OWN YOUR
INFRASTRUCTURE

What is a Homelab?

A homelab is a personal computing environment—typically at home—where you run your own services, experiment with technology, and learn new skills. It's somewhere between a hobby and critical infrastructure.

Why Run a Homelab?

• Learning: Hands-on experience with production tech
• Self-hosting: Own your data and services
• Cost savings: Replace subscriptions with owned hardware
• Privacy: Keep data on your hardware
• Control: No terms of service changes
• Fun: It's genuinely satisfying to run your own infrastructure

Setting Goals

Before buying gear, define what you want:

• Media server: Plex, Jellyfin, Emby
• Home automation: Home Assistant
• File storage: Nextcloud, NAS
• Development: CI/CD, git repos
• Learning: Kubernetes, networking
• Security camera: Frigate, ZoneMinder

Budget Build ($100-300)

• Raspberry Pi 4/5: $50-150, ARM, low power
• Old desktop PC: Often free from work/friends
• Intel NUC: $150-300 used, x86, efficient
• HP ProDesk/Genealogy: $100-200, enterprise-grade

Mid-Range Build ($300-1000)

• DIY Server: Custom build with Xeon/Celeron
• Refurbished enterprise: Dell PowerEdge, HP ProLiant
• Synology/Netgear: Pre-built NAS with expansion
• Multi-Pi cluster: Cluster of Raspberry Pis

High-End Build ($1000+)

• Full-size rack server: 2U/4U with hot-swap
• Enterprise hardware: Full SAN, switches
• Ubiquiti UniFi: Professional networking gear

Key Specs

• RAM: More is better. 8GB minimum, 16GB+ for containers
• CPU: x86 preferred for virtualization. PassMark 5000+
• Storage: Start with 1-2TB, expand as needed
• Network: Gigabit minimum, 2.5Gb for NAS
• Power: Consider electricity costs. 24/7 = ~$10-20/month

Why Virtualize?

• Isolate services
• Run different OSes on same hardware
• Easy backup and recovery
• Resource allocation

Proxmox VE

The homelab standard:

• Debian-based, free
• Full virtualization (KVM) + containers (LXC)
• Web UI
• Clustering support

# Install Proxmox:
# Download ISO, boot from USB
# Follow installer
# Access via https://your-ip:8006

Creating Your First VM

1. Upload ISO to Proxmox storage
2. Create VM (Linux/Windows/Container)
3. Allocate CPU, RAM, disk
4. Start VM
5. Install OS

Docker Basics

# Install Docker
curl -fsSL https://get.docker.com | sh

# Run a container
docker run -d --name nginx -p 80:80 nginx

# List containers
docker ps

# Stop/Start
docker stop nginx
docker start nginx

# View logs
docker logs -f nginx

Docker Compose

# docker-compose.yml
version: '3'
services:
  nginx:
    image: nginx
    ports:
      - "80:80"
    volumes:
      - ./html:/usr/share/nginx/html
    restart: unless-stopped

  postgres:
    image: postgres:15
    environment:
      POSTGRES_PASSWORD: secret
    volumes:
      - pgdata:/var/lib/postgresql/data
volumes:
  pgdata:

# Run compose
docker-compose up -d

# View logs
docker-compose logs -f

# Stop
docker-compose down

Portainer

# Install Portainer
docker run -d -p 9000:9000 \
    --name portainer \
    --restart=unless-stopped \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v portainer_data:/data \
    portainer/portainer-ce:latest

Network Segmentation

• Default VLAN: Main network (devices)
• IoT VLAN: Smart devices (isolate from main)
• DMZ: Public-facing services
• Guest: Guest devices (no access to lab)
• Lab VLAN: Test/development

DNS Configuration

# Pi-hole for local DNS
# Services point to container IPs
# Create A records in Pi-hole:
#   homer Assistant -> 10.0.0.10
#   plex -> 10.0.0.11
#   nginx -> 10.0.0.12

Reverse Proxy

# Nginx Proxy Manager
# docker-compose.yml
version: '3'
services:
  nginx:
    image: jc21/nginx-proxy-manager
    ports:
      - "80:80"
      - "443:443"
      - "81:81"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    restart: unless-stopped

Access via http://your-ip:81, then configure proxy hosts.

Storage Options

• Direct-attached: Disks in the server
• NAS: Network-attached storage
• SAN: Storage area network (advanced)
• Cloud: Backblaze, S3, etc.

TrueNAS Scale

• Free, open source
• ZFS filesystem
• Built-in virtualization
• Apps (Docker)
• Excellent for NAS use cases

OpenMediaVault

• Debian-based NAS
• Simpler than TrueNAS
• Plugin system
• Good for basic NAS

Media

• Jellyfin: Free media server
• Plex: Popular media server
• Sonarr/Radarr: Automated downloading
• qBittorrent: Torrent client

Productivity

• Nextcloud: Google Drive alternative
• Paperless-NGX: Document management
• Wallabag: Read-it-later
• Bookstack: Wiki/documentation

Home Automation

• Home Assistant: The standard
• ESPHome: DIY IoT devices
• Zigbee2MQTT: Zigbee bridge

VPN Access

• WireGuard: Fast, modern (see WireGuard guide)
• Tailscale: WireGuard-based, easy setup
• OpenVPN: Classic, well-supported

Tailscale

# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh

# Start Tailscale
tailscale up

# Now any device on your Tailscale network can access
# services at their 100.x.x.x address

Exposing Services Safely

• Never expose Docker directly to internet
• Use VPN for remote access
• If must expose: use authentication
• Cloudflare Tunnel is an option

Monitoring Stack

• Prometheus: Metrics collection
• Grafana: Visualization (see Grafana guide)
• Uptime Kuma: HTTP/port monitoring
• Glances: System monitoring

Uptime Kuma

# Docker Compose
version: '3'
services:
  uptime-kuma:
    image: louislam/uptime-kuma
    volumes:
      - ./data:/app/data
    ports:
      - "3001:3001"
    restart: unless-stopped

Node Exporter

# Add to Prometheus for system metrics
docker run -d \
  --name node-exporter \
  --restart unless-stopped \
  -p 9100:9100 \
  prom/node-exporter

Firewall Rules

# UFW basics
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Fail2Ban

# Install
sudo apt install fail2ban

# Enable for SSH
# Edit /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 3

Security Checklist

• Change default passwords immediately
• Enable firewall on all machines
• Keep software updated
• Use strong authentication
• Regular backups
• Don't expose management interfaces
• Use VPN for remote access

K3s - Lightweight Kubernetes

# Install K3s
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable=traefik" sh -

# Check status
kubectl get nodes
kubectl get pods -A

MicroK8s

# Install
sudo snap install microk8s --classic

# Enable addons
microk8s enable dns dashboard storage

# Use kubectl
microk8s kubectl get nodes

When to Use K8s

• Running many microservices
• Learning Kubernetes
• Want production-like experience
• Overkill for 3-5 services

Why Document?

• Remember how things work
• Recover after disasters
• Share with family
• Track changes

What to Document

• Network diagram: IP addresses, VLANs, subnets
• Services: What's running where
• Credentials: Store securely (Bitwarden, 1Password)
• Backups: What's backed up, where
• Recovery procedures: How to restore each service

Documentation Tools

• Wiki.js: Self-hosted wiki
• Bookstack: Documentation platform
• Obsidian: Local-first knowledge base
• Draw.io: Network diagrams

Conclusion

You've completed the Homelab Mastery guide. You now know:

• How to plan your homelab
• Hardware selection for any budget
• Virtualization with Proxmox
• Containerization with Docker
• Networking fundamentals
• Storage solutions
• Essential services to self-host
• Remote access methods
• Monitoring
• Security hardening
• Kubernetes basics
• Documentation practices

Start small, iterate, and enjoy the journey!