With more and more IoT devices are being used at home, it’s a good security practice to segregate those IoT devices into a standalone network away from home primary network. To manage IoT smart devices, Home Assistant is a widely used open source solution. However, Home Assistant needs to be placed in the same broadcasting domain with IoT devices for communication and auto discovery. There’s also other use cases, such as Pihole/unbound to filer unwanted Ads. Of course we can setup dedicate server inside its own subnet to run those applications. But from energy saving perspective, it’s not really wise to spread those tiny workloads onto dedicate physical server. It comes to a need to consolidate all those tiny workloads onto one server. And use vlan trunk and docker container to segregate the traffic.
I will explain a setup of my home network which has a IoT VLAN (vlan80) and primary default VLAN (vlan10). I run Home Assistant and all smart IoT devices on vlan80. I also need to run Pihole DNS solution on both vlan10 and vlan80. I take a Raspberry Pi 3B+ as an example. Pi3B+ is a little bit powerful than Pi3B and has Gigabit ethernet (although only has 300Mbps max throughput) far more better than Pi3B Fast ethernet. I’d like to use Pi4, but I think it is too much for those tiny workloads and a bit costly.
Raspberry Pi VLAN configuration:
sudo apt install vlan
sudo nano /etc/network/interfaces.d/vlans
Inside your new vlans file, add the following contents:
auto eth0.80 iface eth0.80 inet manual vlan-raw-device eth0
Configure static IP addresses by editing the dhcpcd.conf file:
sudo nano /etc/dhcpcd.conf
Then add/edit the following contents to configure your IP settings on each network card:
# Example static IP configuration: interface eth0 static ip_address=192.168.1.7/24 static routers=192.168.1.1 static domain_name_servers=18.104.22.168 interface eth0.80 static ip_address=192.168.80.7/24 static routers=192.168.80.1 static domain_name_servers=22.214.171.124
Docker Compose Configuration:
Docker compose yml is the key part. Example docker-compose.yml is here.
I have three docker instances running on Pi. (home-assistant on vlan80, Pihole on both vlan10 and vlan80, Unbound serving locally)
version: '3' services: home-assistant: image: homeassistant/raspberrypi3-homeassistant:stable container_name: home-assistant networks: macvlan80: ipv4_address: 192.168.80.10 volumes: - /home/pi/Hassio/config:/config environment: - TZ=Australia/Sydney privileged: true restart: unless-stopped pihole: container_name: pihole hostname: pihole3B image: pihole/pihole:latest networks: macvlan10: ipv4_address: 192.168.1.9 macvlan80: ipv4_address: 192.168.80.9 ports: - "53:53/tcp" - "53:53/udp" - "80:80/tcp" - "443:443/tcp" environment: - 'TZ=Australia/Sydney' - 'DNS1=192.168.1.10#5053' - 'DNS2=no' - 'CUSTOM_CACHE_SIZE=0' volumes: - '/home/pi/pihole/etc-pihole/:/etc/pihole/' - '/home/pi/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/' restart: unless-stopped unbound: container_name: unbound image: mvance/unbound-rpi:latest networks: macvlan10: ipv4_address: 192.168.1.10 volumes: - /home/pi/unbound:/opt/unbound/etc/unbound ports: - "5053:5053/tcp" - "5053:5053/udp" healthcheck: disable: true restart: unless-stopped networks: macvlan10: driver: macvlan driver_opts: parent: eth0 ipam: config: - subnet: 192.168.1.0/24 ip_range: 192.168.1.8/29 gateway: 192.168.1.1 macvlan80: driver: macvlan driver_opts: parent: eth0.80 ipam: config: - subnet: 192.168.80.0/24 ip_range: 192.168.80.8/29 gateway: 192.168.80.1
Hope this is a good reference for you configure your own home network. Let me know if any question.