Background:
With more and more IoT devices are being used at home, it’s a good security practice to segregate those IoT devices into a standalone network away from home primary network. To manage IoT smart devices, Home Assistant is a widely used open source solution. However, Home Assistant needs to be placed in the same broadcasting domain with IoT devices for communication and auto discovery. There’s also other use cases, such as Pihole/unbound to filer unwanted Ads. Of course we can setup dedicate server inside its own subnet to run those applications. But from energy saving perspective, it’s not really wise to spread those tiny workloads onto dedicate physical server. It comes to a need to consolidate all those tiny workloads onto one server. And use vlan trunk and docker container to segregate the traffic.
I will explain a setup of my home network which has a IoT VLAN (vlan80) and primary default VLAN (vlan10). I run Home Assistant and all smart IoT devices on vlan80. I also need to run Pihole DNS solution on both vlan10 and vlan80. I take a Raspberry Pi 3B+ as an example. Pi3B+ is a little bit powerful than Pi3B and has Gigabit ethernet (although only has 300Mbps max throughput) far more better than Pi3B Fast ethernet. I’d like to use Pi4, but I think it is too much for those tiny workloads and a bit costly.
Environment Setup:
Raspberry Pi VLAN configuration:
sudo apt install vlansudo nano /etc/network/interfaces.d/vlans
Inside your new vlans file, add the following contents:
auto eth0.80 iface eth0.80 inet manual vlan-raw-device eth0
Configure static IP addresses by editing the dhcpcd.conf file:
sudo nano /etc/dhcpcd.confThen add/edit the following contents to configure your IP settings on each network card:
# Example static IP configuration: interface eth0 static ip_address=192.168.1.7/24 static routers=192.168.1.1 static domain_name_servers=1.1.1.1 interface eth0.80 static ip_address=192.168.80.7/24 static routers=192.168.80.1 static domain_name_servers=1.1.1.1
Docker Compose Configuration:
Docker compose yml is the key part. Example docker-compose.yml is here.
I have three docker instances running on Pi. (home-assistant on vlan80, Pihole on both vlan10 and vlan80, Unbound serving locally)
version: '3'
services:
home-assistant:
image: homeassistant/raspberrypi3-homeassistant:stable
container_name: home-assistant
networks:
macvlan80:
ipv4_address: 192.168.80.10
volumes:
- /home/pi/Hassio/config:/config
environment:
- TZ=Australia/Sydney
privileged: true
restart: unless-stopped
pihole:
container_name: pihole
hostname: pihole3B
image: pihole/pihole:latest
networks:
macvlan10:
ipv4_address: 192.168.1.9
macvlan80:
ipv4_address: 192.168.80.9
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
- 'TZ=Australia/Sydney'
- 'DNS1=192.168.1.10#5053'
- 'DNS2=no'
- 'CUSTOM_CACHE_SIZE=0'
volumes:
- '/home/pi/pihole/etc-pihole/:/etc/pihole/'
- '/home/pi/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
restart: unless-stopped
unbound:
container_name: unbound
image: mvance/unbound-rpi:latest
networks:
macvlan10:
ipv4_address: 192.168.1.10
volumes:
- /home/pi/unbound:/opt/unbound/etc/unbound
ports:
- "5053:5053/tcp"
- "5053:5053/udp"
healthcheck:
disable: true
restart: unless-stopped
networks:
macvlan10:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: 192.168.1.0/24
ip_range: 192.168.1.8/29
gateway: 192.168.1.1
macvlan80:
driver: macvlan
driver_opts:
parent: eth0.80
ipam:
config:
- subnet: 192.168.80.0/24
ip_range: 192.168.80.8/29
gateway: 192.168.80.1
Hope this is a good reference for you configure your own home network. Let me know if any question.
Leave a Reply