Back to labs
OverviewFilterFebruary 22, 2026
Home Lab Setup

Home Lab Setup

Up to date overview of my homelab.

This is a sandbox where I can experiment on various self hosted environments.

3 min read
Proxmox VE · Tailscale · Docker
Current

Management Hypervisor

The central piece of my lab is a dedicated host running Proxmox VE.

Host Name: pve-01

  • Model: HP EliteDesk 800 G1 SFF
  • CPU: Intel Core i5-4590 (4 Cores, up to 3.70 GHz)
  • RAM: 12GB DDR3
  • Storage: 480GB seconds
  • Hypervisor: Proxmox VE

Network Backbone

My setup contains a mix of consumer and enterprise systems.

  • Cisco WS-3750-24PS-S (Core Switch): This is a 24-port Layer 3 enterprise switch. It doesn't run 24/7 but I use it to manage VLANs and test other network functions.
  • Gateway: Handles my primary connection to the ISP and provides the initial routing for my setup.

The Final Piece: Zero Trust Application Server

While the HP Desktop handles traditional virtualization, the main workhorse of my homelab is a high-performance GMKtek M6 Ultra Mini-PC. This machine serves as my dedicated container orchestration host and runs entirely on a Zero Trust architecture.

Architecture & Security

To simulate an enterprise-grade cloud environment, this server is built with strict security and disaster recovery principles:

  • Zero Trust Network Access: The server has zero public-facing ports. All external access is routed through a secure Tailscale mesh network.
  • Reverse Proxy: A native Windows Caddy instance acts as the sole gatekeeper. It binds exclusively to the Tailscale IP, automatically provisions TLS certificates for secure HTTPS connections, and routes traffic locally to Docker containers via 127.0.0.1.
  • Intrusion Prevention System (IPS): CrowdSec runs natively alongside Caddy, monitoring access logs in real-time. If malicious traffic or brute-force attempts are detected, the CrowdSec Bouncer dynamically instructs the Windows Defender Firewall to drop the offending IP.
  • Full Disk Encryption: BitLocker is enforced across the OS drive, the Docker data drive, and the external backup drive to secure physical assets.
  • Automated Disaster Recovery: A custom multi-threaded Robocopy script runs via Windows Task Scheduler every night, mirroring critical container volumes, SQLite databases, and configurations to an encrypted external USB drive for rapid recovery.

Current Services (Dockerized):

This node hosts a suite of containerized microservices and applications, all managed via Docker Compose:

Infrastructure & Management

  • Glance: A centralized, YAML-configured dashboard unifying monitoring and service access.
  • Vaultwarden: Self-hosted Bitwarden-compatible password manager.
  • Beszel & Speedtest Tracker: Lightweight telemetry and network performance monitoring.

Media & Productivity

  • Jellyfin: Personal media streaming server.
  • Immich: High-performance, self-hosted photo and video backup solution.
  • Filebrowser: Web-based file management acting as a localized NAS.
  • Kasm Workspaces: Containerized desktop infrastructure for secure, isolated browser sessions.
  • Sunshine Host: Low-latency remote desktop and game streaming.

Next Steps:

My next goal is to upgrade the HP desktops's ram to the max 32GB DDR3 and build out a 3D-printed case for my raspberry pi 5 that supports a SATA SSD.

All labsBack to home