{"id":1267,"date":"2025-04-02T01:43:54","date_gmt":"2025-04-01T23:43:54","guid":{"rendered":"https:\/\/daisy-street.fr\/?p=1267"},"modified":"2025-04-27T21:06:28","modified_gmt":"2025-04-27T19:06:28","slug":"home-lab-optimise","status":"publish","type":"post","link":"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/","title":{"rendered":"Home Lab Optimis\u00e9"},"content":{"rendered":"<div class=\"wp-block-ub-table-of-contents-block ub_table-of-contents\" id=\"ub_table-of-contents-e6f89cb0-e9d3-4262-aae1-42a268d2d63d\" data-linktodivider=\"false\" data-showtext=\"show\" data-hidetext=\"hide\" data-scrolltype=\"auto\" data-enablesmoothscroll=\"false\" data-initiallyhideonmobile=\"false\" data-initiallyshow=\"true\"><div class=\"ub_table-of-contents-header-container\" style=\"\">\n\t\t\t<div class=\"ub_table-of-contents-header\" style=\"text-align: left; \">\n\t\t\t\t<div class=\"ub_table-of-contents-title\"><\/div>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t<\/div><div class=\"ub_table-of-contents-extra-container\" style=\"\">\n\t\t\t<div class=\"ub_table-of-contents-container ub_table-of-contents-1-column \">\n\t\t\t\t<ul style=\"\"><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#0-mat%C3%A9riel-utilis%C3%A9-\" style=\"\">Mat\u00e9riel utilis\u00e9<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#1-architecture-logicielle-\" style=\"\">Architecture Logicielle<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#2-1-raspberry-pi-\" style=\"\">1. Raspberry Pi<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#3-emulation-raspberry-proxmox\" style=\"\">Emulation Raspberry (Proxmox)<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#4-2-nas-synology-dsm-\" style=\"\">2. NAS Synology (DSM)<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#5-3-proxmox-pc-principal-\" style=\"\">3. Proxmox (PC Principal)<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#6-appareils-connect%C3%A9s-iot-\" style=\"\">Appareils Connect\u00e9s (IoT)<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#7-bonnes-pratiques-\" style=\"\">Bonnes Pratiques<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#8-sch%C3%A9ma-r%C3%A9seau-amp-applications-\" style=\"\">Sch\u00e9ma R\u00e9seau &amp; Applications<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#9-l%C3%A9gende-d%C3%A9taill%C3%A9e-\" style=\"\">L\u00e9gende D\u00e9taill\u00e9e<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#10-flux-cl%C3%A9s-%C3%A0-retenir-\" style=\"\">Flux Cl\u00e9s \u00e0 Retenir<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#11-pfsense-\" style=\"\">pfSense<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#12-exemple-de-configuration-pfsense-r%C3%A8gles-vlan-30-%E2%86%92-vlan-10-\" style=\"\">Exemple de Configuration pfSense (R\u00e8gles VLAN 30 \u2192 VLAN 10)<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#13-bonnes-pratiques-\" style=\"\">Bonnes Pratiques<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#14-pour-les-nest-\" style=\"\">Pour les Nest<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#15-pour-la-smart-tv-\" style=\"\">Pour la Smart TV<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#16-int%C3%A9gration-de-la-smart-tv-\" style=\"\">Int\u00e9gration de la Smart TV<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#17-configuration-r%C3%A9seau-\" style=\"\">Configuration R\u00e9seau<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#18-interaction-avec-home-lab-\" style=\"\">Interaction avec Home Lab<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#19-int%C3%A9gration-des-google-nest-assistant-google-\" style=\"\">Int\u00e9gration des Google Nest (Assistant Google)<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#20-configuration-r%C3%A9seau-\" style=\"\">Configuration R\u00e9seau<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#21-communication-avec-home-assistant-vm-101-\" style=\"\">Communication avec Home Assistant (VM-101)<\/a><\/li><\/ul><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#22-dns-\" style=\"\">DNS<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#23-network-overview-goal-\" style=\"\">\ud83d\udca1 Network Overview (Goal)<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#24-what-you-want\" style=\"\">\ud83e\udde0 What You Want:<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#25-%E2%9C%85-step-by-step-dns-configuration\" style=\"\">\u2705 Step-by-Step DNS Configuration<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#26-1-install-and-set-up-pi-hole-\" style=\"\">1. Install and Set Up Pi-hole<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#27-2-configure-pfsense-to-use-pi-hole-as-dns-\" style=\"\">2. Configure pfSense to Use Pi-hole as DNS<\/a><ul><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#28-a-set-dns-server\" style=\"\">a. Set DNS Server<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#29-b-disable-dns-resolver-optional\" style=\"\">b. Disable DNS Resolver (Optional)<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#30-3-configure-dhcp-on-pfsense-vlans-\" style=\"\">3. Configure DHCP on pfSense VLANs)<\/a><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#31-4-optional-block-dns-leaks-\" style=\"\">4. (Optional) Block DNS Leaks<\/a><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#32-quelques-rappels-utiles-\" style=\"\">Quelques rappels utiles<\/a><\/li><\/ul><\/li><\/ul><\/li><li style=\"\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/#33-configuration-ippfsenseproxmox\" style=\"\">Configuration Ip\/pfsense\/proxmox<\/a><\/li><\/ul>\n\t\t\t<\/div>\n\t\t<\/div><\/div>\n\n\n<h1 class=\"wp-block-heading\" id=\"0-mat%C3%A9riel-utilis%C3%A9-\"><strong>Mat\u00e9riel utilis\u00e9<\/strong><\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Raspberry Pi<\/strong>&nbsp;: Services l\u00e9gers (Pi-hole, Gatus).<\/li>\n\n\n\n<li><strong>NAS Synology<\/strong>&nbsp;: Stockage, m\u00e9dias (Emby), et gestion documentaire (Paperless-ngx).<\/li>\n\n\n\n<li><strong>PC Proxmox<\/strong>&nbsp;: Virtualisation des services gourmands (VM\/LXC).<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Install Synology DSM 7.2 on a PC (Updated)\" width=\"525\" height=\"295\" src=\"https:\/\/www.youtube.com\/embed\/EKRdsDp_e34?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"1-architecture-logicielle-\"><strong>Architecture Logicielle<\/strong><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2-1-raspberry-pi-\"><strong>1. Raspberry Pi<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pi-hole<\/strong>&nbsp;: Bloque les pubs et traqueurs.<\/li>\n\n\n\n<li><strong>Gatus<\/strong>&nbsp;: Surveille la disponibilit\u00e9 des services.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"3-emulation-raspberry-proxmox\">Emulation Raspberry (Proxmox)<\/h5>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>VM-103<\/strong><\/td><td>Raspberry :<br>&#8211; Pi-Hole<br>&#8211; Dashy<br>&#8211; Gatus\u00a0<\/td><td>Bloque les pubs et traqueurs , Surveille la disponibilit\u00e9 des services.<\/td><td>&#8212;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"4-2-nas-synology-dsm-\"><strong>2. NAS Synology (DSM)<\/strong><\/h2>\n\n\n\n<p>via Docker :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>M\u00e9dias<\/strong>&nbsp;: Emby.<\/li>\n\n\n\n<li><strong>Documents<\/strong>&nbsp;: Paperless-ngx.<\/li>\n\n\n\n<li><strong>Sauvegarde<\/strong>&nbsp;: Duplicati.<\/li>\n<\/ul>\n\n\n\n<p>Apps Synology:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Photos <\/strong>&nbsp;: SynoPhotos ????<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"5-3-proxmox-pc-principal-\"><strong>3. Proxmox (PC Principal)<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Conteneur\/VM<\/strong><\/th><th><strong>Applications<\/strong><\/th><th><strong>R\u00f4le<\/strong><\/th><th>VLAN<\/th><\/tr><\/thead><tbody><tr><td><strong>VM-105<\/strong><\/td><td>Home Assistant<\/td><td>Automatisation domotique.<\/td><td>10<\/td><\/tr><tr><td><strong>VM-101<\/strong><\/td><td>pfSense<\/td><td>Routeur\/firewall.<\/td><td>&#8212;<\/td><\/tr><tr><td><strong>LXC-115<\/strong><\/td><td>Frigate + Ollama (Docker)<\/td><td>Analyse vid\u00e9o (GPU) + IA locale.<\/td><td>10<\/td><\/tr><tr><td><strong>LXC-200<\/strong><\/td><td>DevBox (Docker):<br>&#8211; Jenkins<br>&#8211; Developement<\/td><td>Developement , Int\u00e9gration\/d\u00e9ploiement (CI\/CD).<\/td><td>10<\/td><\/tr><tr><td><strong><strong>LXC-125<\/strong><\/strong><\/td><td>Services (Docker):<br>&#8211; Firefly III <br>&#8211; Transmission<br>&#8211; SickChill<br>&#8211; NZBGet<br>&#8211; FileBot<br>&#8211; Paperless-ai<\/td><td>Services <br>(Gestion financi\u00e8re , Video )<\/td><td>10<\/td><\/tr><tr><td><strong><strong>VM-250<\/strong><\/strong><\/td><td>Serveur Web:<br>&#8211; WordPress<br>&#8211; Bounce Weather<\/td><td>Site web\/blog.<\/td><td>20<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"6-appareils-connect%C3%A9s-iot-\"><strong>Appareils Connect\u00e9s (IoT)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Google Nest<\/strong>&nbsp;et&nbsp;<strong>Smart TV<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Isol\u00e9s dans un&nbsp;<strong>VLAN IoT<\/strong>&nbsp;pour la s\u00e9curit\u00e9.<\/li>\n\n\n\n<li>Interagissent avec :\n<ul class=\"wp-block-list\">\n<li><strong>Home Assistant<\/strong>&nbsp;(commandes vocales, sc\u00e9narios).<\/li>\n\n\n\n<li><strong>Emby<\/strong>&nbsp;(streaming depuis le NAS).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Contr\u00f4l\u00e9s via Pi-hole pour bloquer les pubs.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"7-bonnes-pratiques-\"><strong>Bonnes Pratiques<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>R\u00e9seau<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>VLANs s\u00e9par\u00e9s (Trusted, IoT, Web, Media).<\/li>\n\n\n\n<li>Pare-feu (pfSense) pour isoler les flux.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>GPU<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Partage entre Frigate et Ollama via Docker dans un LXC d\u00e9di\u00e9.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Sauvegardes<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Backuper Paperless, WordPress, et configurations Docker.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"8-sch%C3%A9ma-r%C3%A9seau-amp-applications-\"><strong>Sch\u00e9ma R\u00e9seau &amp; Applications<\/strong><\/h1>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-merpress-mermaidjs diagram-source-mermaid\"><pre class=\"mermaid\">graph TD\n  %% Entry Point\n  Internet --> OrangeBox --> pfSense\n\n  %% VLAN Zones from pfSense\n  pfSense --> VLAN10\n  pfSense --> VLAN20\n  pfSense --> VLAN30\n  pfSense --> VLAN40\n  pfSense --> RPi[(Raspberry Pi)]\n  RPi --- Pihole\n  Pihole --- Gatus\n\n  %% VLAN 10 - Trusted\n  subgraph \"VLAN 10 - Trusted\"\n    direction TB\n    VLAN10 --- VM101[\"VM-105: Home Assistant\"]\n    VM101 --- LXC103[\"LXC-115: Frigate + Ollama\"]\n    LXC103 --- VM106[\"LXC-200: Docker DevBox\"]\n    VM106 --- VM109[\"LXC-125: Docker Services\"]\n\n  end\n\n  %% VLAN 20 - Web\n  subgraph \"VLAN 20 - Web\"\n    direction TB\n    VLAN20 --- VM108[\"VM-250 : Web Server - WordPress\"]\n  end\n\n  %% VLAN 30 - IoT\n  subgraph \"VLAN 30 - IoT WIP\"\n    direction TB\n    VLAN30 --- GoogleNest[Google Nest]\n    GoogleNest --- SmartTV[Smart TV]\n  end\n\n  %% VLAN 40 - Media\n  subgraph \"VLAN 40 - Media\"\n    direction TB\n    VLAN40 --- NAS[(NAS - Synology DSM)]\n    NAS --- Emby --- Paperless --- Duplicati\n  end\n\n  %% Styling\n  style VLAN10 fill:#d5f5e3,stroke:#27ae60\n  style VLAN20 fill:#d6eaf8,stroke:#3498db\n  style VLAN30 fill:#fadbd8,stroke:#e74c3c\n  style VLAN40 fill:#fdedec,stroke:#f39c12\n<\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"9-l%C3%A9gende-d%C3%A9taill%C3%A9e-\"><strong>L\u00e9gende D\u00e9taill\u00e9e<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>\u00c9l\u00e9ment<\/strong><\/th><th><strong>Description<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>\ud83d\udfe0 pfSense (VM1)<\/strong><\/td><td>Routeur\/firewall g\u00e9rant les VLANs et la s\u00e9curit\u00e9.<\/td><\/tr><tr><td><strong>\ud83d\udfe2 Raspberry Pi<\/strong><\/td><td>Ex\u00e9cute Pi-hole (DNS) + Gatus (monitoring).<\/td><\/tr><tr><td><strong>\ud83d\udd35 NAS Synology<\/strong><\/td><td>Stockage central + applications m\u00e9dia (Emby) et docs (Paperless).<\/td><\/tr><tr><td><strong>VLAN 10 (Trusted)<\/strong><\/td><td>Services critiques : HA, Frigate, Ollama, Dev(Docker,Jenkins).<\/td><\/tr><tr><td><strong>VLAN 20 (Web)<\/strong><\/td><td>Services expos\u00e9s : WordPress<\/td><\/tr><tr><td><strong>VLAN 30 (IoT)<\/strong><\/td><td>Appareils connect\u00e9s (Google Nest, Smart TV) isol\u00e9s pour s\u00e9curit\u00e9.<\/td><\/tr><tr><td><strong>VLAN 40 (Media)<\/strong><\/td><td>Acc\u00e8s aux m\u00e9dias (Emby) depuis la Smart TV.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"10-flux-cl%C3%A9s-%C3%A0-retenir-\"><strong>Flux Cl\u00e9s \u00e0 Retenir<\/strong><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Google Nest\/Smart TV<\/strong>&nbsp;\u2192 Communiquent avec&nbsp;<strong>Home Assistant<\/strong>&nbsp;(VLAN 10) via r\u00e8gles firewall pr\u00e9cises.<\/li>\n\n\n\n<li><strong>Frigate<\/strong>&nbsp;(VLAN 10) \u2192 Envoie les alertes \u00e0&nbsp;<strong>Home Assistant<\/strong>&nbsp;et&nbsp;<strong>Smart TV<\/strong>&nbsp;(via VLAN 30 autoris\u00e9).<\/li>\n\n\n\n<li><strong>WordPress<\/strong>&nbsp;(VLAN 20) \u2192 Accessibles depuis Internet (port forwarding contr\u00f4l\u00e9 par pfSense).<\/li>\n\n\n\n<li><strong>Paperless<\/strong>&nbsp;(NAS) \u2192 Consomm\u00e9 par l&#8217;utilisateur via interface web NON expos\u00e9e<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"11-pfsense-\"><strong>pfSense <\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-exemple-de-configuration-pfsense-r%C3%A8gles-vlan-30-%E2%86%92-vlan-10-\"><strong>Exemple de Configuration pfSense (R\u00e8gles VLAN 30 \u2192 VLAN 10)<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Action<\/strong><\/th><th><strong>Source<\/strong><\/th><th><strong>Destination<\/strong><\/th><th><strong>Port<\/strong><\/th><th><strong>Description<\/strong><\/th><\/tr><\/thead><tbody><tr><td>\u2705 Allow<\/td><td>VLAN30<\/td><td><strong>VM-105<\/strong> (HA)<\/td><td>8123<\/td><td>Acc\u00e8s \u00e0 l&#8217;interface HA.<\/td><\/tr><tr><td>\u2705 Allow<\/td><td>VLAN30<\/td><td><strong>LXC-115<\/strong>(Frigate)<\/td><td>5000<\/td><td>Flux vid\u00e9o pour affichage TV.<\/td><\/tr><tr><td>\ud83d\udeab Block<\/td><td>VLAN30<\/td><td>VLAN10<\/td><td>*<\/td><td>Bloquer tout autre acc\u00e8s.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"13-bonnes-pratiques-\"><strong>Bonnes Pratiques<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"14-pour-les-nest-\"><strong>Pour les Nest<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mise \u00e0 jour firmware<\/strong>&nbsp;: V\u00e9rifiez r\u00e9guli\u00e8rement via l\u2019app Google Home.<\/li>\n\n\n\n<li><strong>Isolation<\/strong>&nbsp;: Bloquez l\u2019acc\u00e8s aux autres VLANs sauf pour :\n<ul class=\"wp-block-list\">\n<li>Home Assistant (port&nbsp;<code>8123<\/code>).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"15-pour-la-smart-tv-\"><strong>Pour la Smart TV<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DNS personnalis\u00e9<\/strong>&nbsp;: Redirigez-la vers Pi-hole (Raspberry Pi) pour bloquer les pubs.\n<ul class=\"wp-block-list\">\n<li>Dans pfSense : DHCP \u2192 Option DNS = IP du Pi-hole.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>D\u00e9sactivez le suivi<\/strong>&nbsp;: D\u00e9sactivez&nbsp;<strong>ACR<\/strong>&nbsp;(Automatic Content Recognition) dans les param\u00e8tres TV.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-int%C3%A9gration-de-la-smart-tv-\"><strong>Int\u00e9gration de la Smart TV<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"17-configuration-r%C3%A9seau-\"><strong>Configuration R\u00e9seau<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>VLAN<\/strong>&nbsp;: M\u00eame VLAN IoT (30) que les Nest pour simplifier.<\/li>\n\n\n\n<li><strong>R\u00e8gles pfSense<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Autorisez la TV \u00e0 acc\u00e9der \u00e0 :\n<ul class=\"wp-block-list\">\n<li>Internet (streaming Netflix\/YouTube).<\/li>\n\n\n\n<li>Emby\/Jellyfin (NAS) via le VLAN Media (ex: VLAN 40 si existant).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"18-interaction-avec-home-lab-\"><strong>Interaction avec Home Lab<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pour Emby\/Jellyfin (NAS)<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Montez un dossier partag\u00e9 Synology en&nbsp;<strong>SMB\/NFS<\/strong>&nbsp;accessible \u00e0 la TV.<\/li>\n\n\n\n<li>Exemple de configuration Emby : docker-compose.yml (NAS) volumes: &#8211; \/volume1\/medias:\/media<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Contr\u00f4le via Home Assistant<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Int\u00e9grez la TV via&nbsp;<strong>HDMI-CEC<\/strong>&nbsp;ou&nbsp;<strong>API sp\u00e9cifique<\/strong>&nbsp;(ex: Samsung Tizen, LG webOS).<\/li>\n\n\n\n<li>Automatisations possibles :\n<ul class=\"wp-block-list\">\n<li>Allumer\/\u00e9teindre la TV quand Frigate d\u00e9tecte un mouvement.<\/li>\n\n\n\n<li>Afficher les cam\u00e9ras sur la TV via un dashboard.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"19-int%C3%A9gration-des-google-nest-assistant-google-\"><strong>Int\u00e9gration des Google Nest (Assistant Google)<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"20-configuration-r%C3%A9seau-\"><strong>Configuration R\u00e9seau<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>VLAN Recommand\u00e9<\/strong>&nbsp;: Isolez-les dans un&nbsp;<strong>VLAN IoT<\/strong>&nbsp;(ex: VLAN 30) pour limiter l&#8217;acc\u00e8s au reste du r\u00e9seau.\n<ul class=\"wp-block-list\">\n<li><strong>Pour pfSense (<strong>VM-101<\/strong>)<\/strong>&nbsp;:CopyCr\u00e9ez un VLAN 30 \u2192 Interface d\u00e9di\u00e9e \u2192 R\u00e8gles de firewall : &#8211; Autoriser OUT vers Internet (HTTPS\/DNS). &#8211; Bloquer l&#8217;acc\u00e8s aux autres VLANs (sauf exceptions comme Home Assistant).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"21-communication-avec-home-assistant-vm-101-\"><strong>Communication avec Home Assistant (<strong>VM-101<\/strong>)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Via le protocole local<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Activez&nbsp;<strong>Google Assistant SDK<\/strong>&nbsp;dans Home Assistant.<\/li>\n\n\n\n<li>Utilisez&nbsp;<strong>Nabu Casa<\/strong>&nbsp;(ou un domaine personnalis\u00e9 avec HTTPS) pour la liaison s\u00e9curis\u00e9e.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Sc\u00e9narios<\/strong>&nbsp;:\n<ul class=\"wp-block-list\">\n<li>Contr\u00f4le des lumi\u00e8res\/prises via commandes vocales.<\/li>\n\n\n\n<li>Synchronisation avec vos calendriers\/rappels.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"22-dns-\"><strong>DNS<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"23-network-overview-goal-\">\ud83d\udca1 <strong>Network Overview (Goal)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Orange Box (ISP Router\/Gateway):<\/strong>\n<ul class=\"wp-block-list\">\n<li>IP: <code>192.168.1.1<\/code><\/li>\n\n\n\n<li>LAN\/Internet Gateway<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>pfSense (Firewall\/Router):<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>WAN Interface:<\/strong> Gets IP from <code>192.168.1.0\/24<\/code> (e.g. <code>192.168.1.2<\/code>)<\/li>\n\n\n\n<li><strong>LAN Interface:<\/strong> New network <code>192.212.5.0\/24<\/code> (e.g. <code>192.212.5.1<\/code>)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Home Lab Devices:<\/strong>\n<ul class=\"wp-block-list\">\n<li>On <strong><code>VLANs<\/code> <\/strong>behind pfSense<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Pi-hole:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Installed behind pfSense (e.g. <code>192.212.5.2<\/code>)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"24-what-you-want\">\ud83e\udde0 What You Want:<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Devices on the lab network use <strong>Pi-hole<\/strong> for DNS.<\/li>\n\n\n\n<li>pfSense uses <strong>Pi-hole<\/strong> for DNS too (optional but recommended).<\/li>\n\n\n\n<li>Internet access for lab network is through <strong>pfSense \u279d Orange Box \u279d Internet<\/strong>.<\/li>\n\n\n\n<li>Lab network stays <strong>isolated<\/strong> from home network.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"25-%E2%9C%85-step-by-step-dns-configuration\">\u2705 Step-by-Step DNS Configuration<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"26-1-install-and-set-up-pi-hole-\">1. <strong>Install and Set Up Pi-hole<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Pi-hole on a device behind pfSense (VM, Raspberry Pi, etc.).<\/li>\n\n\n\n<li>Give it a <strong>static IP<\/strong>, e.g. <code>192.212.5.2<\/code><\/li>\n\n\n\n<li>During setup, <strong>don\u2019t use DHCP<\/strong> (let pfSense handle that).<\/li>\n\n\n\n<li>Choose public upstream DNS (Cloudflare <code>1.1.1.1<\/code>, Google <code>8.8.8.8<\/code>, etc.)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"27-2-configure-pfsense-to-use-pi-hole-as-dns-\">2. <strong>Configure pfSense to Use Pi-hole as DNS<\/strong><\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"28-a-set-dns-server\">a. Set DNS Server<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Go to <strong>System &gt; General Setup<\/strong> in pfSense.<\/li>\n\n\n\n<li>In the <strong>DNS Server Settings<\/strong>, add: nginxCopyEdit<code>DNS Server 1: 192.212.5.2 (your Pi-hole IP)<\/code><\/li>\n\n\n\n<li><strong>Uncheck<\/strong> \u201cAllow DNS server list to be overridden by DHCP\/PPP on WAN\u201d \u2014 this avoids getting ISP\u2019s DNS from the Orange Box.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"29-b-disable-dns-resolver-optional\">b. Disable DNS Resolver (Optional)<\/h5>\n\n\n\n<p>If you don\u2019t want pfSense to do any DNS resolution, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Go to <strong>Services &gt; DNS Resolver<\/strong>, and <strong>disable<\/strong> it.<\/li>\n\n\n\n<li>Or keep it enabled for pfSense\u2019s internal name resolution, but <strong>forward<\/strong> to Pi-hole.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"30-3-configure-dhcp-on-pfsense-vlans-\">3. <strong>Configure DHCP on pfSense VLANs)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Go to <strong>Services &gt; DHCP Server &gt; LAN<\/strong><\/li>\n\n\n\n<li>Under \u201c<strong>DNS Servers<\/strong>\u201d, set:  <code>DNS Server: 192.212.5.2<\/code><\/li>\n\n\n\n<li>Now, all clients getting IPs from pfSense will also use Pi-hole as DNS.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"31-4-optional-block-dns-leaks-\">4. <strong>(Optional) Block DNS Leaks<\/strong><\/h4>\n\n\n\n<p>To prevent clients from bypassing Pi-hole (e.g., hardcoded DNS like 8.8.8.8):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Go to <strong>Firewall &gt; NAT &gt; Port Forward<\/strong><\/li>\n\n\n\n<li>Create rules to <strong>redirect all port 53 (DNS) traffic to Pi-hole IP<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p>Example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Interface: LAN<\/li>\n\n\n\n<li>Protocol: TCP\/UDP<\/li>\n\n\n\n<li>Destination Port: 53<\/li>\n\n\n\n<li>Redirect target IP: <code>192.212.5.2<\/code> (Pi-hole)<\/li>\n\n\n\n<li>Redirect Port: 53<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"32-quelques-rappels-utiles-\"><strong>Quelques rappels utiles<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>pfSense est <strong>la gateway de chaque VLAN<\/strong> \u2192 donc une IP par VLAN<\/li>\n\n\n\n<li>Le <strong>DNS de chaque client dans chaque VLAN<\/strong> doit pointer vers le Pi-hole<\/li>\n\n\n\n<li>pfSense peut rediriger les requ\u00eates DNS via une r\u00e8gle NAT (port 53) vers le Pi-hole si n\u00e9cessaire<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"33-configuration-ippfsenseproxmox\">Configuration Ip\/pfsense\/proxmox<\/h1>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<figure class=\"wp-block-table is-style-regular\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Element<\/strong><\/td><td><strong>Schema IP<\/strong><\/td><td><strong>Regle Pfsense<\/strong><\/td><\/tr><tr><td>PfSense<\/td><td>.5.1 (VM-101)<\/td><td><em>interface<\/em>:<br>LAN -&gt; .5.X<br>LAN_VLAN10 -&gt; .10.X<br>LAN_VLAN20 -&gt; .20.X<br>LAN_VLAN30 -&gt; .30.X<br>LAN_VLAN40 -&gt; .40.X<\/td><\/tr><tr><td>PiHole<\/td><td>.5.2 (VM-102)<\/td><td><em>NAT <\/em>: LAN*** address:53 192.212.5.2:53<\/td><\/tr><tr><td>Raspberry<\/td><td>.5.3 (VM-103)<\/td><td>pihole and gatus<\/td><\/tr><tr><td>HomeAssistant<\/td><td>.10.105<\/td><td><em>NAT redirect old home assistant<\/em>: <br>&#8211; LAN .30.105:1883 -&gt; .10.105:8123<br>&#8211; LAN .30.105:1883 -&gt; .10.105:8123<\/td><\/tr><tr><td>FrigateOllama<\/td><td>.10.115<\/td><td><\/td><\/tr><tr><td>DockerServices<\/td><td>.10.125<\/td><td><\/td><\/tr><tr><td>Kubuntu<\/td><td>.10.135<\/td><td><\/td><\/tr><tr><td>DockerDevbox<\/td><td>.10.200<\/td><td><\/td><\/tr><tr><td>WebServer<\/td><td>.20.250<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n<\/div>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>synology<\/td><td>.40.111<\/td><td>(network\/interfaces)<br><code>auto vmbr2.40<br>iface vmbr2.40 inet static<br>    address 192.212.40.245\/24<br>    vlan-raw-device vmbr2<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>qt21101l<\/td><td>.5.101<\/td><td><\/td><\/tr><tr><td>px30_evb<\/td><td>.5.102<\/td><td><\/td><\/tr><tr><td>Octoprint<\/td><td>.5.110<\/td><td><\/td><\/tr><tr><td>Doorbell<\/td><td>.5.150<\/td><td><\/td><\/tr><tr><td>dome01<\/td><td>.5.151<\/td><td><\/td><\/tr><tr><td>dome02<\/td><td>.5.152<\/td><td><\/td><\/tr><tr><td>ipcam_dome<\/td><td>.5.160<\/td><td><\/td><\/tr><tr><td>ipcam_0001<\/td><td>.5.161<\/td><td><\/td><\/tr><tr><td>ipcam_0002<\/td><td>.5.162<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>nano \/etc\/network\/interfaces<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>auto vmbr2.10\niface vmbr2.10 inet static\n    address 192.212.10.245\/24\n    vlan-raw-device vmbr2\nauto vmbr2.20\niface vmbr2.20 inet static\n    address 192.212.20.245\/24\n    vlan-raw-device vmbr2\nauto vmbr2.30\niface vmbr2.30 inet static\n    address 192.212.30.245\/24\n    vlan-raw-device vmbr2\nauto vmbr2.40\niface vmbr2.40 inet static\n    address 192.212.40.245\/24\n    vlan-raw-device vmbr2<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Mat\u00e9riel utilis\u00e9 Architecture Logicielle 1. Raspberry Pi Emulation Raspberry (Proxmox) VM-103 Raspberry :&#8211; Pi-Hole&#8211; Dashy&#8211; Gatus\u00a0 Bloque les pubs et traqueurs , Surveille la disponibilit\u00e9 des services. &#8212; 2. NAS Synology (DSM) via Docker : Apps Synology: 3. Proxmox (PC Principal) Conteneur\/VM Applications R\u00f4le VLAN VM-105 Home Assistant Automatisation domotique. 10 VM-101 pfSense Routeur\/firewall. &#8212; &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/daisy-street.fr\/index.php\/2025\/04\/02\/home-lab-optimise\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Home Lab Optimis\u00e9&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ub_ctt_via":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[174,161,12],"tags":[11,20,14,61,9],"class_list":["post-1267","post","type-post","status-publish","format-standard","hentry","category-iot","category-services","category-software","tag-disque","tag-docker","tag-proxmox","tag-reseau-2","tag-serveur"],"jetpack_publicize_connections":[],"featured_image_src":null,"author_info":{"display_name":"admin9483","author_link":"https:\/\/daisy-street.fr\/index.php\/author\/admin9483\/"},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/posts\/1267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/comments?post=1267"}],"version-history":[{"count":34,"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/posts\/1267\/revisions"}],"predecessor-version":[{"id":1330,"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/posts\/1267\/revisions\/1330"}],"wp:attachment":[{"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/media?parent=1267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/categories?post=1267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daisy-street.fr\/index.php\/wp-json\/wp\/v2\/tags?post=1267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}