wompmacho/docs-public
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b9ad18be15a9392c8003596200e31930bef9969a
docs-public/projects/homelab/homelab_Infra.md
wompmacho b9ad18be15
Some checks failed
deploy-docs / build-and-deploy (push) Failing after 17s
Details
change [TOC] to {{< toc >}}
2026-05-31 21:40:19 +00:00

216 lines
17 KiB
Markdown
Raw Blame History

---
title: Homelab Infrastructure
description: This document outlines the internal infrastructure of the my homelab.
author: wompmacho
date: 2026-03-27
lastmod: 2026-05-30
tags:
- homelab
- infrastructure
- networking
- virtualization
---
# Homelab Infrastructure
This document outlines the internal infrastructure of the **wompmacho** homelab. The lab is built on a high-speed **10GbE backbone** and utilizes a hybrid architecture of dedicated NAS storage, Proxmox virtualization, and containerized services for media, self-hosting, and development.
> [!TIP] Visual Guide
> For a visual representation of the network and hardware layout, see the [Infrastructure Diagrams](diagrams.md).
{{< toc >}}
## 2026 Home lab Diagram
{{< rawhtml >}}
<iframe
src="https://homelable.wompmacho.com/view?key=live"
width="100%"
height="700px"
style="border:none; border-radius: 8px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); overflow: auto;"
allowfullscreen>
</iframe>
{{< /rawhtml >}}
---
## Physical and hardware registry
### Compute and virtualization
| Node Name | Hardware | OS | Primary Role |
| --------------------------------- | -------------------------------------------------------- | ---------------- | --------------------------------------- |
| **router** (`10.0.0.1`) | GMKtec M5 Plus, Ryzen 7 5825U, 32GB RAM, Dual NIC 2.5GbE | OPNsense 25.1 | Routing, Firewall, VPN |
| **truenas** (`10.0.0.2`) | Core i7-7700K, 32GB RAM, Broadcom SAS 3008 (SAS 9300-8i) | TrueNAS-25.04.1 | Primary Storage (10GbE), Media Apps |
| **laptop-proxmox** (`10.0.0.142`) | Ryzen 7 5800H, 64GB RAM, 1TB WD BLACK + 500GB SSD | Proxmox VE 8.4.1 | Virtualization Host (2.5GbE) |
| **game-pc** | Core i9-13900K, 64GB DDR5 6400, RTX 4080, Z790-Creator | Windows 11 | High-end Gaming / AI Inference (Ollama) |
### Networking hardware
* **Switch**: NICGIGA 8-Port 10G Unmanaged Switch (10GbE Base-T).
* **WiFi**: Linksys WiFi in bridge mode.
* **Modem**: Comcast gateway (Bridged mode).
* **Camera**: Amcrest IP Camera (WiFi) - IP: `10.0.0.194`.
### Power and environment
* **UPS**: CyberPower CP1500PFCLCD (1500VA/1000W, Sine Wave).
* **Smart Control**: TP-Link Tapo P115 Smart Plugs (15A/1800W Max).
### Detailed hardware specifications
#### Storage node (`truenas`)
* **Motherboard**: Z170A GAMING PRO
* **CPU**: Intel Core i7-7700K @ 4.20GHz (4 Cores / 8 Threads)
* **Memory**: 32GB RAM
* **HBA Controller**: Broadcom SAS 3008 (SAS 9300-8i equivalent) PCIe 3.0 X8, 2x Mini SAS SFF-8643
* **Cables**: Sonilco Mini SAS HDD SFF-8643 to 4 SFF-8482 with 15-pin Power Port Cord
* **Drives**: 10x Seagate Enterprise Capacity 3.5 HDD (ST6000NM0034), 6TB 7.2K RPM SAS 12Gb/s 128MB Cache
#### Virtualization node (`laptop-proxmox`)
* **Laptop**: Dell G15 5515 Laptop 15.6 inch FHD AMD Ryzen 7 5800h
* **CPU**: AMD Ryzen 7 5800H (8 Cores, 16 Threads)
* **Memory**: 64GB Crucial RAM Kit (2x32GB) DDR4 3200MHz CL22 (CT2K32G4SFD832A)
* **Storage**: 1TB WD_BLACK NVMe SSD (VM disks), 500GB SSD (Boot disk)
* **GPU**: Nvidia® GeForce® RTX™ 3060, 6 GB, GDDR6
#### Router node (`router`)
* **Model**: GMKtec M5 Plus Gaming Mini PC
* **CPU**: AMD Ryzen 7 5825U with Radeon Graphics (8 cores, 16 threads)
* **Memory**: 32GB RAM
* **Storage**: 1TB SSD
#### Workstation / Gaming (`game-pc`)
* **CPU**: Intel Core i9-13900K (24 cores: 8 P-cores + 16 E-cores)
* **8 P-Cores** x 2 threads \= 16 threads
* **16 E-Cores** x 1 thread \= 16 threads
* **Total available vCPUs:** 32 threads
* **Cooler**: Noctua NH-D15 chromax.Black Dual-Tower CPU Cooler
* **Motherboard**: ASUS ProArt Z790-Creator WiFi 6E LGA 1700
* **Memory**: 64GB G.Skill Trident Z5 RGB Series (2 x 32GB) DDR5 6400 CL32-39-39-102 1.40V (F5-6400J3239G32GX2-TZ5RK)
* **GPU**: ZOTAC Gaming GeForce RTX 4080 16GB AMP Extreme AIRO (ZT-D40810B-10P)
* **Storage**: 1TB WD_BLACK SN770 NVMe Gaming SSD (WDS100T3X0E)
* **Power Supply**: Corsair RM1000x (2021) Fully Modular ATX 80 PLUS Gold
#### Networking and power peripherals
* **Switch**: NICGIGA 8-Port 10G Ethernet Switch Unmanaged (8x 10Gb Base-T Ports)
* **UPS**: CyberPower CP1500PFCLCD PFC Sinewave UPS Battery Backup (1500VA/1000W)
* **Smart Plugs**: TP-Link Tapo P115 Smart Plug Wi-Fi Mini (15A/1800W Max)
## Networking architecture
### Logical structure
* **LAN Subnet**: `10.0.0.0/16`
* **Default Gateway**: `10.0.0.1` (OPNsense)
* **Primary DNS**: `10.0.0.11` (Pi-hole)
### VPN and Proxy
* **Tunnel Subnet**: `10.10.10.0/24`
* **Phone Peer**: `10.10.10.3/32`
* **Gluetun (Container VPN)**: Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
* **NPM & Pi-hole Automation**: Sidecar containers (`npm-sync` and `pihole-dns-shim`) monitor the Docker socket and automatically provision Reverse Proxy hosts and local DNS records based on container **Labels**.
## Storage infrastructure
### Pool configuration
* **Topology**: 1 x RAIDZ2 | 10-wide | 6TB SAS Drives.
* **Drives**: Seagate Enterprise Capacity ST6000NM0034 (6TB 7.2K RPM SAS 12Gb/s).
* **HBA**: Broadcom SAS 3008 (SAS 9300-8i equivalent) with Mini SAS SFF-8643 to 4 SFF-8482 cables.
* **Capacity**: ~37.27 TiB Usable.
## Virtualization cluster
The Proxmox virtualization host (`laptop-proxmox`) is an entirely separate physical node from the TrueNAS storage server. They communicate with each other primarily over the 10GbE backbone switch.
### Proxmox node (`laptop-proxmox` - `10.0.0.142`)
| ID | Type | Hostname | IP | Role |
| --- | ---- | --------------- | ---------- | ------------------------------------------ |
| - | LXC | **pihole** | 10.0.0.11 | DNS Sinkhole / Local DNS |
| - | VM | **docker** | 10.0.0.190 | Main Docker Host (Ubuntu 24.04) |
| - | VM | **pterodactyl** | 10.0.0.110 | Game Server Panel (Debian) |
| - | LXC | **invidious** | 10.0.0.217 | Invidious Private YouTube Proxy Web Client |
## Docker services
These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via Nginx Proxy Manager (SSL via Cloudflare).
| Container Name | Mapped Ports | Access | Proxy Route / Domain | Description / Role |
| ---------------------------------------- | ----------------------- | ------------ | ------------------------------------------ | -------------------------------------------------------------------------- |
| **nginx-proxy-manager** | 80, 81, 443 | Internal/VPN | `http://nginx/` | Reverse proxy manager dashboard (Port 81) and SSL termination |
| **gluetun** | 8181, 6565, 6881, etc. | Internal/VPN | - | VPN Gateway for other containers |
| **portainer** | 8000, 9000, 9001, 9443 | Internal/VPN | `http://portainer/` | Docker container management GUI |
| **cloudflare-ddns** | - | Internal/VPN | - | Automatically updates dynamic IP to Cloudflare DNS |
| **immich_server** | 2283 | Public | `immich.wompmacho.com` | Photo/Video backup and gallery server |
| **immich_postgres** | 5432 (Internal) | Internal/VPN | - | Database for Immich gallery |
| **immich_redis** | 6379 (Internal) | Internal/VPN | - | Redis cache for Immich gallery |
| **immich_machine_learning** | - (Internal) | Internal/VPN | - | AI Machine Learning inference backend for Immich |
| **vaultwarden** | 9998, 9999 | Public | `vaultwarden.wompmacho.com` | Self-hosted Bitwarden password manager |
| **gitea** | 222, 3001 | Public | `git.wompmacho.com` | Internal Git repository host |
| **gitea-db-1** | 5432 (Internal) | Internal/VPN | - | PostgreSQL Database for Gitea |
| **gitea_runner** | - | Internal/VPN | - | CI/CD Action Runner for Gitea pipelines |
| **frigate** | 5000, 8554, 8555, 8971 | Public | `frigate.wompmacho.com`, `http://frigate/` | AI NVR actively recording Amcrest IP camera |
| **homepage** | 7676 | Internal/VPN | `http://homepage/` | Navigation dashboard |
| **docs-public** | 9895 | Public | `wiki.wompmacho.com` | Nginx serving public Hugo documentation |
| **docs-private** | 9897 | Internal/VPN | `http://private/` | Nginx serving private Hugo documentation |
| **paperless-ngx** | 3003 | Internal/VPN | `http://paperless/` | Document management system web interface |
| **paperless-broker** | 6379 (Internal) | Internal/VPN | - | Redis message broker for Paperless-ngx task queue |
| **paperless-db** | 5432 (Internal) | Internal/VPN | - | PostgreSQL backend database for Paperless-ngx |
| **audiobookshelf** | 13378 | Public | `audiobookshelf.wompmacho.com` | Audiobook and podcast server |
| **openai** (formerly open-webui) | 3007 | Internal/VPN | `http://openai/`, `http://gemma/` | OpenAI-compatible API gateway and LLM web interface |
| **reaper** | 3010 | Internal/VPN | `http://reaper/` | Automated Reaper DAW interface in a web browser (currently in maintenance) |
| **dev** (code-server) | 8443 | Public | `dev.wompmacho.com` | VS Code remote development environment running directly on the host |
| **slopsmith-web** (formerly slopsmith) | 10101 | Internal/VPN | `http://slopsmith/` | Custom internal application |
| **linkstack** | 8190 | Public | `wompmacho.com`, `www.wompmacho.com` | Personal link landing page mapped to port `8190` |
| **torrent** (via Gluetun) | - | Internal/VPN | `http://torrent/` | qBittorrent client routed through VPN container |
| **nicotine** (via Gluetun) | - | Internal/VPN | `http://nicotine/` | Soulseek client routed through VPN container |
| **navidrome** | 4533 | Internal/VPN | `http://music/` | Personal music streaming server |
| **musicbrainz_picard** (formerly picard) | 5800 | Internal/VPN | `http://picard/` | MusicBrainz Picard tagger GUI |
| **dozzle** | 4343 | Internal/VPN | `http://dozzle/` | Real-time Docker log viewer |
| **guacamole** | 8080 | Public | `guac.wompmacho.com` | Apache Guacamole client for browser-based remote desktop |
| **guacd** | 4822 (Internal) | Internal/VPN | - | Guacamole proxy daemon for RDP/SSH/VNC protocol handling |
| **guac-postgresql** | 5432 (Internal) | Internal/VPN | - | PostgreSQL backend database for Guacamole |
| **neko** | 8282, 52000-52100 (UDP) | Public | `neko.wompmacho.com` | WebRTC streaming virtual browser room |
| **homelable-frontend** | 9444 | Internal/VPN | `http://homelable/` | Homelable interactive network visualizer frontend |
| **homelable-backend** | 9445 | Internal/VPN | - | Homelable API backend querying homelab network states |
| **homelable-mcp** | 8001 | Internal/VPN | - | Homelable MCP server exposing network state to LLMs |
| **discodrome** | - (Internal) | Internal/VPN | - | Music tagging and catalog indexing backend |
| **npm-sync** | - (Internal) | Internal/VPN | - | Sidecar daemon monitoring Docker socket to sync proxy records |
| **pihole-dns-shim** | - (Internal) | Internal/VPN | - | Sidecar daemon monitoring Docker socket to sync DNS records |
## Truenas Services
These services are hosted on the TrueNAS node (`truenas`) and proxied via the Docker VM (`10.0.0.190`).
| Container Name | Mapped Ports | Access | Proxy Route / Domain | Description / Role |
| -------------- | ------------ | ------------ | ------------------------- | -------------------------------------------- |
| **Sonarr** | 30027 | Internal/VPN | - | TV Show Management |
| **Radarr** | 30025 | Internal/VPN | - | Movie Management |
| **Lidarr** | 30014 | Internal/VPN | - | Music Management |
| **Readarr** | 30045 | Internal/VPN | - | Book Management |
| **Prowlarr** | 30050 | Internal/VPN | - | Indexer Management |
| **Bazarr** | 30046 | Internal/VPN | - | Subtitle Management |
| **Jellyfin** | 30013 | Internal/VPN | - | Media Streaming Server |
| **Jellyseerr** | 30042 | Public | `jellyseer.wompmacho.com` | Media Requests dashboard |
| **calibre** | 32015 | Internal/VPN | calibre | E-book management and calibre content server |
## Self-Hosted AI Infrastructure
The lab includes a distributed self-hosted AI architecture utilizing the high-speed local network:
* **Compute Backend**: The **game-pc** (`10.0.0.109`) runs **Ollama**, utilizing the RTX 4080 GPU to serve large language models (e.g., `gemma4:26b`, `gemma4:e4b`) over port `11434`.
* **Web Interface**: The **open-webui** container runs on the Docker VM (`10.0.0.190`), providing a ChatGPT-like RAG interface for general use, mapping `/srv/open-webui` for persistent chat and vector databases.
* **Developer Integration**: VS Code instances (like `code-server` running directly on the Proxmox host) utilize the **Continue.dev** extension configured with MCP (Model Context Protocol) to execute autonomous terminal commands via the remote Ollama models.
## Security and maintenance
* **SSL/TLS**: Managed via Nginx Proxy Manager with Cloudflare DNS challenge.
* **Firewall**: OPNsense handles all inter-VLAN and external routing.
* **Monitoring**: Portainer for container health; UPS for power stability.
Reference in New Issue View Git Blame Copy Permalink