Skip to content

Homelab

My homelab started because I enjoyed IT work and wanted a faster way to learn new technologies hands-on. What began as experimenting with Windows, Linux, and Docker has evolved into a fully automated infrastructure that hosts services I use daily. It runs on two Proxmox hosts with multiple VMs handling everything from media streaming to documentation management.

GitHub Repository: linussalomonsson/docker-homelab

What I'm Running

Core Infrastructure

The physical and network foundation:

  • Two Proxmox hosts running all VMs
  • Terraform for deploying virtual machines to Proxmox
  • OPNsense firewall with network segmentation across multiple VLANs and firewall rules
  • TrueNAS for centralized storage
  • Unifi Controller for network management
  • WireGuard tunnel to external VPS for monitoring (Uptime Kuma)

Automation & Deployment

The software layer that makes everything work:

  • Traefik handles all reverse proxy duties with automatic SSL via Cloudflare DNS challenges
  • High-availability DNS using Technitium with keepalived failover between two servers
  • 1Password CLI for secrets management - no hardcoded credentials anywhere
  • GitHub Actions with a self-hosted runner for continuous deployment

Every service deployment is automated. I push changes to the repository, and GitHub Actions figures out what changed, which server it belongs to, handles dependencies, and deploys everything via SSH.

Services I Actually Use

Media & Entertainment

  • Plex for media streaming
  • Services for media management and automation

Productivity

  • Outline for note-taking (personal wiki/Notion-style)
  • Paperless-ngx for document scanning and organization
  • Uptime Kuma monitoring everything

Cloud Integration

  • Azure subscription for testing and tinkering (for work purposes, of course)
  • Automated invoice workflow: Invoice arrives in shared mailbox → Azure Logic Apps processes it → On-prem gateway on Windows Server generates PDF → Auto-uploads to Paperless-ngx
  • This documentation site hosted in Azure

VPN & Isolation

  • Gluetun as a VPN gateway for services that need it

Technical Decisions

Why Multiple Hosts?

Initially everything ran on one virtual machine. As the lab grew, I split services across hosts for isolation and performance. I experimented with Docker Swarm for orchestration at one point, but it felt overkill for a homelab - the deployment complexity wasn't worth it when simple Docker Compose and SSH work just fine.

The current setup:

  • polaris runs general applications
  • eris handles VPN-isolated services (anything that needs to route through Gluetun)
  • vega runs unifi controller for external devices
  • plex gets its own dedicated VM for performance
  • techdns-1/2 provide redundant DNS

This separation means I can update or break one host without affecting others.

Not everything runs in Docker - I also have a few Windows Server VMs for testing Active Directory, Group Policy, and other Microsoft workloads.

Automated Deployments

The GitHub Actions workflow handles service dependencies automatically. When I update postgres, it stops all dependent services (e.g., Outline, Paperless-ngx, and media management services), updates the database, then restarts everything in the right order. No more manual coordination.

Secrets Management

Using 1Password CLI with environment templates (.env.tpl) means:

  • No secrets in git
  • Easy rotation of credentials
  • Consistent deployment process across all services
  • Secrets are injected during deployment via op inject

What I've Learned

Oh boy, where to even start? I have learned a ton, but a few things would be:

Start simple, automate incrementally. My first homelab was a mess of manual configurations. Now everything is reproducible through code.

High availability isn't just for enterprises. Keepalived for DNS failover was surprisingly easy to set up and saves me from "DNS is down" issues when doing maintenance on the physical hosts.

Docker networking is powerful. The shared traefik-public network with dynamic service discovery means I rarely touch Traefik's config - services announce themselves via Docker labels.

My main takeaway would be to keep it fun for as long as possible, when it starts to feel like a chore, take a break or just find another hobby.

Current State

The homelab is stable and runs mostly maintenance-free. I add new services occasionally and tweak automation workflows. The repository is public if you want to see how it's structured or use parts of it for your own lab.

For technical implementation details, deployment instructions, and service configurations, check the GitHub repository.