Back to Projects

Project

Homelab Infrastructure Platform

A production-grade homelab environment featuring Proxmox virtualization, TrueNAS storage, Tailscale networking, and full observability with Prometheus and Grafana.

ProxmoxTrueNASTailscalePrometheusGrafanaUnifiDockerLinux

Overview

My homelab is more than a collection of services—it's a structured infrastructure platform designed with production principles in mind. Built over several years, it serves as both a learning environment and a practical hosting solution for personal projects and experiments.

The platform encompasses virtualization, storage, networking, monitoring, and secure remote access, all designed to work together as a cohesive system.

Features

  • Proxmox Virtualization - Multiple isolated VMs and containers running on enterprise-grade hypervisor
  • TrueNAS Storage - Centralized storage with snapshot-based data protection
  • Tailscale Overlay Network - Secure remote administration without exposed ports
  • Prometheus & Grafana Monitoring - Full observability with metrics, dashboards, and alerting
  • Unifi Network Architecture - Segmented networking with controlled ingress
  • Backup Infrastructure - Layered recoverability using snapshots and offsite backups

Technical Highlights

Virtualization Layer

Proxmox VE provides the compute foundation:

  • Multiple VMs with dedicated resource allocations
  • Container support for lightweight workloads
  • Snapshot capability for safe experimentation
  • Template-based provisioning for new services

Each workload runs in isolation, limiting blast radius when things go wrong and enabling independent lifecycle management.

Storage Architecture

TrueNAS handles persistent data:

  • ZFS-based storage with data integrity guarantees
  • Snapshot automation for point-in-time recovery
  • Network storage accessible across all VMs
  • Tiered storage approach separating critical and rebuildable data

The storage layer is designed around the principle that data protection is a workflow, not just a feature.

Network Design

Unifi networking gear provides:

  • VLAN-based segmentation separating trust zones
  • Firewall rules controlling inter-segment traffic
  • Controlled ingress minimizing attack surface
  • Management plane isolated from service traffic

Network architecture follows least-privilege principles—devices and services only have the access they need.

Secure Remote Access

Tailscale creates an overlay network for administration:

  • No exposed management ports on the public internet
  • Device-based authentication for access control
  • End-to-end encryption for all management traffic
  • Access from anywhere without VPN complexity

This pattern eliminates an entire category of attack surface while maintaining full operational capability.

Observability Stack

Prometheus and Grafana provide visibility:

  • Metrics collection from all hosts and services
  • Custom dashboards for infrastructure and application health
  • Alert rules with Discord notification delivery
  • Historical data for trend analysis and capacity planning

The monitoring stack enables proactive operations—catching issues before they become user-visible problems.

Architecture

graph TB
    subgraph internet [Internet]
        Users[Users]
        Admin[Admin Devices]
    end
    
    subgraph edge [Edge Layer]
        Cloudflare[Cloudflare DNS]
        VPS[VPS Ingress]
    end
    
    subgraph homelab [Homelab]
        subgraph network [Network Layer]
            Unifi[Unifi Router]
            Tailscale[Tailscale Mesh]
        end
        
        subgraph compute [Compute Layer]
            Proxmox[Proxmox Host]
            VMs[Service VMs]
            Containers[Containers]
        end
        
        subgraph storage [Storage Layer]
            TrueNAS[TrueNAS]
            Backups[Backup Storage]
        end
        
        subgraph observability [Observability]
            Prometheus[Prometheus]
            Grafana[Grafana]
            Alerts[Discord Alerts]
        end
    end
    
    Users --> Cloudflare --> VPS --> Unifi
    Admin --> Tailscale --> Proxmox
    Unifi --> VMs
    VMs --> TrueNAS
    VMs --> Prometheus --> Grafana --> Alerts
    TrueNAS --> Backups

Operations

Change Management

All changes follow a disciplined workflow:

  • Snapshot before risky operations
  • Test in isolation when possible
  • Document changes and their rationale
  • Monitor for unexpected effects after deployment

Incident Response

When issues occur:

  • Alerts notify me via Discord
  • Dashboards provide context for investigation
  • Rollback capability enables quick recovery
  • Post-incident review captures lessons

Capacity Planning

Monitoring data drives planning:

  • Resource utilization trends over time
  • Storage consumption projections
  • Service demand patterns
  • Upgrade decisions based on data, not guesswork

Lessons Learned

Building and operating this platform taught me:

  • Isolation reduces complexity - Clear boundaries make troubleshooting tractable
  • Documentation is operational - Future me needs to understand current me's decisions
  • Monitoring enables confidence - Visibility allows bold changes with safety nets
  • Security is architectural - Good design prevents problems better than patches

What's Next

The homelab continues to evolve:

  • Improved inventory documentation and network mapping
  • Enhanced backup destinations and retention policies
  • Container orchestration exploration for stateless workloads
  • Continued hardening based on security best practices

This platform serves as both a practical hosting environment and a laboratory for learning production infrastructure skills.