Skip to main content

Turning An Old PC Into a Linux-Powered Home Server

I once volunteered to reclaim and re-home a bunch of old computers donated by my church, which I covered in another writeup. In this writeup, I'll share how I repurposed one of those old computers and turned it into a multipurpose home server for a bunch of different projects.

Some of the fun things I've used it for include building a home-made NAS (network-attached storage), hosting a SIEM (security information & event management system) for my home network, and automating the process of reserving a racquetball court a few times a week.

This amazing and rewarding project has given me exposure to tons of different concepts like networking, system administration, access management, and remote administration. Let me share with you some of the things I've learned.

An AI-generated image of a desktop computer with the Ubuntu logo on it

TL;DR

Over the course of a year or so, I worked on several self-hosting projects with various Linux distributions running on a reclaimed PC and learned a ton of great things!

What I did:

  • Set up a NAS (Network Attached Storage) with OpenMediaVault
  • Hosted a SIEM (Security Information and Event Management system) for my home network and used it to manage home devices. Integrated the SIEM with VirusTotal to perform realtime detection and automated removal of malware on monitored endpoints.
  • Set up an Ubuntu server to practice using the Linux command line and used it to host a media server and run an automated facility reservation script.
  • Practiced remote Linux server administration with various tools like TeamViewer and SSH. (I now vastly prefer SSH for my remote management needs.)
  • Set up a RHEL (RedHat Enterprise Linux) server and hosted a PostgreSQL database with it. The server used full LUKS disc encryption and was configured to remotely decrypt the hard drive with Clevis and Tang running on another server hosted in my home for improved uptime and reliability.

Setting up a NAS (Network-Attached Storage)

I was super intrigued when my audiophile father-in-law told me about his Synology NAS, which allows him to stream his collection of high resolution music to devices throughout his home wirelessly. I was even more intrigued when I learned I could build my own NAS from an old computer. So, I downloaded an OpenMediaVault ISO and installed it on the computer. This particular installation went quite smoothly, and I had a blast playing around with the NAS. Unfortunately, do to some networking and hardware limitations at the time, I was getting extremely slow file transfer speeds to/from the server, so I only used it for about a month before switching to another project. It was a really cool learning experience though, and I'm glad I learned how to do it.

Hosting a SIEM for my home network

An image of the Wazuh logo

For my next adventure, I decided to try my hand at running a SIEM (Security Information & Event Management) system for the devices on my home network. I got this idea from watching a video on John Hammond's YouTube channel in which he sets up Wazuh in an Ubuntu Desktop environment. I loved how simple and accessible his tutorial was, and it was a good starting point for me to use Ubuntu with a desktop environment, since I still didn't have any experience with headless servers yet.

I was able to connect four or five devices from my home network to the Wazuh server and practiced gathering information from them and learning to interpret the logs. I even learned how to set up Wazuh's Active Response capability and integrated it with VirusTotal to automatically scan files in my Downloads folder for malware and delete them when it found a match. Funny story about that... I can confirm that it works, because it once flagged and deleted a file I downloaded! I wasn't expecting it and was surprised at first. It deleted it so fast I couldn't even do anything with the file, which was really impressive. In that case, it turned out to be a false positive, but I still felt proud that the active response script worked!

Wazuh maintenance

I left the old desktop connected to a spare monitor I had in the corner of my office and would periodically access it there when I needed to do maintenance on the server, which was somewhat inconvenient. I briefly tried my hand at remote management from my main machine with TeamViewer connected to the Ubuntu server, but the connection tended to be painfully slow, and I decided it was better to just interface with it manually on the rare occasion that I needed to do maintenance on it.

At the time, I wasn't willing to do port forwarding or expose the server to the internet, so it only worked on my home network, and since my devices spend a lot of time away from home, I decided my compute power would be better used for another purpose, and I moved onto my next project. (However, one of these days I plan to set up Wazuh again, because I LOVED using it.)

Installing my first headless server

For my next project, I decided to set up a media server for streaming music at home. This time, I decided I'd embrace the learning opportunity and install Ubuntu Server, which comes without a desktop environment. That way, I'd have to get comfortable using the command line, which was a skill I wanted to learn more.

I hit my first major snag when I couldn't get the server to connect to the internet! I knew from my previous projects that my hardware was WiFi-capable, so I was pretty puzzled when I couldn't figure out how to enable WiFi on the server. After stumbling around in internet forums for way too long, I learned that most Linux server distros come pre-configured WITHOUT the necessary packages for WiFi connectivity, since traditionally servers have almost exclusively used ethernet connections.

It's pretty funny looking back on the solution I used at the time; If I remember correctly, I downloaded the wpasupplicant package and its accompanying dependencies to a USB drive with my main machine and transferred them to the server manually, thereby enabling WiFi connectivity. This is not what I would recommend if I were to do it again, but it was the first time I had ever dealt with the issue, and it was a great learning experience. (If you read further, you'll find my preferred methods for getting a Linux server WiFi-capable based on more recent experience.)

That Ubuntu server, which is running wonderfully after 8 months or so, is also what I use to run an automated Python script that reserves racquetball courts for me a few times a week. Remote management has turned out to be MUCH easier than my previous attempt at using TeamViewer to connect to my Ubuntu Desktop server, as I now just use SSH right from my main computer! It has definitely made me more comfortable with the Linux CLI, and I'm glad I took the challenge.

Hardening the Ubuntu server

This Ubuntu server also gave me my first experience with hardening Linux servers. I learned how to disable root logon and password authentication for SSH, and set up an SSH keypair on my main machine that allows me to authenticate to the server securely with an identity file instead of a password. Even though it only runs on my local network and password brute-forcing is an unlikely threat, I'm glad I took the time to learn this important skill.

Hosting a PostgreSQL DB on RedHat Enterprise Linux

An image of the RedHat logo

My next project, which I actually completed on a separate PC, involved setting up RHEL (RedHat Enterprise Linux) with the goal of hosting a PostgreSQL database. I chose to set it up on RHEL because I wanted exposure to the operating system, as it's popular in corporate environments. And luckily, RedHat lets developers download RHEL for free!

When I first set up RHEL, it had been several months since my last attempt at setting up a Linux server, and I once again struggled to get the machine to connect to WiFi. Unfortunately, I didn't put two and two together immediately and spent a while troubleshooting again (but luckily not as long as the first time) before I realized what the problem was. This time, I finally had the idea to just briefly connect the server to ethernet and download the necessary packages for WiFi connectivity, which solved my problem in a breeze. (You live and learn, I guess. Some lessons have to be learned the hard way).

tip

Since then, I've learned what I think is an even BETTER way of downloading WiFi packages on a Linux server. If you connect your phone to the server via USB, you can tether the server to the phone's internet connection, granting it a wired internet connection that works super easily! Then you can download the necessary packages, disconnect the phone, and voila! No ethernet cable wrangling necessary, and no need to keep dragging the computer a few more inches to try to get it close enough for your ethernet cable to reach the nearest wired access point while praying that the cord doesn't get pulled from the computer. (It seems like the cord is always two inches too short, doesn't it?)

Supporting uptime and remote management despite power outages

When I set up the RHEL server, I configured it with full disk encryption using LUKS (Linux Unified Key Setup). This meant that if the server were ever stolen, I could rest assured that the data it contained would be safe. However, this presented potential issues because I needed to be able to ensure reliable uptime for the server, even if I couldn't get to it physically. Since my home experiences semi-frequent power loss (every 3 weeks or so), the computer's BIOS/UEFI settings were configured to automatically boot up the PC after regaining power in the event of a blackout. This would be helpful in most cases, but the use of full disk encryption meant that someone would have to physically enter the decryption key every time the computer booted up before it could be used, effectively nullifying the reliability benefits of the automatic reboot configuration.

I needed to ensure that the server would be able to fully recover from a power loss in my absence if I was ever out of town or away from my home, so that database users could continue to use the service with minimal interruptions. In order to maintain full disk encryption and ensure better reliability despite power outages, I configured the server to automatically decrypt the hard drive with a technology called 'Tang.' Tang allows unlocking of disk volumes using a network server. I used my existing Ubuntu Server to host the Tang server for decrypting the hard drive, and it worked great! In fact, setting up But watch out for one thing if you ever try this yourself:

Troubleshooting

When I set this up, I configured the RedHat server to locate the Tang server on my LAN. I knew it would always be the same IP address because I configured my Ubuntu server (running Tang) to use a static IP address. However, the RHEL server couldn't successfully connect to the Tang server over LAN when I had it relying on WiFi. It turns out that RHEL Server doesn't load WiFi packages in the pre-boot stage, which is when it needs Tang's help to decrypt the hard drive and finish booting (it seems like the people designing Linux server distros really don't expect you to be using WiFi on these things 😆). So, that meant I had to connect my server to ethernet, which solved the problem perfectly! I just wish it didn't take me a few hours of troubleshooting, restarting the server over and over again, and watching tcpdump on the Tang server praying to see some incoming requests before I figured that out.

Hopefully this writeup saves someone from having to go through the same thing. 🤞

Helpful Documentation

Here are some resources that helped me when I was setting up remote automated decryption with Tang.

  • RedHat Guide

    • The RedHat document is great, but it doesn't make it super clear where to start and end. There are several different methods for accomplishing what they explain in this document, and it's a little difficult to know which is which. So, I found a video by RedHat that made it a lot easier to understand. In this video, you'll see how simple it is to set up this functionality using the RHEL web console (which, by the way, is an AWESOME tool! I LOVE using the RHEL web console.)
    Watch the Video

    The clip demonstrating the setup and usage of this functionality lasts about 8 minutes.

  • Andrew Wilson's blog on the topic

Lessons Learned

Through these super fun and educational Linux-powered self-hosting projects, I've learned a TON of great things! Here are some highlights.

  • Building a NAS can be a rewarding experience, even if hardware limitations can affect performance.
  • Setting up a SIEM like Wazuh can provide valuable insights into endpoint security and log management. (And configuring automated active response scripts is a blast!)
  • Remote management of servers is much simpler with SSH compared to GUI-based tools like TeamViewer.
  • Configuring and maintaining a headless server is a great way to get comfortable with the Linux command line.
  • Hardening a Linux server by disabling root logon and using SSH keypairs is a great way to practice secure configuration.
  • Linux servers don't often come pre-installed with the necessary packages for WiFi connectivity.
  • Using a phone's USB tethering for internet access on a server can be a convenient temporary alternative to ethernet.