--- title: Homelab Infrastructure description: This document outlines the internal infrastructure of the my homelab. author: wompmacho date: 2026-03-27 tags: - homelab - infrastructure - networking - virtualization --- # Homelab Infrastructure This document outlines the internal infrastructure of the **wompmacho** homelab. The lab is built on a high-speed **10GbE backbone** and utilizes a hybrid architecture of dedicated NAS storage, Proxmox virtualization, and containerized services for media, self-hosting, and development. [TOC] ## Physical and hardware registry ### Compute and virtualization | Node Name | Hardware | OS | Primary Role | | --------------------------------- | -------------------------------------------------------- | ---------------- | --------------------------------------- | | **router** (`10.0.0.1`) | GMKtec M5 Plus, Ryzen 7 5825U, 32GB RAM, Dual NIC 2.5GbE | OPNsense 25.1 | Routing, Firewall, VPN | | **truenas** (`10.0.0.2`) | Core i7-7700K, 32GB RAM, Broadcom SAS 3008 (SAS 9300-8i) | TrueNAS-25.04.1 | Primary Storage (10GbE), Media Apps | | **laptop-proxmox** (`10.0.0.142`) | Ryzen 7 5800H, 64GB RAM, 1TB WD BLACK + 500GB SSD | Proxmox VE 8.4.1 | Virtualization Host (2.5GbE) | | **game-pc** | Core i9-13900K, 64GB DDR5 6400, RTX 4080, Z790-Creator | Windows 11 | High-end Gaming / AI Inference (Ollama) | ### Networking hardware * **Switch**: NICGIGA 8-Port 10G Unmanaged Switch (10GbE Base-T). * **WiFi**: Linksys WiFi in bridge mode. * **Modem**: Comcast gateway (Bridged mode). * **Camera**: Amcrest IP Camera (WiFi) - IP: `10.0.0.194`. ### Power and environment * **UPS**: CyberPower CP1500PFCLCD (1500VA/1000W, Sine Wave). * **Smart Control**: TP-Link Tapo P115 Smart Plugs (15A/1800W Max). ### Detailed hardware specifications #### Storage node (`truenas`) * **CPU**: Intel Core i7-7700K @ 4.20GHz * **Memory**: 32GB RAM * **HBA Controller**: Broadcom SAS 3008 (SAS 9300-8i equivalent) PCIe 3.0 X8, 2x Mini SAS SFF-8643 * **Cables**: Sonilco Mini SAS HDD SFF-8643 to 4 SFF-8482 with 15-pin Power Port Cord * **Drives**: 10x Seagate Enterprise Capacity 3.5 HDD (ST6000NM0034), 6TB 7.2K RPM SAS 12Gb/s 128MB Cache #### Virtualization node (`laptop-proxmox`) * **CPU**: AMD Ryzen 7 5800H (8 Cores, 16 Threads) * **Memory**: 64GB Crucial RAM Kit (2x32GB) DDR4 3200MHz CL22 (CT2K32G4SFD832A) * **Storage**: 1TB WD_BLACK NVMe SSD (VM disks), 500GB SSD (Boot disk) #### Router node (`router`) * **Model**: GMKtec M5 Plus Gaming Mini PC * **CPU**: AMD Ryzen 7 5825U with Radeon Graphics (8 cores, 16 threads) * **Memory**: 32GB RAM * **Storage**: 1TB SSD #### Workstation / Gaming (`game-pc`) * **CPU**: Intel Core i9-13900K (24 cores: 8 P-cores + 16 E-cores) * **Cooler**: Noctua NH-D15 chromax.Black Dual-Tower CPU Cooler * **Motherboard**: ASUS ProArt Z790-Creator WiFi 6E LGA 1700 * **Memory**: 64GB G.Skill Trident Z5 RGB Series (2 x 32GB) DDR5 6400 CL32-39-39-102 1.40V (F5-6400J3239G32GX2-TZ5RK) * **GPU**: ZOTAC Gaming GeForce RTX 4080 16GB AMP Extreme AIRO (ZT-D40810B-10P) * **Storage**: 1TB WD_BLACK SN770 NVMe Gaming SSD (WDS100T3X0E) * **Power Supply**: Corsair RM1000x (2021) Fully Modular ATX 80 PLUS Gold #### Networking and power peripherals * **Switch**: NICGIGA 8-Port 10G Ethernet Switch Unmanaged (8x 10Gb Base-T Ports) * **UPS**: CyberPower CP1500PFCLCD PFC Sinewave UPS Battery Backup (1500VA/1000W) * **Smart Plugs**: TP-Link Tapo P115 Smart Plug Wi-Fi Mini (15A/1800W Max) ## Networking architecture ### Logical structure * **LAN Subnet**: `10.0.0.0/16` * **Default Gateway**: `10.0.0.1` (OPNsense) * **Primary DNS**: `10.0.0.11` (Pi-hole) ### VPN * **Tunnel Subnet**: `10.10.10.0/24` * **Phone Peer**: `10.10.10.3/32` ## Storage infrastructure ### Pool configuration * **Topology**: 1 x RAIDZ2 | 10-wide | 6TB SAS Drives. * **Drives**: Seagate Enterprise Capacity ST6000NM0034 (6TB 7.2K RPM SAS 12Gb/s). * **HBA**: Broadcom SAS 3008 (SAS 9300-8i equivalent) with Mini SAS SFF-8643 to 4 SFF-8482 cables. * **Capacity**: ~37.27 TiB Usable. ## Virtualization cluster The Proxmox virtualization host (`laptop-proxmox`) is an entirely separate physical node from the TrueNAS storage server. They communicate with each other primarily over the 10GbE backbone switch. ### Proxmox node (`laptop-proxmox` - `10.0.0.142`) | ID | Type | Hostname | IP | Role | | --- | ---- | --------------- | ---------- | ------------------------------- | | - | LXC | **pihole** | 10.0.0.11 | DNS Sinkhole / Local DNS | | - | VM | **docker** | 10.0.0.190 | Main Docker Host (Ubuntu 24.04) | | - | VM | **pterodactyl** | 10.0.0.110 | Game Server Panel (Debian) | ## Docker services These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via Nginx Proxy Manager (SSL via Cloudflare). | Container Name | Mapped Ports | Access | Description / Role | | ----------------------- | ---------------------- | ------------ | ------------------------------------------------------------------------- | | **nginx-proxy-manager** | 80, 81, 443 | Internal/VPN | Reverse proxy for all internal and external domains | | **portainer** | 8000, 9000, 9001, 9443 | Internal/VPN | Docker container management GUI | | **cloudflare-ddns** | - | Internal/VPN | Automatically updates dynamic IP to Cloudflare DNS | | **immich_server** | 2283 | Public | Photo/Video backup and gallery (`immich.wompmacho.com`) | | **immich_postgres** | 5432 (Internal) | Internal/VPN | Database for Immich | | **immich_redis** | 6379 (Internal) | Internal/VPN | Cache for Immich | | **vaultwarden** | 9998, 9999 | Public | Self-hosted Bitwarden password manager (`vaultwarden.wompmacho.com`) | | **gitea** | 222, 3001 | Public | Internal Git repository host (`git.wompmacho.com`) | | **gitea-db-1** | 5432 (Internal) | Internal/VPN | PostgreSQL Database for Gitea | | **gitea_runner** | - | Internal/VPN | CI/CD Action Runner for Gitea pipelines | | **frigate** | 5000, 8554, 8555, 8971 | Public | AI NVR actively recording the Amcrest IP camera (`frigate.wompmacho.com`) | | **homepage** | 7676 | Internal/VPN | Dashboard for navigation (`http://homepage/`) | | **docs-public** | 9895 | Public | Nginx serving public Hugo documentation (`wiki.wompmacho.com`) | | **docs-private** | 9897 | Internal/VPN | Nginx serving private Hugo documentation (`private`) | | **paperless-ngx** | 3003 | Internal/VPN | Document management system (`http://paperless/`) | | **sure** | 3006 | Internal/VPN | Self-hosted shared finance tracking application (`http://sure/`) | | **audiobookshelf** | 13378 | Public | Audiobook and podcast server (`audiobookshelf.wompmacho.com`) | | **webtop** | 7978, 7979 | Public | Browser-based desktop environment (`webtop.wompmacho.com`) | | **open-webui** | 3007 | Internal/VPN | ChatGPT-like web interface connected to Ollama LLMs (`http://gemma/`) | | **linkstack** | 80, 8190 | Public | Personal link landing page | | **torrent** | 8181, 8999 | Internal/VPN | Internal/VPN (`http://torrent/`) | | **dozzle** | 4343 | Internal/VPN | Internal/VPN (`http://dozzle/`) | ## Media stack These services are hosted on the TrueNAS node (`truenas`) and proxied via the Docker VM (`10.0.0.190`). | Service | Upstream Port | Description | | -------------- | ------------- | ------------------------------------------ | | **Sonarr** | 30027 | TV Show Management | | **Radarr** | 30025 | Movie Management | | **Lidarr** | 30014 | Music Management | | **Readarr** | 30045 | Book Management | | **Prowlarr** | 30050 | Indexer Management | | **Bazarr** | 30046 | Subtitle Management | | **Jellyfin** | 30013 | Media Streaming Server | | **Jellyseerr** | 30042 | Media Requests (`jellyseer.wompmacho.com`) | ## Self-Hosted AI Infrastructure The lab includes a distributed self-hosted AI architecture utilizing the high-speed local network: * **Compute Backend**: The **game-pc** (`10.0.0.109`) runs **Ollama**, utilizing the RTX 4080 GPU to serve large language models (e.g., `gemma4:26b`, `gemma4:e4b`) over port `11434`. * **Web Interface**: The **open-webui** container runs on the Docker VM (`10.0.0.190`), providing a ChatGPT-like RAG interface for general use, mapping `/srv/open-webui` for persistent chat and vector databases. * **Developer Integration**: VS Code instances (like `code-server` running directly on the Proxmox host) utilize the **Continue.dev** extension configured with MCP (Model Context Protocol) to execute autonomous terminal commands via the remote Ollama models. ## Security and maintenance * **SSL/TLS**: Managed via Nginx Proxy Manager with Cloudflare DNS challenge. * **Firewall**: OPNsense handles all inter-VLAN and external routing. * **Monitoring**: Portainer for container health; UPS for power stability.