Overview Driven by a strong commitment to owning my data and reducing dependency on third-party services like Google, I built and managed a homelab environment using Proxmox VE. The setup includes multiple LXC containers running various self-hosted services, allowing me to explore and enhance skills in server administration, networking, and container management while maintaining control over my data. • ISP Router: The primary router provided by the ISP is widely used by housemates. It serves as the gateway to the internet for the entire household. • TP-Link Router (OpenWRT): A TP-Link router, flashed with OpenWRT, acts as a client on the ISP router. It creates an isolated network environment for my devices and services, hiding them from the main network and providing additional security. 1. Home Network Setup: Proxmox VE 8 Host: The server runs on Proxmox Virtual Environment 8, installed on a 256GB SSD. This ensures the host operates faster than traditional HDDs. • 1TB NVMe SSD: Stores the disks for LXC containers and VMs, providing fast read/write speeds essential for performance. • 8TB HDD: Used as mass storage for movies, shows, photos, videos, and backup files for both containers and virtual machines. 2. Server Environment: • Nginx Proxy Manager: Manages the routing of services through fully qualified domain names (FQDN) and provides SSL certificates via Let's Encrypt. • AdGuard Home: Acts as a network-wide ad blocker and DNS server, reducing reliance on the ISP’s DNS and protecting data from advertisement companies. • Proxmox Backup Server (PBS): Uses incremental backups to efficiently save data every day at 3 AM. This minimizes backup size, saving storage space and bandwidth. • Rclone Backup with Backblaze B2: At 5 AM daily, a cron job runs an Rclone script to sync PBS and other critical data (like photos, videos, and documents) to Backblaze B2 cloud storage. The backup data is encrypted before leaving the server to ensure privacy. 3. Network Services: • OneDev: A self-hosted Git server that provides project management, issue tracking, and continuous integration for software development projects. • Immich: A self-hosted photo and video backup solution, offering a seamless way to store and manage my media files on my own server. • Vaultwarden: A lightweight, self-hosted password manager compatible with Bitwarden clients, allowing secure storage of credentials and 2FA tokens. • ng-paperless: A self-hosted document management system, enabling efficient digital filing and retrieval of scanned documents. • File Browser: A web-based file manager that provides easy access to my files stored on the server, offering features like file previews, sharing, and management. • Homepage: A self-hosted start page, acting as a central dashboard to manage and access all my services, bookmarks, and resources. • Wazuh: A security monitoring platform that provides real-time threat detection, incident response, and regulatory compliance, enhancing the security posture of my environment. • K3s Cluster (k3s-admin, k3s-01, k3s-02, k3s-03, k3s-04, k3s-05): A set of VMs running k3s in a cluster, used to deploy custom-built applications through OneDev. This setup ensures high availability and scalability for my applications. • Jellyfin: Jellyfin is used as a media server for streaming movies and shows ripped from Blu-ray disks. The setup includes passing through an Intel integrated GPU for hardware transcoding, ensuring optimal streaming performance for personal and family use. 4. Application Services: • Twingate: Given the limitations of CG-NAT, direct port forwarding is not possible. Twingate is used to securely expose the server to the internet via a VPN connection, preventing unwanted traffic and DDoS attacks. 5. Security Measures: I'm planning to add a new server to my Proxmox setup, install Proxmox VE, and integrate it into the existing cluster for better high availability and load balancing. My idea is to configure high availability with HA groups and failover policies to ensure VMs automatically migrate if a server fails. For load balancing, I'll use tools like HAProxy or Traefik to evenly distribute traffic. I'm also adding a NAS with RAID for data redundancy, connecting it to Proxmox via NFS or iSCSI, and setting up backup and replication jobs to the NAS. After everything is set up, I'll test by simulating server failures, checking load distribution, and verifying the NAS integration. Future Plans Homelab Project Ajitesh Kuppa Sivakumar Ajitesh Kuppa Sivakumar Ajitesh Kuppa Sivakumar