Home Lab

13-VM personal infrastructure operated like a production-like environment

This 13-VM home lab lets me practice systems and network administration, proactive security, monitoring, documentation, backups and service hosting in real operating conditions.

13 VMProxmox VEUniFiNPMplusGrafanaPBSDNS redondantAdGuard HomeUnboundGuacamoleNetAlertX99 % conformiteCrowdSecCowrieOutline
View public monitoringView projects
Left front view of the personal home lab rack with Proxmox server, Grafana wallboard, Synology NAS and Eaton UPS.

overview

Overview

Each component has a role and remains maintainable over time.

Virtualization & separated roles

13 VMs carry separated roles: NPMplus proxy, redundant DNS, monitoring, PBS, Guacamole bastion, Outline documentation, Docker services, honeypot, Home Assistant and internal tools.

Controlled publication

Public services go through SRV-PROXY and NPMplus; sensitive interfaces remain local, VPN-only or bastion-only.

Documented operations

Outline centralizes procedures, runbooks, architecture and technical decisions.

Verified backups

PBS and Synology NAS structure backup, retention and recovery logic.

Continuous monitoring

Grafana, Prometheus, Loki, Blackbox, SNMP, ntfy and NetAlertX provide actionable visibility, with 50/50 Prometheus targets validated UP.

Operational security

VLAN segmentation, TLS, HTTP headers, CrowdSec, Fail2ban, UFW, hardened SSH, AdGuard Home + Unbound, automatic DNS synchronization and Cowrie reduce risk.

Infrastructure compliance

Infrastructure compliance reaches 99% through documentation, backups, hardening, inventory and monitoring checks.

architecture

General Architecture

A deliberately non-sensitive high-level view.

Internet
UniFi UCG FiberManagement / Servers / DMZ / IoT / Guest / VPN
SRV-PROXYNPMplus + TLS + CrowdSec
Hardened public services

monitoring

Monitoring & Observability

Grafana

Dashboards for availability, system metrics, public services and overall health.

Prometheus & exporters

Metrics collection for systems, network, HTTP, SNMP and services.

Loki & logs

Centralized logs and incident analysis.

Alerting

Useful ntfy notifications with noise reduction and adapted thresholds.

NetAlertX

Automated network inventory to track devices, detect new assets and keep mapping up to date.

Blackbox

HTTP/TLS availability monitoring for public services.

Wallboard

Rack-integrated screen for continuous home lab status visibility.

operations

Operations, Backups & Continuity

PBS, retention, verification, Synology NAS and recovery logic guide daily operations.

Backups are treated as a recovery capability, not just as an archive. Sensitive changes are documented, checked and followed through continuous improvement. Important internal services include Proxmox VE, PBS, Synology NAS, Apache Guacamole, AdGuard Home, Unbound, NetAlertX and ntfy.

services

Self-hosted Services

Public and internal services presented without secrets, sensitive ports or exploitable firewall details.

Vaultwarden

Self-hosted password manager compatible with Bitwarden.

Outline

Technical knowledge base for infrastructure, procedures and decisions.

IT-Tools

Web toolbox for developers and administrators.

Stirling PDF

Self-hosted PDF toolbox.

VERT

Self-hosted file converter.

Pingvin Share

Controlled file sharing.

Password Pusher

One-time secret transmission.

Excalidraw

Diagrams and visual documentation.

Home Assistant

Local smart home platform.

Grafana

Monitoring and intentionally limited public dashboards.

smart home

Home Assistant / Smart Home

Home Assistant centralizes the smart home side of the lab. The goal is to reduce dependency on vendor clouds, control devices locally and connect smart home monitoring to the broader observability stack.

Top view of the home lab rack with UniFi nanoHD access point, Zemismart Matter hub and IoT equipment.
Hub Matter ZemismartUniFi nanoHDTV PhilipsClimatisation IRCapteurs ZigbeePrises connecteesVLAN IoTAutomatisations

security

Security & Detection

No secret, token, public admin port or exploitable firewall rule is published.

Network segmentationNPMplus TLS reverse proxyCrowdSecAdGuard Home + UnboundAdGuard Home synchronizationFail2ban / UFWCowrie HoneypotApache Guacamole bastionRestricted admin accessNetAlertX inventory

proof

Visual Proof

Gallery limited to the three photos actually available.

Left front view of the personal home lab rack with Proxmox server, Grafana wallboard, Synology NAS and Eaton UPS.
Left angle
Right front view of the personal home lab rack with Proxmox server, Grafana wallboard, Synology NAS and Eaton UPS.
Right angle
Top view of the home lab rack with UniFi nanoHD access point, Zemismart Matter hub and IoT equipment.
Top IoT view

The public Grafana view is intentionally limited and contains no sensitive information.

skills

Demonstrated Skills

Proxmox administrationGrafana monitoringTLS reverse proxyPBS backupsOutline documentationGuacamole bastionNetwork segmentationOperational securityHome AssistantDocker servicesIncident analysis