An overview and documentation of my personal homelab environment, network architecture, and self-hosted infrastructure.
This repository contains the configurations, docker-compose files, and Infrastructure as Code (IaC) for my homelab. The primary goals of this environment are to learn new technologies, self-host essential services, and experiment with network security and automation. Homelab Diagram
I've also created Infrastructure as Code for my homelab which you can view here Homelab IaC
Looking for Homelab guides? All hardware-agnostic documentation and step-by-step guides for setting up these services from scratch can be found in my separate repository: Homelab Manuals.
My infrastructure is logically divided into distinct VLANs to separate the core home network from isolated security testing environments.
| Network | Description | Purpose |
|---|---|---|
| VLAN 1 | Home Network | Main secure network for trusted end devices and core services. |
| VLAN 2 | Honeypot | Isolated network strictly for security monitoring and capturing malicious traffic. |
| External Service | Category | Badge |
|---|---|---|
| Ubiquiti Ecosystem | Gateway & Switching |  |
| Cloudflare | DNS & Domain Management | |
| GitHub | Version Control & Backups |  |
| Discord | System Alerts (Webhooks) |  |
| Node | Hardware | OS/Hypervisor | Primary Role |
|---|---|---|---|
| Node 1 | HP Prodesk 600 G3 | Main Compute (VMs/LXC) | |
| Node 2 | Ugreen DXP2800 | |
NAS & Media Storage |
| Node 3 | Raspberry Pi 3 | Security Node (VLAN 2) |
| Service | Badge | Description | Tags |
|---|---|---|---|
| Torrenting Box | Isolated Docker environment for secure P2P via VPN. | VM VPN |
|
| Docker-Server | VM server to gather core docker containers. | VM Server |
Services on Docker-Server VM:
| Service | Badge | Description | Tags |
|---|---|---|---|
| n8n | Workflow Engine | Automation |
|
| Paperless-ngx | Document Management & OCR | Productivity |
|
| Gotenberg | API for PDF conversions | Backend |
|
| Apache Tika | Content analysis & extraction | Backend |
|
| Personal Portfolio | Self-hosted Portfolio Site | Web |
Network & Security
| Service | Badge | Description | Tags |
|---|---|---|---|
| Nginx Proxy Manager |  |
Reverse Proxy & SSL Management | [Tailscale Node] [Wazuh Agent] |
| AdGuard Home | DNS Sinkhole & Tailscale routing | [Tailscale Node] [Wazuh Agent] |
Monitoring & Alerting
| Service | Badge | Description | Tags |
|---|---|---|---|
| Wazuh | SIEM & Threat Detection | ||
| Grafana | Metrics Visualization Dashboards | ||
| Prometheus | Time-series Metric Collection | ||
| Glances | Real-time System Monitoring | ||
| Uptime Kuma | Uptime tracking for services | [Tailscale Node] |
|
| Prometheus Alerts | Self-hosted notification routing |
Dev & Automation
| Service | Badge | Description | Tags |
|---|---|---|---|
| Gitea | Self-hosted Git with Cron backups | ||
| Auto-updaters | Automated container management |
Productivity & Tools
| Service | Badge | Description | Tags |
|---|---|---|---|
| Syncthing | P2P File Synchronization | ||
| Linkwarden | Bookmark Archive & Manager | ||
| File Browser | Web UI for filesystem access |
Dashboard
| Service | Badge | Description | Tags |
|---|---|---|---|
| Homepage | Central Service Dashboard | [Tailscale Node] |
| Service | Badge | Description |
|---|---|---|
| Jellyfin | Media server for local streaming | |
| Photo/Media | Dedicated media backup containers |
| Service | Badge | Description | Tags |
|---|---|---|---|
| Web-Honeypot | Captures malicious traffic on VLAN 2 | [Wazuh Agent] VLAN 2 |
I'm Jonathan, and I develop projects in my spare time that help myself and others become better and more efficient developers!
This project is licensed under CC BY-SA 4.0.