wompmacho
f636633c27
All checks were successful
deploy-docs / build-and-deploy (push) Successful in 1m44s
12 KiB
12 KiB
title, description, author, date, lastmod, tags
| title | description | author | date | lastmod | tags | ||||
|---|---|---|---|---|---|---|---|---|---|
| Homelab Infrastructure | This document outlines the internal infrastructure of the my homelab. | wompmacho | 2026-03-27 | 2026-05-30 |
|
Homelab Infrastructure
This document outlines the internal infrastructure of the wompmacho homelab. The lab is built on a high-speed 10GbE backbone and utilizes a hybrid architecture of dedicated NAS storage, Proxmox virtualization, and containerized services for media, self-hosting, and development.
[!TIP] Visual Guide For a visual representation of the network and hardware layout, see the Infrastructure Diagrams.
[TOC]
Physical and hardware registry
Compute and virtualization
| Node Name | Hardware | OS | Primary Role |
|---|---|---|---|
router (10.0.0.1) |
GMKtec M5 Plus, Ryzen 7 5825U, 32GB RAM, Dual NIC 2.5GbE | OPNsense 25.1 | Routing, Firewall, VPN |
truenas (10.0.0.2) |
Core i7-7700K, 32GB RAM, Broadcom SAS 3008 (SAS 9300-8i) | TrueNAS-25.04.1 | Primary Storage (10GbE), Media Apps |
laptop-proxmox (10.0.0.142) |
Ryzen 7 5800H, 64GB RAM, 1TB WD BLACK + 500GB SSD | Proxmox VE 8.4.1 | Virtualization Host (2.5GbE) |
| game-pc | Core i9-13900K, 64GB DDR5 6400, RTX 4080, Z790-Creator | Windows 11 | High-end Gaming / AI Inference (Ollama) |
Networking hardware
- Switch: NICGIGA 8-Port 10G Unmanaged Switch (10GbE Base-T).
- WiFi: Linksys WiFi in bridge mode.
- Modem: Comcast gateway (Bridged mode).
- Camera: Amcrest IP Camera (WiFi) - IP:
10.0.0.194.
Power and environment
- UPS: CyberPower CP1500PFCLCD (1500VA/1000W, Sine Wave).
- Smart Control: TP-Link Tapo P115 Smart Plugs (15A/1800W Max).
Detailed hardware specifications
Storage node (truenas)
- Motherboard: Z170A GAMING PRO
- CPU: Intel Core i7-7700K @ 4.20GHz (4 Cores / 8 Threads)
- Memory: 32GB RAM
- HBA Controller: Broadcom SAS 3008 (SAS 9300-8i equivalent) PCIe 3.0 X8, 2x Mini SAS SFF-8643
- Cables: Sonilco Mini SAS HDD SFF-8643 to 4 SFF-8482 with 15-pin Power Port Cord
- Drives: 10x Seagate Enterprise Capacity 3.5 HDD (ST6000NM0034), 6TB 7.2K RPM SAS 12Gb/s 128MB Cache
Virtualization node (laptop-proxmox)
- Laptop: Dell G15 5515 Laptop 15.6 inch FHD AMD Ryzen 7 5800h
- CPU: AMD Ryzen 7 5800H (8 Cores, 16 Threads)
- Memory: 64GB Crucial RAM Kit (2x32GB) DDR4 3200MHz CL22 (CT2K32G4SFD832A)
- Storage: 1TB WD_BLACK NVMe SSD (VM disks), 500GB SSD (Boot disk)
- GPU: Nvidia® GeForce® RTX™ 3060, 6 GB, GDDR6
Router node (router)
- Model: GMKtec M5 Plus Gaming Mini PC
- CPU: AMD Ryzen 7 5825U with Radeon Graphics (8 cores, 16 threads)
- Memory: 32GB RAM
- Storage: 1TB SSD
Workstation / Gaming (game-pc)
- CPU: Intel Core i9-13900K (24 cores: 8 P-cores + 16 E-cores)
- 8 P-Cores x 2 threads = 16 threads
- 16 E-Cores x 1 thread = 16 threads
- Total available vCPUs: 32 threads
- Cooler: Noctua NH-D15 chromax.Black Dual-Tower CPU Cooler
- Motherboard: ASUS ProArt Z790-Creator WiFi 6E LGA 1700
- Memory: 64GB G.Skill Trident Z5 RGB Series (2 x 32GB) DDR5 6400 CL32-39-39-102 1.40V (F5-6400J3239G32GX2-TZ5RK)
- GPU: ZOTAC Gaming GeForce RTX 4080 16GB AMP Extreme AIRO (ZT-D40810B-10P)
- Storage: 1TB WD_BLACK SN770 NVMe Gaming SSD (WDS100T3X0E)
- Power Supply: Corsair RM1000x (2021) Fully Modular ATX 80 PLUS Gold
Networking and power peripherals
- Switch: NICGIGA 8-Port 10G Ethernet Switch Unmanaged (8x 10Gb Base-T Ports)
- UPS: CyberPower CP1500PFCLCD PFC Sinewave UPS Battery Backup (1500VA/1000W)
- Smart Plugs: TP-Link Tapo P115 Smart Plug Wi-Fi Mini (15A/1800W Max)
Networking architecture
Logical structure
- LAN Subnet:
10.0.0.0/16 - Default Gateway:
10.0.0.1(OPNsense) - Primary DNS:
10.0.0.11(Pi-hole)
VPN and Proxy
- Tunnel Subnet:
10.10.10.0/24 - Phone Peer:
10.10.10.3/32 - Gluetun (Container VPN): Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
- NPM & Pi-hole Automation: Sidecar containers (
npm-syncandpihole-dns-shim) monitor the Docker socket and automatically provision Reverse Proxy hosts and local DNS records based on container Labels.
Storage infrastructure
Pool configuration
- Topology: 1 x RAIDZ2 | 10-wide | 6TB SAS Drives.
- Drives: Seagate Enterprise Capacity ST6000NM0034 (6TB 7.2K RPM SAS 12Gb/s).
- HBA: Broadcom SAS 3008 (SAS 9300-8i equivalent) with Mini SAS SFF-8643 to 4 SFF-8482 cables.
- Capacity: ~37.27 TiB Usable.
Virtualization cluster
The Proxmox virtualization host (laptop-proxmox) is an entirely separate physical node from the TrueNAS storage server. They communicate with each other primarily over the 10GbE backbone switch.
Proxmox node (laptop-proxmox - 10.0.0.142)
| ID | Type | Hostname | IP | Role |
|---|---|---|---|---|
| - | LXC | pihole | 10.0.0.11 | DNS Sinkhole / Local DNS |
| - | VM | docker | 10.0.0.190 | Main Docker Host (Ubuntu 24.04) |
| - | VM | pterodactyl | 10.0.0.110 | Game Server Panel (Debian) |
| - | LXC | invidious | 10.0.0.217 | Invidious Private YouTube Proxy Web Client |
Docker services
These services run on the main Docker Host VM (10.0.0.190) and are proxied via Nginx Proxy Manager (SSL via Cloudflare).
| Container Name | Mapped Ports | Access | Proxy Route / Domain | Description / Role |
|---|---|---|---|---|
| nginx-proxy-manager | 80, 81, 443 | Internal/VPN | http://nginx/ |
Reverse proxy manager dashboard (Port 81) and SSL termination |
| gluetun | 8181, 6565, 6881, etc. | Internal/VPN | - | VPN Gateway for other containers |
| portainer | 8000, 9000, 9001, 9443 | Internal/VPN | http://portainer/ |
Docker container management GUI |
| cloudflare-ddns | - | Internal/VPN | - | Automatically updates dynamic IP to Cloudflare DNS |
| immich_server | 2283 | Public | immich.wompmacho.com |
Photo/Video backup and gallery server |
| immich_postgres | 5432 (Internal) | Internal/VPN | - | Database for Immich gallery |
| immich_redis | 6379 (Internal) | Internal/VPN | - | Redis cache for Immich gallery |
| immich_machine_learning | - (Internal) | Internal/VPN | - | AI Machine Learning inference backend for Immich |
| vaultwarden | 9998, 9999 | Public | vaultwarden.wompmacho.com |
Self-hosted Bitwarden password manager |
| gitea | 222, 3001 | Public | git.wompmacho.com |
Internal Git repository host |
| gitea-db-1 | 5432 (Internal) | Internal/VPN | - | PostgreSQL Database for Gitea |
| gitea_runner | - | Internal/VPN | - | CI/CD Action Runner for Gitea pipelines |
| frigate | 5000, 8554, 8555, 8971 | Public | frigate.wompmacho.com, http://frigate/ |
AI NVR actively recording Amcrest IP camera |
| homepage | 7676 | Internal/VPN | http://homepage/ |
Navigation dashboard |
| docs-public | 9895 | Public | wiki.wompmacho.com |
Nginx serving public Hugo documentation |
| docs-private | 9897 | Internal/VPN | http://private/ |
Nginx serving private Hugo documentation |
| paperless-ngx | 3003 | Internal/VPN | http://paperless/ |
Document management system web interface |
| paperless-broker | 6379 (Internal) | Internal/VPN | - | Redis message broker for Paperless-ngx task queue |
| paperless-db | 5432 (Internal) | Internal/VPN | - | PostgreSQL backend database for Paperless-ngx |
| audiobookshelf | 13378 | Public | audiobookshelf.wompmacho.com |
Audiobook and podcast server |
| openai (formerly open-webui) | 3007 | Internal/VPN | http://openai/, http://gemma/ |
OpenAI-compatible API gateway and LLM web interface |
| reaper | 3010 | Internal/VPN | http://reaper/ |
Automated Reaper DAW interface in a web browser (currently in maintenance) |
| dev (code-server) | 8443 | Public | dev.wompmacho.com |
VS Code remote development environment running directly on the host |
| slopsmith-web (formerly slopsmith) | 10101 | Internal/VPN | http://slopsmith/ |
Custom internal application |
| linkstack | 8190 | Public | wompmacho.com, www.wompmacho.com |
Personal link landing page mapped to port 8190 |
| torrent (via Gluetun) | - | Internal/VPN | http://torrent/ |
qBittorrent client routed through VPN container |
| nicotine (via Gluetun) | - | Internal/VPN | http://nicotine/ |
Soulseek client routed through VPN container |
| navidrome | 4533 | Internal/VPN | http://music/ |
Personal music streaming server |
| musicbrainz_picard (formerly picard) | 5800 | Internal/VPN | http://picard/ |
MusicBrainz Picard tagger GUI |
| dozzle | 4343 | Internal/VPN | http://dozzle/ |
Real-time Docker log viewer |
| guacamole | 8080 | Public | guac.wompmacho.com |
Apache Guacamole client for browser-based remote desktop |
| guacd | 4822 (Internal) | Internal/VPN | - | Guacamole proxy daemon for RDP/SSH/VNC protocol handling |
| guac-postgresql | 5432 (Internal) | Internal/VPN | - | PostgreSQL backend database for Guacamole |
| neko | 8282, 52000-52100 (UDP) | Public | neko.wompmacho.com |
WebRTC streaming virtual browser room |
| homelable-frontend | 9444 | Internal/VPN | http://homelable/ |
Homelable interactive network visualizer frontend |
| homelable-backend | 9445 | Internal/VPN | - | Homelable API backend querying homelab network states |
| homelable-mcp | 8001 | Internal/VPN | - | Homelable MCP server exposing network state to LLMs |
| discodrome | - (Internal) | Internal/VPN | - | Music tagging and catalog indexing backend |
| npm-sync | - (Internal) | Internal/VPN | - | Sidecar daemon monitoring Docker socket to sync proxy records |
| pihole-dns-shim | - (Internal) | Internal/VPN | - | Sidecar daemon monitoring Docker socket to sync DNS records |
Truenas Services
These services are hosted on the TrueNAS node (truenas) and proxied via the Docker VM (10.0.0.190).
| Container Name | Mapped Ports | Access | Proxy Route / Domain | Description / Role |
|---|---|---|---|---|
| Sonarr | 30027 | Internal/VPN | - | TV Show Management |
| Radarr | 30025 | Internal/VPN | - | Movie Management |
| Lidarr | 30014 | Internal/VPN | - | Music Management |
| Readarr | 30045 | Internal/VPN | - | Book Management |
| Prowlarr | 30050 | Internal/VPN | - | Indexer Management |
| Bazarr | 30046 | Internal/VPN | - | Subtitle Management |
| Jellyfin | 30013 | Internal/VPN | - | Media Streaming Server |
| Jellyseerr | 30042 | Public | jellyseer.wompmacho.com |
Media Requests dashboard |
| calibre | 32015 | Internal/VPN | calibre | E-book management and calibre content server |
Self-Hosted AI Infrastructure
The lab includes a distributed self-hosted AI architecture utilizing the high-speed local network:
- Compute Backend: The game-pc (
10.0.0.109) runs Ollama, utilizing the RTX 4080 GPU to serve large language models (e.g.,gemma4:26b,gemma4:e4b) over port11434. - Web Interface: The open-webui container runs on the Docker VM (
10.0.0.190), providing a ChatGPT-like RAG interface for general use, mapping/srv/open-webuifor persistent chat and vector databases. - Developer Integration: VS Code instances (like
code-serverrunning directly on the Proxmox host) utilize the Continue.dev extension configured with MCP (Model Context Protocol) to execute autonomous terminal commands via the remote Ollama models.
Security and maintenance
- SSL/TLS: Managed via Nginx Proxy Manager with Cloudflare DNS challenge.
- Firewall: OPNsense handles all inter-VLAN and external routing.
- Monitoring: Portainer for container health; UPS for power stability.