posts
This is my home lab. Not a museum of blinking boxes, although on some days it tries hard. I test things here before I put them anywhere near a client, and I also use it for normal home stuff.
If I break something, I break it on myself first. Healthy process, mildly annoying hobby.
Hardware and virtualization
The base is Proxmox. Everything important is virtualized or containerized, so I can test upgrades, move services around and roll back mistakes without turning the evening into incident response. It is not magic. It is just order.
Storage is TrueNAS. I like keeping data separate from compute, and I do not want to guess whether a disk is fine just because it has not screamed yet. Storage should be boring. Boring is good here.
Network
At the edge sits OPNsense. A firewall and router should be something I understand and can fix, not a black box with a nice badge. Rules, VPN, updates, logs. Nothing glamorous, thankfully.
Remote access is WireGuard. Fast, simple, not much to go wrong. For VPN, that is praise.
DNS filtering is handled by AdGuard Home. I do not expect miracles from it, but it quietly cuts down ads, tracking and some of the general network garbage.
Services
Git runs on Forgejo. Configs, deployment notes, small scripts, changes. Things that are not in git eventually become “I think I remember how I did that”. That is documentation in the same way a receipt in a winter coat is accounting.
A lot of service stacks run with Docker/Compose. Not because containers solve world peace, but because they make it easy to keep services tidy. One service, its config, its data, its upgrade path. Done reasonably, it stays maintainable for a long time.
Monitoring is Zabbix. I want to know something is getting worse before it becomes a problem for humans. I do not care about dashboards for decoration. I do care about alerts that arrive early enough.
Home stuff
Smart home runs on Home Assistant with Zigbee2MQTT/MQTT. Lights, sensors, automations, the usual small domestic conveniences. The goal is not a house that acts smarter than the people inside. The goal is that things still work when the internet has a bad day.
Cameras are handled by Frigate. For an NVR with object detection, I want local processing and control over the data. Not because I own a secret base. I just do not want home video sent somewhere else because a vendor enjoys collecting everything.
Backups
Backups follow 3-2-1. Multiple copies, different places, regular restore checks. This is not where creativity helps. A backup I have never restored is just expensive decoration.
This is not a “buy exactly this” guide. It is a short answer to what I trust enough to run at home. Some parts are annoying. Some are beautifully boring. In infrastructure, boring usually wins.