HomeProjects LabExperienceContact
↓Resume

// Infrastructure Lab

Homelab

A Proxmox-based lab environment I run for hands-on infrastructure engineering. Production-like in design - monitored with PRTG, documented, and intentionally broken.

Network Topology IPs randomised per session · 10.1.x.x RFC-1918

Internet / WAN OPNsense Router x.x.x.1 · WAN ingress · VLAN trunk uplink Cisco L2/L3 Switch VLAN 10 - Servers · VLAN 20 - Lab · VLAN 30 - IoT · VLAN 99 - Mgmt VLAN 10 VLAN 10 VLAN 30 Proxmox VE x.x.x.5 / VLAN 10 TrueNAS Scale x.x.x.20 / 12TB usable Workstation Win11 / WSL2 + Ubuntu DC01 Win Srv docker Ubuntu 22 monitor LXC containers traefik portainer prtg-probe adguard LEGEND Active / running VM OPNsense (firewall) Cisco (managed switch) Container subnet
Running Services All systems nominal
ServiceHostStatus
PRTG Network Monitor
Core server - 218 sensors		 monitor-lxc Running
PRTG Remote Probe
Distributed probe - lab segment		 docker-host Running
Traefik v3
Reverse proxy / TLS termination		 docker-host Running
Portainer
Container management UI		 docker-host Running
AdGuard Home
DNS filtering - all VLANs		 lxc-dns Running
Ollama + Inference API
Local LLM serving (RTX GPU)		 gpu-vm Idle
VLAN Segments Cisco managed
IDNameSubnet
10 Servers 10.1.x.0/24
20 Lab 10.1.x.0/24
30 IoT 10.1.x.0/24
99 Mgmt 10.1.x.0/24

Stack at a Glance

HypervisorProxmox VE 8
FirewallOPNsense 24.x
SwitchingCisco L2/L3
MonitoringPRTG - 37 sensors
StorageTrueNAS - 28TB usable
ContainersDocker + Traefik

// Hardware

Lab Hardware

Proxmox Host
Custom Build
AMD Ryzen 9 5900X · 64GB DDR5
2× NVMe (ZFS mirror) · 10GbE NIC
NAS
TrueNAS Scale
Intel Xeon · ECC memory
ZFS RAIDZ2 · 12TB usable
Firewall
OPNsense 24.x
Dedicated x86 appliance
VLAN trunk · IDS/IPS · VPN
Switching
Cisco L2/L3
Managed - VLAN 10/20/30/99
Inter-VLAN routing · LACP
Workstation
Windows 11 + WSL2
Ryzen 9 · 5080 RTX GPU · 64GB RAM
Ubuntu 22.04 WSL2 for dev/tooling

// Lab Design Principles

The homelab is deliberately designed to mirror production infrastructure patterns - not as a toy environment, but as a real platform I operate and learn from. OPNsense handles firewall and routing with proper VLAN segmentation on the Cisco switch, matching the layered security model of enterprise environments. Everything is monitored via PRTG with meaningful alert thresholds, changes are tracked in Git, and I intentionally create failure conditions to understand how things break.

Current focus areas: declarative service management with Docker Compose, cloud-init-based VM templating in Proxmox for zero-touch provisioning, and building PowerShell-based PRTG custom sensors for application-layer health checks that SNMP/WMI can't surface.