I’ve recently migrated my server and services from the cloud to my homelab server. Blame it on me or blame it on the economy, but I found it more reasonable to pay for a small server once rather than rent a VPS. A cheap VPS is always great, but as soon as you need higher performance, the numbers add up quickly.
Thus, I bought and set up a 1-liter computer as a homelab server. As my IP address isn’t static, and I don’t trust my ISP’s firewall enough to expose my home IP, I decided to configure a dual-server setup, my homelab server as the backbone, and a VPS acting as the front-facing edge. That way, I don’t expose my real home IP address, only the VPS is public.
To connect the homelab with the VPS, a VPN made the most sense. I’ve self-hosted OpenVPN before, and remembered that, although a great solution, it’s too complex for my current needs. Configuring tunnels, routes, ciphers, certificates, as well as ports, clients, and keys, was too much work. I also had used Pritunl before, but even this seemed too complex for such a simple need: connecting two devices.
Enter WireGuard. I had heard of it before, but never got to use it. If it is supposed to be simpler, it may just fulfill my needs, won’t it? “Let’s quickly read the documentation”, I thought.
What I didn’t expect is to be left with tears of joy at how simple everything is. Just configure peers, as well as your public and private keys. “That can’t be it, though, right? I’m surely missing something?”, I thought to myself. But nope. That is it, that is everything. No hidden magic, no unnecessary fluff, no need to configure special tunnel routing or DNS. Forget about self-signed certificates and deciding ciphers.
I installed WireGuard on my homelab server and on the VPS, configured peers and keys, and was ready to go. With the wg-quick tool, the entire IP dance is also automated. The only things I had to configure additionally were a keepalive, as my homelab is behind a NAT, as well as the MTU, since my ISP’s router disagreed with the automatic MTU detection.
My homelab server is now fully configured, and, at the time of writing, this blog article is being served from my homelab over WireGuard to my VPS, then delivered to you. Mission accomplished, without getting any (additional) gray hairs.
For the curious about the homelab itself, I got a second-hand Lenovo ThinkCentre M75q-1 Tiny. It’s so small and quiet; it’s living happily in my living room, alongside my Android TV. Still, it has more than enough power for all my needs.
If you’re more interested in this device or similar ones, I’ve found this blog article (no affiliation) to be pretty insightful.