Building a homelab (1/5): The big picture
Home is where your lab is.
I’ve always been fascinated by infrastructure — how services run behind the scenes, how networks talk to each other, and how automation can bring order to chaos. That’s what led me to build and maintain a fully self-hosted homelab, not just for tinkering, but for actual day-to-day use.
This blog series walks you through every part of my homelab — from the nuts and bolts of the network stack to the GitOps pipeline that drives automated updates and deployment.
❓ Why I Built This
Like many who run homelabs, my goals were:
-
Learning by doing (networking, infrastructure-as-code, automation)
-
Host my own services (newsreader, media, monitoring, DNS, etc.)
-
Improve privacy and control over my own data
-
Build a resilient, automated, low-touch system
Over time, it’s grown into a robust, self-sufficient ecosystem that closely mimics professional infrastructure, just at a smaller scale.
💻 Hardware Overview
Device | Role |
---|---|
Draytek Vigor 167 | DSL Modem |
UniFi Express 7 | Router |
UniFi Pro Max 16 Switch | Switch |
U7 Pro Wall, U7 Lite (2x) | Access Points |
FritzBox 7490 | DECT Telephone Base Station |
RPI 3 Model B | DNS 01 |
RPI 3 Model B+ | DNS 02 Failover |
GMKTEC Nucbox M5 Plus Mini PC | Proxmox Host |
Main NAS | Synology DS923+ |
Backup NAS | Synology DS918 |
🛜 Networking Layout
-
VLANs segment my devices by function (e.g., IOT, guests, infrastructure, work)
-
Multiple SSIDs are broadcasted for each VLAN through UniFi APs
-
All cabling in the house runs to the central UniFi switch
-
Internet comes in via PPPoE through a DSL modem
This physical setup gives me both strong performance and clean network segmentation. Also once fiber optics will finally be available in our home I'll be able to just switch out the DSL Modem and the network should function exactly the same. We will have a closer look at the networking infrastructure in part 4 of this series.
📱 Core Services
Most of my services run in Docker and are deployed via Komodo:
Proxmox VM srv-prod-01
Service | Description |
---|---|
ArchiveBox | Bookmark Archival |
Audiobookshelf | Audiobook Management |
Calibre | EBook Management |
Dozzle | Logs Monitoring |
Homeassistant | Homeautomation, HomeKit Bridge |
Homepage | Home Dashboard |
Immich | Photo Library |
Jellyfin | Media Server |
Komodo | Docker Management |
Komodo Periphery | Docker Management Agent |
Komodo ntfy | Alerter Bridge |
Libation | Audibook Downloader |
Mealie | Recipe Management |
MeTube | Video & Audio Downloader |
Miniflux | RSS |
ntfy | Push Service |
Paperless | Document Management |
Penpot | Design Tool |
SABnzbd | Usenet Downloader |
Traefik | Reverse Proxy, SSL, etc. |
Tubesync | Video & Audio Downloader |
Uptime Kuma | Monitoring |
Vaultwarden | Password Management |
RPI DNS01
Service | Description |
---|---|
Adguard Home | DNS Server |
Adguard Home Sync | Adguard Home Config Sync |
Dozzle Agent | Logs Agent |
Komodo Periphery | Docker Management Agent |
RPI DNS02
Service | Description |
---|---|
Adguard Home | DNS Server |
Dozzle Agent | Logs Agent |
Komodo Periphery | Docker Management Agent |
All service configurations are stored in Git, updated automatically by Renovate, and redeployed via Komodo when changes are merged. We will look at the automation bit in part 2 and the deployed services in part 3 of this blog post series.
🔐 Secure Remote Access
For secure external access, I run a WireGuard VPN through a VPS with a static IPv4 address. This lets me:
-
Connect back home from anywhere
-
Route selected traffic over WireGuard
-
Secure inbound services without exposing ports directly
I will detail the setup in part 4 when we have a look at the overall networking infrastructure.
We will also look at other deployed mechanism to harden the overall security of my homelab in the final part of this series, f.e. securing SSH access to my machines.
Posted in homelab