 4 5# create conf 6cat <<EOF > /etc/wireguard/home.conf 7[Interface] 8PrivateKey = <priv key in home.key> 9Address = 10.0.0.2/24 # same as Peer.AllowedIPs in server's config 10DNS = 10.0.0.1 # use pi-hole 11 12[Peer] 13PublicKey = <server pub key in wg.pub> 14AllowedIPs = 10.0.0.0/24 15Endpoint = <your box IP>:<forwarded port> 16EOF
Internet box #
- Put your pi-hole in DMZ
- Create NAT/PAT rule for a port forwarding
- From your box to pi-hole’s wireguard port
Once everything is setup, on your client:
wg-quick up home should connect you to your local network.
Also, you should be able to manage your local machines:
firefox http://pi.lan/admin should lead you to your pi-hole interface.