[ Home Lab ]
Homelab Infrastructure
This project outlines the architecture and deployment of a self-hosted homelab environment. By utilizing a virtualized foundation, the system moves away from single-service hardware into a modular environment that prioritizes uptime, security, and rapid testing.
Infrastructure Foundation
The primary hypervisor for this stack is Proxmox VE. Choosing a Type-1 hypervisor allows for the operation of multiple isolated services (VMs and LXCs) on a single machine. This approach prevents dependency collisions and provides a robust framework for backups and service migration.
A central element of this hardware strategy is the utilization of an HP Elitebook (retired from daily use in 2019). While no longer suitable as a primary workstation, it remains a high-value server node. Its integrated battery acts as a built-in UPS during power fluctuations, and its compact, energy-efficient design is ideal for 24/7 operation. The built-in display and keyboard also provide an immediate “crash cart” interface for direct troubleshooting without requiring external peripherals.
The Service Stack
The following services are currently deployed and managed within the Proxmox environment:
| Service | Platform | Function |
|---|---|---|
| Home Assistant (HAOS) | Virtual Machine | Centralized brain for automation and sensor data orchestration. |
| Nginx Proxy Manager | LXC | Traffic controller handling SSL termination and friendly URL routing. |
| WireGuard | LXC | Secure, low-overhead VPN tunnel for remote network access. |
| AdGuard Home | HA Integration | Network-wide DNS filtering and real-time connection statistics. |
| DigitalOcean DDNS | Bash Script | Custom API integration to maintain endpoint connectivity. |
| Zigbee2MQTT | LXC | Hardware-bridged interface for the local smart device mesh. |
| RemoteTerm | LXC | Remote availability of Meshcore Home Base for offgrid wireless comms, even when I’m away from home. |
Challenges and Reliability Improvements
Zigbee Stability and Interference
One of the most persistent hurdles involved the reliability of the Zigbee mesh. Devices would frequently drop off the network, which was eventually traced to interference from the host.
- The Fix: The Zigbee coordinator was moved to a USB 2.0 extension cable to distance it from the interference source. Additionally, passing the hardware directly into a dedicated LXC improved communication latency.
Connectivity and Dynamic IP Management
Since the ISP rotates the public IP address, maintaining a consistent remote connection was a challenge.
- The Fix: A custom Bash script was developed to interface with the DigitalOcean API. This script automatically detects public IP changes and updates the DNS records, ensuring that the WireGuard tunnel and other remote services remain reachable without manual intervention.
Network Navigation and Security
Managing multiple services via different port numbers was inefficient and difficult to secure.
- The Fix: Nginx Proxy Manager was implemented to route traffic via friendly internal URLs (e.g.,
proxmox.home). This centralizes SSL management and ensures that sensitive administrative interfaces remain hidden behind a single, authenticated gateway.
Decision Logic & Rationale
- Virtualization over Bare Metal: Proxmox was selected specifically for its snapshot capabilities. This allows for testing new configurations or software updates with a safety net, as the service can be reverted to a known-working state in seconds.
- LXC vs. VM Allocation: To maximize the utility of the laptop’s hardware, lightweight services like Mosquitto and Nginx Proxy Manager run in LXCs. This shares the host kernel and minimizes RAM overhead. Full VM isolation is reserved for Home Assistant (HAOS) to ensure the stability of the entire automation OS.
- Integrated Monitoring: Running AdGuard stats directly into the Home Assistant dashboard was a choice made for immediate visibility. It provides a single “pane of glass” to verify network health and filtering status at a glance.
Note on Hardware Resilience: Utilizing the HP Elitebook demonstrates that value in hardware is found in its application rather than its age. The built-in battery provides a level of resilience against power drops that would typically require expensive external equipment, making it a highly practical choice for a 24/7 service node.
>> VISUAL_MANIFEST
The lab in its natural environment (found underground)
RemoteTerm for Meshcore viewing my home repeater telemetry
Basic Home Assistant Dashboard
24 Hour stats from wireguard ad blocker. No one else in the house has noticed, go figure.