My Homelab
My homelab is a single-node Proxmox environment designed to build hands-on experience with enterprise-style infrastructure, automation, and cybersecurity concepts. It serves as both a production environment and a controlled lab for experimentation.
Core Infrastructure
- Hypervisor: Proxmox VE (single node)
- Primary Storage: ZFS pool
tank(2 × 1TB HDDs) - Local Storage: 512GB NVMe for VMs and high-I/O workloads
- Edge Firewall: Dedicated pfSense appliance connected to Google Fiber
ZFS provides data integrity, snapshots, and shared storage across LXCs and virtual machines while maintaining reliability and flexibility.
LXC Media Stack
Media services are deployed in isolated LXC containers for efficiency, performance, and simplified management. A dedicated Cockpit container manages shared ZFS mounts used across the stack.
- Plex – media streaming
- qBittorrent – downloads
- Prowlarr – indexer management
- Radarr & Sonarr – media automation
- Overseerr – media requests & discovery
- Cockpit – storage and mount management
- Homarr – homelab dashboard
The long-term plan is to migrate this entire stack into Docker once the architecture and workflows are fully validated.
Virtual Machines
- Ubuntu Server – general workloads and testing
- Debian Server – Docker host
- Kali Linux – security testing and tool practice
- Metasploitable – vulnerability and exploitation labs
- Windows Server 2025
- Windows 10
- macOS VM
- Ubuntu Workstation
Docker & Secure Remote Access
A dedicated Debian VM hosts containerized infrastructure services and web-facing tools using Docker.
- Docker with Portainer for container management
- Nginx Proxy Manager for reverse proxy and SSL management
- Cloudflare Tunnel (Zero Trust service exposure)
- Twingate (Zero Trust access to internal services)
This setup enables secure remote access to internal resources without exposing inbound ports or relying on traditional port forwarding.
Networking & Security Practice
An isolated OPNsense VM provides a dedicated network for practicing enterprise networking and security concepts without impacting production services.
- VLAN creation and subnet segmentation
- Firewall rule design and testing
- Isolated attack and defense scenarios
Why I Built It This Way
This homelab emphasizes real-world design principles such as separation of concerns, layered security, secure remote access, and gradual architectural evolution. It allows me to learn by building, breaking, and improving systems in a controlled environment.