Home Lab • Infrastructure • Security
Infrastructure designed to be operated, not merely demonstrated.
My Home Lab is a segmented, monitored and backed-up single-node Proxmox platform. I use it to practise design, operations, security and recovery under realistic constraints.
The goal is not to collect services. Every component must answer a need, produce a useful signal, have a source of truth and be recoverable or removable cleanly.

Architecture
Clear boundaries and acknowledged dependencies
This view is intentionally functional: no internal addressing, port, credential or exploitable rule is published.
Separate usage
Administration, services, public exposure and IoT traffic remain in distinct functional zones.
Observe before acting
Metrics, logs, probes and alerts provide independent state before and after every change.
Prepare recovery
Backups, hashes, rollback and recovery order are defined before risky operations.
Operating model
Four capabilities connected to evidence
Technologies are means; the objective is to maintain a service that is understandable and reversible.
Architecture & segmentation
Limit implicit dependencies and the exposed surface.
Useful observability
Detect actual failure without manufacturing false-green status.
Continuity & recovery
Know what to restore, in which order and with which evidence.
Reproducibility & security
Reduce manual changes and retain a readable return path.
Problem → method → outcome
Three end-to-end improvements
Every change retains its initial state, rollback path, validation and residual debt.
Make Docker reconstructible
- Problem
- The parameters of 26 projects had to be compared with the actual runtime state.
- Method
- Inventory, declarative/runtime comparison, Compose normalization and validation without a global recreate.
- Outcome
- 49 aligned services, 47 pinned external images and two identified local builds.
Improve monitoring signal
- Problem
- Duplicate or misplaced probes could obscure the cause of an outage.
- Method
- Removed duplication, checked Error/NoData states and added local proxy health.
- Outcome
- 69 useful targets, capacity tracking and no hidden alerts to manufacture a green status.
Move from backup to recovery planning
- Problem
- Existing backups alone did not demonstrate a recovery capability.
- Method
- Coverage checks, task verification, dependency mapping and recovery targets by criticality.
- Outcome
- Expected coverage confirmed, recent verification evidenced, logical restores performed and limits explicitly documented.
DR & limits
Credibility also means stating what remains
Backups are monitored, but they are not confused with high availability or a fully proven recovery plan.
What is in place
- Daily backups for eligible workloads with coverage checks
- Monitored PBS verification with failures made visible
- Logical restores validated on selected critical services
- Documented recovery order for network, DNS and publishing dependencies
- Application and infrastructure rollback prepared before every change
Publicly acknowledged limits
- The platform relies on one Proxmox node and is not presented as highly available.
- An off-site or immutable copy still needs to be implemented and tested.
- A timed full Tier 1 recovery exercise is still required to measure every actual RTO/RPO.
- DNS redundancy remains within the same hardware failure domain.
Physical platform
Real infrastructure, documented without overexposure



Go further
Review projects and detailed outcomes
The case studies cover context, method, outcome and demonstrated skills without publishing sensitive operational data.