Infrastructure

Homelab

A production-grade homelab built for learning, experimentation, and hosting real services. Focused on reliability, automation, and clean architecture.

Architecture Overview

Philosophy

Separation of concerns, service isolation, and infrastructure as a learning platform.

Scale

7 VMs, 20+ services, multiple networks, internal and public access.

Goals

Real-world experience, automation, graceful failure handling.

Virtual Machines

Proxmox-Server-X

Primary hypervisor managing all VMs, containers, storage, and networking. Hosts the entire homelab infrastructure.

Proxmox VE ZFS Virtualization

DNS-X

10.77.53.90

NGINX reverse proxy with TLS termination and certificate management for all public and internal services.

NGINX Let's Encrypt Cloudflare

Web-X

10.77.53.20

CentOS web hosting server serving all public websites including this portfolio.

CentOS NGINX Cockpit

Fedora-X

10.77.53.50

Media services, AI tools, and automation platform. Runs Plex, Sonarr, Radarr, n8n, OpenWebUI, and more.

Fedora Docker 18 Containers

Minecraft-X

10.77.53.60

Dedicated game server hosting with Crafty Controller managing 2 Minecraft servers with cross-play support.

Crafty PaperMC Geyser

ITSIT-X

10.77.53.70

Business IT services infrastructure running Mailcow, Keycloak, Outline, and FileBrowser.

Mailcow Keycloak Outline

Unifi-X

10.77.53.30

Network management server running Unifi Network Controller for managing network infrastructure.

Unifi Networking Dockge

Services & Tools

Infrastructure

• Proxmox VE - Virtualization

• NGINX - Reverse proxy & web server

• Docker & Docker Compose

• Cockpit - Server management

• Tailscale - VPN mesh network

• Cloudflare - DNS & CDN

Media Stack

• Plex - Media server

• Sonarr - TV automation

• Radarr - Movie automation

• Prowlarr - Indexer manager

• qBittorrent - Download client

• Tdarr - Media transcoding

Automation & AI

• n8n - Workflow automation

• OpenWebUI - AI chat interface

• LiteLLM - Model routing proxy

• Prometheus - Monitoring

Gaming

• Crafty Controller - Server management

• ChickenMC - Minecraft SMP

• Josh and Friends - Public server

• Geyser - Bedrock cross-play

• Satisfactory - Dedicated server

Business Services

• Mailcow - Email server suite

• Keycloak - Identity management

• Outline - Wiki & documentation

• FileBrowser - Web file management

Management

• Dockge - Docker UI

• Unifi Network Controller

• Let's Encrypt - SSL automation

• Automated backups & updates

Technology Stack

Core Infrastructure

Virtualization: Proxmox VE

Operating Systems: CentOS, Fedora, Debian

Containerization: Docker, Docker Compose

Web Services: NGINX

Networking & Security

VPN: Tailscale mesh network

DNS & CDN: Cloudflare

Network: Unifi

SSL/TLS: Let's Encrypt

Access & Documentation

Internal vs Public Services

Most services run on the internal network and are accessible via *.internal.ngchicken.com subdomains. Public services like this website and mc.ngchicken.com are accessible from the internet.

VPN Access Required

Internal services require connection via Tailscale VPN for security. All services are behind NGINX reverse proxy (DNS-X) with automatic SSL certificate management.

Network Architecture

Local network: 10.77.53.0/24. Tailscale mesh network for remote access. All VMs connected via Proxmox virtual networking with gateway at 10.77.53.1.