Table of Contents

• Our Homelab Infrastructure: A Complete Overview

• The Hardware

• Proxmox Cluster

• Network Architecture

• Reverse Proxy and SSL

• Monitoring and Alerting

• Backup Strategy

• Automation

• Lessons Learned

Our Homelab Infrastructure: A Complete Overview

After years of iteration, our homelab has evolved into a robust infrastructure that handles everything from media streaming to CI/CD pipelines. This post documents our setup in detail.

The Hardware

We run a 5-node Proxmox cluster. The nodes are a mix of retired enterprise hardware and purpose-built servers. Each node has ECC RAM and redundant power supplies where possible.

Primary storage is handled by TrueNAS, connected via 10GbE. We use iSCSI for block storage and NFS for file shares. Backups go to a secondary TrueNAS instance in a different room.

Proxmox Cluster

Proxmox VE provides our virtualization layer. We run both containers (LXC) and virtual machines. The cluster uses Ceph for distributed storage on nodes with sufficient disk capacity.

Benefits of the cluster include live migration of VMs between nodes, automatic resource balancing, and high availability for critical services. When a node goes down, services automatically restart on remaining nodes.

Network Architecture

pfSense serves as our router and firewall. We use VLANs extensively to segment traffic:

The management VLAN handles Proxmox, TrueNAS, and other infrastructure. The services VLAN runs application containers. The IoT VLAN isolates smart home devices. The guest VLAN provides internet-only access for visitors.

AdGuard Home provides network-wide DNS ad-blocking and DHCP. All DNS queries are logged and filtered.

Reverse Proxy and SSL

Nginx Proxy Manager handles all inbound HTTP/HTTPS traffic. It manages SSL certificates via Let's Encrypt, with wildcard certificates for our domain. All services are exposed through subdomains.

Authentication is handled at the proxy level for some services, with others using their own authentication. Fail2ban provides brute-force protection.

Monitoring and Alerting

Uptime Kuma monitors all services with checks every 60 seconds. We receive alerts via multiple channels: Telegram for immediate notification, email for historical records.

The public status page shows service health to external users. Internal dashboards in Grafana show resource trends and capacity planning data.

Backup Strategy

We follow the 3-2-1 backup rule: three copies of data, on two different media types, with one offsite. Proxmox Backup Server handles VM and container backups.

Critical data is replicated to secondary TrueNAS. Git repositories sync to GitHub. Database containers run scheduled dumps to backup volumes.

Automation

OpenClaw agents automate routine tasks. Heartbeat monitoring runs every 10 minutes to check service health. Task routing via Plane keeps work organized. GitHub backups run daily.

When issues arise, we get notified immediately with context. Most routine maintenance happens automatically without human intervention.

Lessons Learned

Documentation saves time. We document everything in Outline, with runbooks for common procedures. When something breaks at 3 AM, documentation helps us fix it faster.

Test your backups. We do quarterly restoration tests to verify our backups actually work. There is nothing worse than discovering backup failures during an outage.

Plan for growth. We overspec storage and network bandwidth from the start. Upgrading infrastructure is painful; buying extra capacity upfront is cheaper than migrating.