Homelab Overview
This is an overview of my homelab.
This is my first homelab that i’ve been working on for 3 months now.
Hardware Specifications
- Dell Optiplex 3070
- 32GB RAM
- Intel Core i5-9500
- Intel 82576 2-Port 1Gb NIC
- TP-Link TL-SG108E
Details
My homelab is designed to serve as both a learning environment and a functional network for daily use. At the core of the setup is a Dell Optiplex 3070, running Proxmox as the hypervisor to host multiple virtual machines (VMs) and Linux containers (LXC). To ensure proper network segmentation and security, I’ve configured an OPNsense VM as the main firewall, with its dual NIC passed through for WAN and LAN connections.
The TP-Link TL-SG108E smart switch enables VLAN segmentation, allowing me to separate different types of traffic across VLANs. This setup helps in organizing services, maintaining security, and limiting unnecessary communication between devices.
The homelab is divided into specific VLANs for management, trusted services, WAN-exposed services, media automation, and experimental environments. This structure ensures that every service has a dedicated, secure space in the network while enabling controlled interaction where necessary.
Overall, my homelab is a combination of networking, automation, and media solutions. It serves as a sandbox to explore new technologies while supporting real-world applications like media hosting and remote access.
Network Segmentation
- WAN
- LAN (Management)
- VLAN 10 (Trusted)
- VLAN 20 (Wan-Exposed Services)
- VLAN 30 (Media)
WAN
One of the interfaces on the dual NIC is passed through to the OPNsense VM and connected to my home router. I’m not using bridge mode because I want my home network to remain independent of my homelab.
LAN (Management Interface)
VLAN-ID | Service/Device |
---|---|
Default | Opnsense gui |
Default | Tp-link Switch gui |
Default | Proxmox gui |
Default | Laptop |
The second interface on the dual NIC is passed through to OPNsense and serves as the management interface. This interface provides access to the OPNsense GUI, Proxmox GUI, and TP-Link switch GUI. My laptop connects to the LAN ports on the switch to access these management interfaces.
VLAN 10 (Trusted)
VLAN-ID | Service/Device |
---|---|
10 | Adguard |
10 | Tailscale Subnet Router |
This VLAN hosts trusted services that are allowed to communicate with other VLANs.
- AdGuard: Acts as the DNS server for all services and devices in my homelab.
- Tailscale Subnet Router: Provides secure remote access to my homelab from anywhere.
VLAN 20 (Wan-Exposed Services)
VLAN-ID | Service/Device |
---|---|
20 | Jellyfin |
20 | Jellyseer |
20 | Nginx proxy manager |
20 | Qbittorrent |
This VLAN contains services exposed to WAN traffic, with necessary port forwarding configured.
- Jellyfin & Jellyseer: Media servers accessible from the internet basically my personal “Netflix”.
- Nginx Proxy Manager: Manages reverse proxy and SSL certificates for exposed services.
- qBittorrent: Requires port forwarding for optimal torrenting speeds.
VLAN 30 (MEDIA)
VLAN-ID | Service/Device |
---|---|
30 | Prowlarr |
30 | Bazarr |
30 | Flaresolverr |
30 | Sonarr |
30 | Radarr |
30 | Bazarr |
30 | Sonarr-anime |
30 | Radarr-anime |
30 | Bazarr-anime |
This VLAN hosts my *Arr stack, which automates media management for Jellyfin.
- Sonarr: For TV series (includes a separate instance for anime).
- Radarr: For movies (includes a separate instance for anime).
- Bazarr: For subtitles (includes a separate instance for the anime content).
- FlareSolverr: Handles Cloudflare challenges for automation.
These tools streamline media organization, making Jellyfin seamless and easy to use.
VLAN 40 (Untrusted)
Currently, this VLAN does not host any services or devices. The plan is to use it for VMs dedicated to experiments, such as malware testing or other isolated activities. This VLAN will be fully segregated from the rest of the network to ensure maximum security and prevent any potential risks from affecting trusted systems.
That’s a brief overview of my homelab. Thanks for reading!