Secure, practical home server environment built on Proxmox with enterprise-grade security practices
This repository contains the complete configuration and documentation for my personal homelab infrastructure. Built around security-first principles while maintaining practical single-admin management.
flowchart TD
subgraph "๐ External Access"
CF[โ๏ธ Cloudflare Tunnels]
ZT[๐ Zero Trust Access]
YK[๐ YubiKey Auth]
end
subgraph "๐ฅ๏ธ HP EliteDesk 800 G5"
PVE[โก Proxmox VE<br/>64GB RAM - 2TB RAID 1]
subgraph "๐พ Storage Layer"
TN[๐๏ธ TrueNAS Scale<br/>ZFS - NFS - Encrypted]
end
subgraph "๐ง Core Services"
AG[๐ก๏ธ AdGuard Home<br/>DNS + Tunnels]
DC[๐ณ Docker Platform<br/>Portainer + Containers]
end
subgraph "๐ฎ Gaming & Apps"
PT[๐ฎ Pterodactyl<br/>MC - Rust - Bots]
MN[๐ Monitoring<br/>Uptime - CrowdSec - Logs]
end
end
CF --> AG
CF --> DC
CF --> PT
CF --> MN
ZT --> CF
YK --> ZT
TN -.->|NFS| DC
TN -.->|NFS| PT
TN -.->|Backup| MN
homelab-infrastructure/
โโโ ๐ README.md # This file
โโโ โก proxmox/
โ โโโ ๐ README.md # Proxmox setup & hardening
โโโ ๐๏ธ truenas/
โ โโโ ๐ README.md # TrueNAS + ZFS configuration
โโโ ๐ก๏ธ adguard-tunnels/
โ โโโ ๐ README.md # DNS filtering + Cloudflare tunnels
โโโ ๐ณ docker-platform/
โ โโโ ๐ README.md # All containers (Plex, *arr, Paperless)
โโโ ๐ฎ gaming-platform/
โ โโโ ๐ README.md # Pterodactyl + game servers
โโโ ๐ monitoring/
โ โโโ ๐ README.md # Uptime Kuma + CrowdSec dashboard
โโโ ๐ backup-guide.md # Simple backup procedures
| Service | Internal URL | External URL | Purpose |
|---|---|---|---|
| โก Proxmox | https://10.0.0.10:8006 |
proxmox.tehzombijesus.ca |
Hypervisor Management |
| ๐๏ธ TrueNAS | https://10.0.0.11 |
storage.tehzombijesus.ca |
Storage Management |
| ๐ก๏ธ AdGuard | http://10.0.0.12:3000 |
adguard.tehzombijesus.ca |
DNS Filtering |
| ๐ณ Portainer | https://10.0.0.13:9000 |
portainer.tehzombijesus.ca |
Container Management |
| ๐ฌ Plex | http://10.0.0.13:32400 |
plex.tehzombijesus.ca |
Media Server |
| ๐ฎ Pterodactyl | https://10.0.0.14 |
games.tehzombijesus.ca |
Game Server Panel |
| ๐ Monitoring | http://10.0.0.15:3001 |
monitoring.tehzombijesus.ca |
System Monitoring |
- ๐ YubiKey 5 NFC integration across all services
- ๐ก๏ธ CrowdSec threat intelligence on all VMs
- โ๏ธ Cloudflare Zero Trust for all external access
- ๐ SSH key-only authentication (local network only)
- ๐ Encrypted storage for sensitive data
- ๐ง Email alerting for critical security events
| Category | Technology | Purpose |
|---|---|---|
| Hypervisor | Proxmox VE | VM management |
| Storage | TrueNAS Scale + ZFS | Reliable data storage |
| Security | CrowdSec + YubiKey | Threat protection |
| Containers | Docker + Portainer | Service deployment |
| Access | Cloudflare Tunnels | Secure external access |
| Privacy | UsenetExpress | Content acquisition |
- Server: HP EliteDesk 800 G5
- Memory: 64GB RAM
- Storage: 2TB RAID 1 (expandable)
- Network: Single 10.0.0.x subnet
- Authentication: YubiKey 5 NFC
- Day 1: Foundation setup (Proxmox โ TrueNAS โ Core Services)
- Day 2: Applications deployment (Media โ Gaming โ Monitoring)
- Ongoing: Maintenance and expansion
Each VM directory contains its complete setup guide with commands and configurations.
Each directory's README includes:
- ๐ ๏ธ Installation steps with copy-paste commands
- ๐ Security hardening configurations
- ๐ง Configuration files and settings
- ๐ฏ Testing procedures to verify functionality
Current Status: ๐ In Development
Target Completion: [Your deployment dates]
License Usage: Ubuntu Pro (4 of 5 licenses allocated)
- ๐ฑ Mobile management apps
- ๐ IoT device integration
- ๐ Geographic redundancy (OVH offsite backups)
- ๐ค Advanced automation workflows
All external access is secured through Cloudflare Zero Trust with YubiKey authentication. No direct port exposure to internet.
๐ก Philosophy:
Secure by design, practical to manage, privacy-focused infrastructure for personal use.