It’s almost the end of 2024, let me share my current setup for my home lab which I have been working on for the past year.

overview

Here’s a brief overview of my internal network.

Storage server

192.168.1.10 is a mini pc designated as my main storage server, which I used to set up my network file-sharing server and Samba server. I decided to keep most of my setup here pretty simple with no virtualization and opt to run more critical and fundamental services.

The main services running here are my prometheus-grafana-loki monitoring stack which collects metrics and logs from other hosts for display. I also run Adguard here, which is my DNS resolver for my home network. Authentik is an identity provider that supports ODIC protocol for SSO sign-in to my internal applications. Vaultwarden serves as another password manager I use for authentication in my internal application when Authentik is not an option.

Here are some examples of my monitoring visualization:

proxmox server

192.168.1.11 is another mini pc running my proxmox operating system that can create virtual machines. Not a lot is done here on this physical machine.

application server

192.169.1.13 is a virtual machine running docker. Through docker-compose.yaml scripts I was able to set up my application services quickly. Some applications such as immich and hoarder rely on NFS storage from my storage server. Here I have also set up Caddy reverse proxy, which is the entry point for most of my internal applications. Incoming network request to my internal application is first routed to this reverse proxy and then to other machines through IP and port, or via docker network if on the same host.

Here are what some of the apps do:

• Immich: Google Photo alternative

• Paperless: stores documents

• Dashy: dashboard

• Gitea: git repository and docker image storage

• Hoarder: stores website links and web pages

• Outline: notion like a note-taking app

• Caddy: reverse proxy entry point for most apps

tailscale server

192.169.1.12 is another virtual machine that only runs Tailscale. Tailscale provides a VPN, allowing me to connect to my home network even if I am outside. My tailscale node here is configured as an exit node.

kubernetes cluster

192.168.1.2 is an old desktop pc running proxmox operating system for most of my testing builds. I can quickly start up and delete virtual machines easily. I also have Kubernetes clusters setup, running 1 master node and 2 worker nodes, right now mainly for experimental purposes only.

DNS connection

To connect to my internal applications easily, I have set up a DNS Type A record on Cloudflare. So instead of using the IP address and port to connect, I can use <app name>.wongandre.com to resolve the IP address of my Caddy reverse proxy.

dashy homepage

Here is a homepage of my services, which is grouped into different categories. Monitoring for metrics and logging related apps. User management for internal app identity management. Networking for Adguard DNS, router configs, and proxmox configs. Data management for storing personal data like images, documents, or repositories.

future plans 2025

some plans to improve my home lab I have in mind right now

• self-host my own large language model such as Ollama

• create a production Kubernetes environment and migrate/add services to it

• Infrastructure as Code

  • write scripts to automate provisioning proxmox VMs and LXC through Terraform

  • write scripts to automate installing configurations per instance through Ansible

• Add more storage with direct attached storage (DAS)

• Configure backup for my data

• add more apps!