Homelab

My self-built homelab environment that covers every corner of system administration,
from networking to automation.




Picture of my serverrack

Core Infrastructure

My homelab is a self-built infrastructure environment focused on virtualization, container orchestration, monitoring, security, and automation. I run two Proxmox servers—one dedicated to GPU-intensive AI workloads, and a primary hypervisor that handles core infrastructure and applications.

Within the primary Proxmox node:


Core Infrastructure VM:

Runs Traefik (reverse proxy with dynamic routing), Authentik (identity provider for SSO), and CrowdSec (behavior-based intrusion prevention).


Container Host VM:

Uses Portainer to manage 50+ Docker containers, including:

- Vaultwarden (lightweight Bitwarden-compatible password manager)

- Gitea (self-hosted Git service)

- Cloudflare Tunnel (secure remote access without port forwarding)

- Nessus (vulnerability scanner)

- Uptime Kuma (status page and uptime monitoring)

- Homepage (dashboard to organize services)

- and many more tools for networking, automation, media, and DevOps.


Monitoring VM:

Combines Zabbix, Prometheus, and Grafana for full-stack metrics, alerting, and visualization.


Service-Specific VMs:

- Mastodon (federated social network)

- Bluesky PDS (personal data server for the AT Protocol)

- Nextcloud (file sync, calendar, contacts, and more. Alternative to the Google Workspace.)

- Minecraft (dedicated game server)

- Web Hosting (this site and others)

- Home Assistant (smart home automation)

- plus others for development, testing, and one-off services


Outside the virtual environment:

- TrueNAS Core NAS for storage, backups, and SMB/NFS shares

- 3D Printing Server: Runs OctoPrint with multiple USB cameras for remote print monitoring and control

- Pi-hole for DNS and ad/tracker blocking

- Tailscale and Twingate for secure, identity-based remote access

- Corelight for deep network visibility and traffic analysis

Networking & Segmentation

The entire network is built around a Ubiquiti UniFi Dream Machine Pro (UDM Pro) connected to a 24-port UniFi switch. The UDM handles:

- Firewall rules and inter-VLAN routing

- DHCP services

- IDS/IPS using Snort

- CrowdSec for real-time threat detection and response

This stack provides centralized control, deep packet inspection, and layered network security for all connected devices.


VLAN Layout & Isolation

- IoT VLAN: Limited internet access, completely isolated from internal systems (excluding Home Assistant)

- Guest VLAN: Fully isolated with internet-only access

- Server VLAN: Restricted, monitored, and used for all core infrastructure and services

- Trusted VLAN: Personal devices (PCs, phones, tablets) with limited and intentional access to servers

This segmentation, combined with tight firewall rules, promotes zero-trust that minimizes lateral movement and the attack surface within the network.

Let's Connect!

Email
LinkedIn
Mastodon
Bluesky
GitHub
Group of people connecting with each other