Day 95 of 100DaysOfHomeLab

Day 95 of #100daysofhomelab and I have been playing with Proxmox Azure AD Auth. I have been mostly OOHL (Out Of Home Lab) for the day, and ended up driving 358KM and for about 4h34m. Fuel consumption was not too bad, mind you… More driving next week, more messing with homelab when i get home.

iDrive

Proxmox auth with Azure AD

I use Office365 for email and other bits and pieces, and I have Azure AD included. While digging around the Proxmox interface, I found the option of authenticating Proxmox with Azure AD. So, how do you do it?

First, go to portal.azure.com and login. To the Azure AD section and, assuming you have an Azure AD setup, select App Registration in the side bar and select New Registration.

Next Enter a name for your proxmox application, make sure Accounts in this org directory is selected and enter the url of your proxmox server. Make sure application type is set to Web:

Click Register, and on the next page, select Certificates & secrets. Click new client secret:

Enter a name and a expiry date.

you will need to take note of the value of the secret.

Back under overview, take note of the Application (client) ID and then click Endpoints.

take the URL from the OpenID Connect section, removing the /.well-known/openid-configuration part. The url should look like:

https://login.microsoftonline.com/<yourid>/v2.0

Next, login to your Proxmox server, and under data center, select Realms. Select add and Open ID Connect.

Issuer URL is the URL from the Endpoints. Set the Realm name as you want, enter the Client ID and Key and tick the box for Auto Create Users and Default. Then hit add.

Log out, and login with the new Realm. It will redirect you to the Azure Ad login, ask do you approve (if already logged in) and then redirects you back. At this stage, you cant see anything…

Log back out and in as your default admin user, click the Permissions section and click add:

Select User Permissions

find you user and give them the required access.

Log out, select Azure AD and log back in as your user, and heay presto, you are now in will full admin access! Happy Days!

Day 94 of 100DaysOfHomeLab

Day 94 of 100DaysOfHomeLab and I have been playing with OSPF, GRE Tunnels, Mikrotik, Bird and ECMP.

  • I got 2 GRE tunnels setup between the MikroTik box and my DEC-IX box (Debian running Bird).
  • OSPF running and announcing stuff over those 2 links, plus the original Wireguard Link.
  • ECMP enabled over all 3 links!
  • IPv4 traffic seems to be sent between the 3 links!
  • IPv6 traffic still only going over the single Wireguard link…

I am reading up on OSPF v3 (v2 is for IPv4 traffic) and trying to figure out how to get it running. So far, no luck… Getting so close to it though.

Whats the end game? both WAN links connected to all 3 of my upstream servers (Vultr, VMHaus and DEC-IX box) allowing more stable connections and more bandwidth (hopefully…)

Next week I am OOHL (Out Of Home Lab…) but will still try do a bit of work. Fingers crossed!

Day 93 of 100DaysOfHomeLab

Today i have been working on the Active Directory setup for the house. AD01 is running. Getting DNS sorted now and will get AD02 joined soon enough. Next tasks:

Day 92 of 100DaysOfHomeLab

Day 92, and I am reading about IPSec, Load balancing over IPSec, Load balancing over Wireguard, and at this stage, my head hurts… So far, I am not 100% sure its possible… More digging and messing required.

On a more different note, i have been using VSCode for editing the blog, and found the a cool addon called Paste Image.

Day 91 of 100daysofhomelab

day 91 of #100daysofhomelab and I am starting on my future plans for the Home Lab.

the future of my homelab

So, we are coming up to the end of #100daysofhomelab, and I have been thinking of some future work for the home lab and what I would like to get done over the next 100 days (well, 109, since I’m on day 91). Below is a list of things going into my homelab backlog, in no particular order…

  • Build out AD Servers in house, and hook up to Office365 for single sign-on
  • Hook Azure AD to Cloudflare for Single Sing On for Cloudflare Access
  • Expose more internal services over Cloudflare Access
  • InTune manage any laptops I have
  • Setup new Wifi and VPN with RADIUS auth using AD
  • Move servers into the Cloudshed.
  • Get GodBoxV3 running ProxMox.
  • Migrate GodBoxV1 to ProxMox.
  • Build a new storage box. (16x8Tb Spinning Rust + 8x960Gb SSDs + 4X10Gb NICs)
  • QNAP box to be used for Video Editing stuff (it has 5x8Tb spinny drives + 4x960Gb SSDs)
  • Synology box to be used for Backups and other bulk stuff (8x8Tb spinny drives)
  • new storage box to be used for Media and other stuff.

This should be enough to start with for a while.

turning off Edge Autoplay Video

After moving to Edge from Firefox a few days back, i noticed all the stupid autoplay videos are back… After a bit of digging, there are a couple of steps to fix this:

First, go to edge://flags. Search for Show block option in autoplay settings and mark it Enabled

Restart your browser and now to go edge://settings/content/mediaAutoplay

Select Block. This will block all Autoplaying Video on all sites. If you want to enable a particular site, you can add it to the allow list.

And that’s it! No more stupid autoplaying videos!

Day 90 of 100DaysOfHomeLab

Day 90 of #100daysofhomelab (nearly finished!) and I have done a couple of bits and pieces:

  • moved back to OpnSense on my network. It’s getting easier to move between routers…
  • Set up SmokePing (again) to try to track down an issue with my network… so far, looks like the underlay (cable modem) is stable… some minor drops, but more monitoring is required…