My Homelab

The concept of a “homelab” is fairly self-explanatory; it’s a laboratory environment at your home.

It used to refer to personal computer environments where professional IT folks would build scaled-down versions of their production systems in order to test, experiment, and learn without the risk of breaking something important. For example, a lab is a great place to test changes to your DNS servers without accidentally breaking half the known internet (looking at you, AWS). The idea of a homelab has expanded into the hobby space, though, and now there are many nerds running homelabs who don’t even work in an IT-related field (myself included). The concept remains mostly unchanged: a homelab is still an at-home environment for learning and experimenting, but the hobbyist version tends to also cross into the general home-services field. Some nerd might set up a recursive DNS resolver to learn more about how it works, but then decide to use it as the resolver for the rest of their home network, blurring the line between their “lab” and their “production” environments.

My homelab is a perfect example of this blurred environment. I have VMs and services that exist purely for experimentation, but I also have a number of systems and services which have become an important part of my network.

Hardware

Servers

My primary servers are several Lenovo ThinkCentre Tiny PCs, clustered together under Proxmox. Each ThinkCentre has an additional NIC installed, allowing for redundant cluster communication and a dedicated replication/migration network.

  • Nodes 1 and 3: My primary “compute” nodes, which run the majority of VM/CT workloads. In their “High Availability” configuration, guests will failover if either node becomes unavailable.
  • Node 2: Previously used as a storage server, but I took it offline some time ago, replacing most of its functionality with an Aoostar mini PC.
  • Storage: Since the Lenovos are limited to a single internal SSD and one or two m.2 drives, the Aoostar allowed me to utilize a small ZFS pool of full-size HDDs, significantly increasing my storage capacity and redundancy.

Lastly, I have one additional off-site server (another Lenovo Tiny) running a bare-metal install of PBS (Proxmox Backup Server) for remote backups.

Router

My primary router is a BananaPi R3 board. This serves as the edge router and wifi access point, while also performing traffic shaping, DNS ad-blocking via AdBlock-Lean, and Dynamic DNS updating. It also runs Wireguard for remote network access and a Crowdsec bouncer.

Switch

A small managed switch replaced my previous massive Cisco unit. While the new switch only has 9 ports (8 PoE), it’s much quieter and far more energy efficient than the Cisco switch it replaced.

Networking

My network is segmented into several VLANs based on access needed; i.e., external services are confined to a DMZ, CCTV cameras are only accessible by the NVR, the Proxmox cluster has a dedicated network for migrations, etc. All of the hardwired devices are connected via 2.5gb ethernet, and the wireless devices are using Wifi 6 and WPA3.

Outgoing DNS requests are proxied by the router and forwarded via DoH.

An external-facing proxy serves as a single point of entry for all incoming connections to my public websites and services. This proxy reports all of its HTTP requests to my Crowdsec engine and its WAF, while non-HTTP traffic gets forwarded via TCP stream. This proxy also utilizes Anubis to cut down on AI scrapers.

An internal-only proxy handles my private access to my non-public services. My proxies and my primary webserver are all NGINX, including the server hosting this very blog. Nearly all servers are running Debian or a derivative, while my laptop runs Fedora Workstation.

Services

As I mentioned at the start, my homelab also hosts services and systems which have become an important part of my home. Some of the services that I’ve come to use on a regular basis are:

  • Home Assistant for home automation and general system monitoring
  • Jellyfin for my digitalized video library
  • Navidrome for my digitalized music library
  • Komga for my digitalized book library
  • Homepage as my browser’s starting page and simple dashboard
  • Linkwarden for bookmarking and archiving webpages
  • AgentDVR for CCTV
  • Paperless-ngx for document archiving
  • Lubelogger for recording fuel and maintenance on my vehicles
  • apt-cacher-ng for, well, caching APT requests

Of course, being a homelab, there’s usually a handful of other services running at any given time as I play and experiment with different ideas and concepts.