My Homelab

This site documents my homelab: what I run, how it’s wired, and how I keep it documented and auditable. I’m sharing it so others can see a concrete example and borrow ideas—not a generic tutorial, but a real setup you can learn from and adapt.

What’s here

• Architecture — Three physical hosts (one is also my daily driver), a MikroTik router, and where every VM and service lives. Hyper-V on two Windows boxes, TrueNAS Scale on the third; nginx, Pi-hole, Docker, and Plex in specific places for HA and simplicity.
• Network — Single flat LAN, DHCP with reservations on the router, three Pi-holes for DNS redundancy, and how traffic gets from the internet to the right service (port forward → VIP → nginx → backends).
• Services — The exact stack: HA nginx with keepalived, Let’s Encrypt wildcard, Bitwarden, Mealie, ConvertX, IT-Tools, Donetick, Homepage, Plex, and how they’re exposed (subdomains, LAN-only where it matters).
• Security — What I actually do: SSH keys only, fail2ban, router hardening, TLS 1.2/1.3, and restricting admin UIs to the LAN.
• Documentation and automation — Repo-as-blueprint: placeholders for secrets, make generate-configs, make audit (including thorough config drift), and why that’s worth the effort.
• Getting started — A practical order if you want to build something similar, with links to the tech I use.

I keep internal IPs out of this; the domain is substituted at build time. Everything else is as I run it. If you’re technically curious and comfortable following links for depth, you should be able to replicate or adapt the design.

Next: Architecture →