It’s that time again—time for you to work on more homelab projects! Today, I’m focusing on security in the homelab, plus moving some of your resources away from virtual machines to containers uniquely.Here are three projects you can try in the homelab this weekend.Skip the virtual machine and just deploy Kasm Workspaces Why spin up virtual machines when a browser-based operating system is easier? I’ll admit, I have a “testing” virtual machine on my server that I spin up and down whenever I need to test something without breaking any other running system.
It’s how I’ve always operated, and it has worked well for me for years.However, when I discovered Kasm Workspaces, that all changed.Kasm is a project I’m going to be deploying myself this weekend.
What Kasm Workspaces does is give you mini virtual machine-like containers that live in your browser (and run on your server).There are multiple operating systems (mostly Linux, though it possible to use Kasm with Windows virtual machines inside a container) to choose from, and you can even choose how they act.For starters, you can have a “throw-away” session where you can spin up a Kasm Workspace that exists just for that browsing session.
The moment you close the window, that entire operating system you were in is gone.This is great for when you need to test things without destroying your environment, or if you really, truly do have to use that super sketchy site to download something you probably shouldn’t.Another way to use Kasm Workspaces is to have a virtual desktop that you can access through a browser anywhere.
It can run software like VS Code (or Antigravity), Audacity, or even Blender in a web browser.Really, it’s running at your house on your server, but you can access the virtual machine from a web browser anywhere, making it quite easy to code, design, or just get work done from any internet-connected device.Setting up persistent sessions does require a bit more work by enabling persistent profiles and mapping a folder on your drive so that Kasm knows where to store the persistent information.
However, once set up, you’re ready to go.Protect your servers with crowdsourced block lists using CrowdSec Fail2ban is great until new hackers come along.Fail2ban is a staple in the homelab community for keeping bad actors out of your servers.
How Fail2ban works is by looking at your system logs and banning IP addresses that try (and fail) to log into your system.This is a great thing to have in place, don’t get me wrong, but it’s only the first layer of security.CrowdSec takes Fail2ban to the next level.
If you’ve ever used Waze, CrowdSec works like that.Instead of waiting for bad actors to try and break in, banning them, CrowdSec takes a different approach.The way CrowdSec works is by using a crowdsourced list of bad actors and preemptively banning the IPs so bad actors before they can even attempt to log into your server.
With this type of tech, CrowdSec can prevent a problem before it happens, instead of waiting for someone to try and brute force their way into your system and only then blocking them.Not only does CrowdSec help prevent brute force tactics, but it also has more complex strategies than Fail2ban, by focusing on behaviors like credit card stuffing, bot scraping, and more.Another thing that CrowdSec does is have an agent that runs on a primary server in your home, and then bouncers that can run anywhere else, keeping everything in sync.
So, you can run the agent on your primary machine and have a bouncer running on other machines in the house.The bouncer is constantly checking in with the agent, asking what IPs it should allow and block.When the agent detects a new bad actor, it tells all the bouncers on your network to block that IP, keeping everything in sync.
It’s simply a more robust Fail2ban, and should definitely be something that every homelabber has running in their software stack.Lock your homelab down with Authentik Stop messing with passwords and deploy your own SSO solution.I don’t know about you, but I have a of passwords to remember in my homelab.
Just about every service I run has its own login flow, with unique usernames and passwords.While I remember most of them (or have them in my 1Password), it’s sometimes a bit annoying to have to log into multiple things back to back.That’s where Authentik comes in.
Authentik is your homelab’s own internal single sign-on solution.You simply place Authentik in front of your services (like with a reverse proxy) and Authentik handles all of your authentication.Log in to Authentik, and then Authentik authenticates you for everything else.
Once you log into Authentik and set it up in front of your services, your services will simply ask Authentik “Can I trust this person?” and Authentik will either respond “Yes” if you’re logged into it, or “No” if you aren’t.Subscribe to the newsletter for hands-on homelab security Stay informed by subscribing to the newsletter for practical homelab coverage: step-by-step container and security guides, configuration tips, troubleshooting notes, and project ideas to try in your own lab.Subscribe By subscribing, you agree to receive newsletter and marketing emails, and accept Valnet’s Terms of Use and Privacy Policy.
You can unsubscribe anytime.This works well for either apps that do have their own built-in login pages, or apps that don’t have any authentication built-in at all.It’s useful for the second category, as an app without authentication should never be opened up to the internet through a reverse proxy.
Authentik also allows you to set up two-factor authentication for one service (Authentik) instead of having to set up 2FA for each piece of software you deploy.All-in-all, Authentik just makes managing your homelab a smoother experience once you have it up and running, as you won’t have to keep remembering all sorts of passwords or deal with various forms of authentication anymore.If you’re just getting started with a homelab, these projects might be a bit advanced.
While my homelab has become one of the most useful things in my home, I definitely wouldn’t have started with setting up Authentik and Kasm Workspaces.To start with, I’ve made a list of many of the lessons I’ve learned over running a homelab for the past five years so you can avoid some of the same mistakes I made.Once you’re ready to not make those same mistakes, I’ve detailed all the major software I run in my homelab—from Plex to Pi-hole.
Read More
