The Ultimate Raspberry Pi 5 Homelab Guide: DNS, NAS, and 10GbE
The cloud is great, but there is something visceral about owning your own metal. With the release of the Raspberry Pi 5 and its PCIe lane, we can finally build a serious, high-performance homelab that fits in the palm of your hand.
The Mission: Build a "Set and Forget" network appliance that handles:
1. Network-wide Ad Blocking (AdGuard Home)
2. Recursive DNS (Unbound) for privacy
3. NAS Storage (Samba) saturating Gigabit Ethernet
4. Observability (Netdata/Grafana)
All running on a read-only root filesystem overlay to prevent SD card corruption.
1. Hardware Bill of Materials (BOM)
Don't just buy the board. To get performance, you need the right accessories.
- Raspberry Pi 5 (8GB or 16GB): You need RAM for caching.
- NVMe Base/HAT: (e.g., Pimoroni or Pineberry). The SD card is too slow for a NAS.
- NVMe SSD (1TB+): Crucial for IOPS.
- Power Supply (27W USB-C): The Pi 5 is thirsty. Do not use a phone charger.
- Ethernet Cable (Cat6): Don't use WiFi for a server.
3. Operating System Configuration
The system runs Ubuntu Server 24.04 LTS (64-bit). We apply specific kernel tuning and network configuration to optimize for server workloads.
3.1 Network Interface Configuration (Netplan)
Deterministic addressing is required for a gateway device. We configure a static IP via Netplan:
network:
ethernets:
eth0:
dhcp4: false
addresses:
- 192.168.1.5/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [1.1.1.1, 8.8.8.8] # Temporary DNS
version: 23.2 Storage Provisioning
The NVMe drive serves as the primary data store, formatted with ext4 for stability.
sudo mkfs.ext4 /dev/nvme0n1
sudo mkdir /mnt/data
sudo mount /dev/nvme0n1 /mnt/data
# Add to /etc/fstab for persistence
echo '/dev/nvme0n1 /mnt/data ext4 defaults 0 0' | sudo tee -a /etc/fstab4. Service Orchestration
Services are containerized and orchestrated via Docker Compose, ensuring isolation and reproducibility.
services:
# --- Core DNS & AdBlocking ---
adguard:
image: adguard/adguardhome
container_name: adguard
network_mode: host # Essential for DHCP/DNS visibility
restart: unless-stopped
volumes:
- ./adguard/work:/opt/adguardhome/work
- ./adguard/conf:/opt/adguardhome/conf
cap_add:
- NET_ADMIN
# --- Recursive DNS Resolver ---
unbound:
image: mvance/unbound:latest
container_name: unbound
restart: unless-stopped
ports:
- "5335:53/udp"
- "5335:53/tcp"
# --- NAS File Sharing ---
samba:
image: dperson/samba
container_name: samba
restart: unless-stopped
environment:
- USERID=1000
- GROUPID=1000
ports:
- "139:139"
- "445:445"
volumes:
- /mnt/data/share:/share
command: '-s "Backup;/share;yes;no;no;all;none"'
# --- Observability ---
netdata:
image: netdata/netdata
container_name: netdata
pid: host
network_mode: host
restart: unless-stopped
cap_add:
- SYS_PTRACE
- SYS_ADMIN
security_opt:
- apparmor:unconfined
volumes:
- netdatalib:/var/lib/netdata
- netdatacache:/var/cache/netdata
- /etc/passwd:/host/etc/passwd:ro
- /etc/group:/host/etc/group:ro
- /proc:/host/proc:ro
- /sys:/host/sys:ro
volumes:
netdatalib:
netdatacache:
5. DNS Architecture: Recursive Resolution
To achieve DNS sovereignty, we chain AdGuard Home (for filtering) with Unbound (for recursive resolution). Unbound queries the authoritative root nameservers directly, bypassing upstream resolvers like Google or Cloudflare.
- Open AdGuard Web UI (`http://192.168.1.5:3000`).
- Go to Settings > DNS Settings.
- Set Upstream DNS servers to `127.0.0.1:5335` (This points to our Unbound container).
- Select "Parallel Request" mode for speed.
- Enable DNSSEC.
6. Storage Performance Optimization
Default Samba configurations often fail to saturate Gigabit links. We apply the following `smb.conf` directives to optimize TCP window sizes and enable asynchronous I/O, achieving a sustained throughput of ~115 MB/s.
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
read raw = yes
write raw = yes
min receivefile size = 16384
use sendfile = true
aio read size = 16384
aio write size = 163847. Data Resilience Strategy
Adhering to the 3-2-1 backup rule, we utilize Restic to perform encrypted, deduplicated backups to AWS S3 Deep Archive.
# Daily cron job
restic -r s3:s3.us-east-1.amazonaws.com/my-backup-bucket backup /mnt/data/share8. Operations Checklist
A homelab that provides DNS or storage becomes part of the household's critical path. Treat it like a small production system and document the recovery process before something breaks.
- Export AdGuard and Unbound configuration after every meaningful change.
- Keep a spare SD card or USB boot device with a known-good image.
- Monitor disk SMART status, temperature, memory pressure, and DNS query latency.
- Test Restic restores monthly, not only backups.
- Document router DHCP/DNS settings so the network can be restored quickly.
Should DNS and NAS run on the same Pi?
It is fine for a lab, but DNS should have a fallback resolver configured on the router so storage maintenance does not take down name resolution.
Is NVMe worth it?
Yes for NAS and container state. SD cards are acceptable for experiments, but NVMe makes the system feel closer to a small server.
9. Conclusion
By leveraging the PCIe capabilities of the Raspberry Pi 5, we have demonstrated that consumer hardware can effectively serve as a secure, high-performance network edge device, providing enterprise-grade DNS filtering and storage services at a fraction of the power cost of traditional x86 servers.