Infrastructure

Homelab

A production-grade homelab built for learning, experimentation, and hosting real services. Focused on reliability, automation, and clean architecture.

Architecture Overview

Philosophy

Separation of concerns, service isolation, and infrastructure as a learning platform.

Scale

4 VMs, 2 LXC containers, 20+ services, multiple networks, internal and public access.

Goals

Real-world experience, automation, graceful failure handling.

Virtual Machines

Proxmox-Server-X

Primary hypervisor managing all VMs, containers, storage, and networking. Hosts the entire homelab infrastructure.

Proxmox VE ZFS Virtualization

DNS-X

10.77.53.90

Internal DNS server and reverse proxy for *.internal.ngchicken.com services.

Caddy Let's Encrypt Cloudflare

Web-X

172.16.50.2

DMZ reverse proxy and TLS terminator for all public services.

CentOS Caddy Cockpit

Fedora-X

10.77.53.50

Media services, AI tools, and automation platform. Runs Plex, Sonarr, Radarr, n8n, OpenWebUI, and more.

Fedora Docker 18 Containers

Minecraft-X

10.77.53.60

Dedicated game server hosting with Crafty Controller managing 2 Minecraft servers with cross-play support.

Crafty PaperMC Geyser

ITSIT-X

10.77.53.70

Business IT services infrastructure running Mailcow, Keycloak, Outline, and FileBrowser.

Mailcow Keycloak Outline

Unifi-X

10.77.53.30

Network management server running Unifi Network Controller for managing network infrastructure.

Unifi Networking Dockge

Services & Tools

Infrastructure

Proxmox VE - Virtualization

Caddy - Reverse proxy & web server

Docker & Docker Compose

Cockpit - Server management

Tailscale - VPN mesh network

Cloudflare - DNS & CDN

Media Stack

Plex - Media server

Sonarr - TV automation

Radarr - Movie automation

Prowlarr - Indexer manager

qBittorrent - Download client

Tdarr - Media transcoding

Automation & AI

n8n - Workflow automation

OpenWebUI - AI chat interface

LiteLLM - Model routing proxy

Prometheus - Monitoring

Gaming

Crafty Controller - Server management

ChickenMC - Minecraft SMP

Josh and Friends - Public server

Geyser - Bedrock cross-play

Satisfactory - Dedicated server

Business Services

Mailcow - Email server suite

Keycloak - Identity management

Outline - Wiki & documentation

FileBrowser - Web file management

Management

Dockge - Docker UI

Unifi Network Controller

Let's Encrypt - SSL automation

Automated backups & updates

Technology Stack

Core Infrastructure

Virtualization: Proxmox VE

Operating Systems: CentOS, Fedora, Debian

Containerization: Docker, Docker Compose

Web Services: Caddy

Networking & Security

VPN: Tailscale mesh network

DNS & CDN: Cloudflare

Network: Unifi

SSL/TLS: Let's Encrypt

Access & Documentation

Internal vs Public Services

Most services run on the internal network and are accessible via *.internal.ngchicken.com subdomains. Public services like this website and mc.ngchicken.com are accessible from the internet.

VPN Access Required

Internal services require connection via Tailscale VPN for security. All public services are behind Caddy reverse proxy (Web-X) with automatic SSL certificate management.

Network Architecture

Local network: 10.77.53.0/24. Tailscale mesh network for remote access. All VMs connected via Proxmox virtual networking with gateway at 10.77.53.1.