🏠 Home Lab Platform Overview

This home lab is a self-hosted internal platform designed to model production-grade infrastructure and SRE practices. It provides standardized compute, networking, storage, identity, and automation primitives used to deploy and operate services in a controlled environment.

The platform emphasizes reproducibility, automation, observability, and operational discipline, mirroring modern platform engineering principles.

🎯 Platform Goals

• Design and operate a production-like infrastructure platform
• Practice Infrastructure-as-Code and automated change management
• Implement identity-first, modern authentication workflows
• Operate observable, recoverable, and well-documented services
• Provide a safe environment for experimentation and failure analysis

🧱 Platform Foundation

The Platform Foundation defines the lowest architectural layer of the homelab. These components provide the execution environment upon which all platform capabilities and workloads depend.

🖥 Compute & Virtualization

A clustered Proxmox Virtual Environment provides the compute substrate for all workloads.

• Multi-node Proxmox VE cluster
• Standardized Ubuntu 24.04 VM templates via cloud-init
• Automated VM provisioning with Ansible
• Docker-based container workloads
• WSL2 used as an Ansible control node

🌐 Networking

Networking is designed for availability, segmentation, and secure ingress. The Homelab Network Architecture and Traffic Flows provides a clear, end‑to‑end view of how traffic moves through the homelab—from physical topology to VLAN boundaries and service‑level flows.

• Cloudflare provides the homelab’s public‑facing edge, delivering DNS, reverse‑proxy protection, and secure IP‑obfuscated access to internal services.
• VLAN Architecture and Segmentation summarizes the design and usage of network segmentation
• Nginx reverse-proxy cluster for routing and TLS termination
• Automated certificate lifecycle via Certbot
• Redundant Pi-hole DNS instances

💾 Storage & Data Protection

Storage services simulate enterprise data architectures.

• Ceph distributed storage cluster
• iSCSI volumes hosted on Synology NAS
• NFS / Samba exports from TrueNAS
• PostgreSQL — standardized backend database for supported applications
• Centralized backup and recovery via Proxmox Backup Server

🔐 Identity & Access Management

Identity is centralized and treated as a first-class platform service.

• Windows Server 2022 Domain Controller
• LDAP integration for Linux and compatible services
• OAuth2 Proxy access via Microsoft Entra ID

This enables testing of federation, authorization, and modern authentication flows.

🧩 Application Workloads

Application workloads are user-facing services deployed on top of the platform.
They consume core services such as identity, storage, networking, and monitoring.

🎬 Media Services

• Plex
• Tautulli
• Radarr
• Sonarr
• Lidarr
• Sabnzbd
• Ombi

📚 Library & Content Management

• Calibre
• Calibre-Web
• Lazy Librarian

🎮 Game Servers

• Minecraft Server

🤖 Home Automation

• Home Assistant

📈 Observability & Monitoring

The platform is observable by design.

• Prometheus for metrics collection
• Grafana for dashboards and visualization
• Exporters deployed across compute, storage, and services

For detailed architecture, 👉 see Monitoring & Observability.

⚙️ Automation & Platform Operations

Platform changes are automated, auditable, and repeatable.

• Ansible for provisioning and configuration management
• Semaphore for controlled playbook execution
• Terraform (orchestrated via Ansible) for declarative infrastructure
• Jenkins for CI/CD pipelines
• GitHub Actions for cloud-based workflows

💻 Infrastructure-as-Code

All platform configuration is managed as Infrastructure-as-Code.

• Source-controlled in GitHub
• Developed and tested using Visual Studio Code and Code Server
• Git-based change history provides auditability and rollback
• Enforces consistency across environments

📚 Operational Runbooks

Operational runbooks define how the platform is operated.

• VM lifecycle management
• Service deployment workflows
• Backup and recovery procedures
• Identity and networking operations

For all procedures, 👉 See Runbooks.

🧱 Platform Dependency Model

The homelab follows a layered dependency model consistent with platform engineering and SRE practices.

+--------------------------------------------------+
|                  Applications                    |
|   Media services, test workloads, experiments    |
+--------------------------------------------------+
|           Platform Capabilities & Ops            |
|   CI/CD, Automation, IaC, Runbooks               |
+--------------------------------------------------+
|              Core Platform Services              |
|   Identity, Databases, Backup, Monitoring        |
+--------------------------------------------------+
|              Platform Foundation                 |
|   Compute, Networking, Storage                   |
+--------------------------------------------------+
|               Physical Infrastructure            |
|   Hosts, disks, network hardware                 |
+--------------------------------------------------+

Each layer depends only on the layer below it. Failures in lower layers propagate upward, informing monitoring priorities, recovery planning, and operational response.

📘 Platform Governance & Documentation

• Redmine serves as the system of record for issues and documentation
• This wiki is mirrored as a static site at https://homelab.refol.us
• Mirroring workflow documented in Home Lab Wiki Mirror to a Static Website Workflow

📌 Summary

This homelab functions as a personal internal platform, enabling standardized service delivery, reliable automation, secure access, and observable operations while supporting continuous learning aligned with real-world SRE and platform engineering practices.