Homelab Infrastructure#
This document outlines the internal infrastructure of the wompmacho homelab. The lab is built on a high-speed 10GbE backbone and utilizes a hybrid architecture of dedicated NAS storage, Proxmox virtualization, and containerized services for media, self-hosting, and development.
Visual Guide
For a visual representation of the network and hardware layout, see the Infrastructure Diagrams.
[TOC]
Physical and hardware registry#
Compute and virtualization#
| Node Name | Hardware | OS | Primary Role |
|---|---|---|---|
router (10.0.0.1) | GMKtec M5 Plus, Ryzen 7 5825U, 32GB RAM, Dual NIC 2.5GbE | OPNsense 25.1 | Routing, Firewall, VPN |
truenas (10.0.0.2) | Core i7-7700K, 32GB RAM, Broadcom SAS 3008 (SAS 9300-8i) | TrueNAS-25.04.1 | Primary Storage (10GbE), Media Apps |
laptop-proxmox (10.0.0.142) | Ryzen 7 5800H, 64GB RAM, 1TB WD BLACK + 500GB SSD | Proxmox VE 8.4.1 | Virtualization Host (2.5GbE) |
| game-pc | Core i9-13900K, 64GB DDR5 6400, RTX 4080, Z790-Creator | Windows 11 | High-end Gaming / AI Inference (Ollama) |
Networking hardware#
- Switch: NICGIGA 8-Port 10G Unmanaged Switch (10GbE Base-T).
- WiFi: Linksys WiFi in bridge mode.
- Modem: Comcast gateway (Bridged mode).
- Camera: Amcrest IP Camera (WiFi) - IP:
10.0.0.194.
Power and environment#
- UPS: CyberPower CP1500PFCLCD (1500VA/1000W, Sine Wave).
- Smart Control: TP-Link Tapo P115 Smart Plugs (15A/1800W Max).
Detailed hardware specifications#
Storage node (truenas)#
- Motherboard: Z170A GAMING PRO
- CPU: Intel Core i7-7700K @ 4.20GHz (4 Cores / 8 Threads)
- Memory: 32GB RAM
- HBA Controller: Broadcom SAS 3008 (SAS 9300-8i equivalent) PCIe 3.0 X8, 2x Mini SAS SFF-8643
- Cables: Sonilco Mini SAS HDD SFF-8643 to 4 SFF-8482 with 15-pin Power Port Cord
- Drives: 10x Seagate Enterprise Capacity 3.5 HDD (ST6000NM0034), 6TB 7.2K RPM SAS 12Gb/s 128MB Cache
Virtualization node (laptop-proxmox)#
- Laptop: Dell G15 5515 Laptop 15.6 inch FHD AMD Ryzen 7 5800h
- CPU: AMD Ryzen 7 5800H (8 Cores, 16 Threads)
- Memory: 64GB Crucial RAM Kit (2x32GB) DDR4 3200MHz CL22 (CT2K32G4SFD832A)
- Storage: 1TB WD_BLACK NVMe SSD (VM disks), 500GB SSD (Boot disk)
- GPU: Nvidia® GeForce® RTX™ 3060, 6 GB, GDDR6
Router node (router)#
- Model: GMKtec M5 Plus Gaming Mini PC
- CPU: AMD Ryzen 7 5825U with Radeon Graphics (8 cores, 16 threads)
- Memory: 32GB RAM
- Storage: 1TB SSD
Workstation / Gaming (game-pc)#
- CPU: Intel Core i9-13900K (24 cores: 8 P-cores + 16 E-cores)
- 8 P-Cores x 2 threads = 16 threads
- 16 E-Cores x 1 thread = 16 threads
- Total available vCPUs: 32 threads
- Cooler: Noctua NH-D15 chromax.Black Dual-Tower CPU Cooler
- Motherboard: ASUS ProArt Z790-Creator WiFi 6E LGA 1700
- Memory: 64GB G.Skill Trident Z5 RGB Series (2 x 32GB) DDR5 6400 CL32-39-39-102 1.40V (F5-6400J3239G32GX2-TZ5RK)
- GPU: ZOTAC Gaming GeForce RTX 4080 16GB AMP Extreme AIRO (ZT-D40810B-10P)
- Storage: 1TB WD_BLACK SN770 NVMe Gaming SSD (WDS100T3X0E)
- Power Supply: Corsair RM1000x (2021) Fully Modular ATX 80 PLUS Gold
Networking and power peripherals#
- Switch: NICGIGA 8-Port 10G Ethernet Switch Unmanaged (8x 10Gb Base-T Ports)
- UPS: CyberPower CP1500PFCLCD PFC Sinewave UPS Battery Backup (1500VA/1000W)
- Smart Plugs: TP-Link Tapo P115 Smart Plug Wi-Fi Mini (15A/1800W Max)
Networking architecture#
Logical structure#
- LAN Subnet:
10.0.0.0/16 - Default Gateway:
10.0.0.1(OPNsense) - Primary DNS:
10.0.0.11(Pi-hole)
VPN and Proxy#
- Tunnel Subnet:
10.10.10.0/24 - Phone Peer:
10.10.10.3/32 - Gluetun (Container VPN): Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
- NPM & Pi-hole Automation: Sidecar containers (
npm-syncandpihole-dns-shim) monitor the Docker socket and automatically provision Reverse Proxy hosts and local DNS records based on container Labels.
Storage infrastructure#
Pool configuration#
- Topology: 1 x RAIDZ2 | 10-wide | 6TB SAS Drives.
- Drives: Seagate Enterprise Capacity ST6000NM0034 (6TB 7.2K RPM SAS 12Gb/s).
- HBA: Broadcom SAS 3008 (SAS 9300-8i equivalent) with Mini SAS SFF-8643 to 4 SFF-8482 cables.
- Capacity: ~37.27 TiB Usable.
Virtualization cluster#
The Proxmox virtualization host (laptop-proxmox) is an entirely separate physical node from the TrueNAS storage server. They communicate with each other primarily over the 10GbE backbone switch.
Proxmox node (laptop-proxmox - 10.0.0.142)#
| ID | Type | Hostname | IP | Role |
|---|---|---|---|---|
| - | LXC | pihole | 10.0.0.11 | DNS Sinkhole / Local DNS |
| - | VM | docker | 10.0.0.190 | Main Docker Host (Ubuntu 24.04) |
| - | VM | pterodactyl | 10.0.0.110 | Game Server Panel (Debian) |
Docker services#
These services run on the main Docker Host VM (10.0.0.190) and are proxied via Nginx Proxy Manager (SSL via Cloudflare).
| Container Name | Mapped Ports | Access | Description / Role |
|---|---|---|---|
| nginx-proxy-manager | 80, 81, 443 | Internal/VPN | Reverse proxy for all internal and external domains |
| gluetun | 8181, 6565, 6881, etc. | Internal/VPN | VPN Gateway for other containers (http://torrent/, http://nicotine/) |
| portainer | 8000, 9000, 9001, 9443 | Internal/VPN | Docker container management GUI |
| cloudflare-ddns | - | Internal/VPN | Automatically updates dynamic IP to Cloudflare DNS |
| immich_server | 2283 | Public | Photo/Video backup and gallery (immich.wompmacho.com) |
| immich_postgres | 5432 (Internal) | Internal/VPN | Database for Immich |
| immich_redis | 6379 (Internal) | Internal/VPN | Cache for Immich |
| vaultwarden | 9998, 9999 | Public | Self-hosted Bitwarden password manager (vaultwarden.wompmacho.com) |
| gitea | 222, 3001 | Public | Internal Git repository host (git.wompmacho.com) |
| gitea-db-1 | 5432 (Internal) | Internal/VPN | PostgreSQL Database for Gitea |
| gitea_runner | - | Internal/VPN | CI/CD Action Runner for Gitea pipelines |
| frigate | 5000, 8554, 8555, 8971 | Public | AI NVR actively recording the Amcrest IP camera (frigate.wompmacho.com) |
| homepage | 7676 | Internal/VPN | Dashboard for navigation (http://homepage/) |
| docs-public | 9895 | Public | Nginx serving public Hugo documentation (wiki.wompmacho.com) |
| docs-private | 9897 | Internal/VPN | Nginx serving private Hugo documentation (private) |
| paperless-ngx | 3003 | Internal/VPN | Document management system (http://paperless/) |
| sure | 3006 | Internal/VPN | Self-hosted shared finance tracking application (http://sure/) |
| audiobookshelf | 13378 | Public | Audiobook and podcast server (audiobookshelf.wompmacho.com) |
| open-webui | 3007 | Internal/VPN | ChatGPT-like web interface connected to Ollama LLMs (http://gemma/) |
| openai | 3000 | Internal/VPN | OpenAI-compatible API gateway |
| firefly | 3002 | Internal/VPN | Firefly III personal finance manager |
| stream | 3005 | Public | Video streaming service (stream.wompmacho.com) |
| reaper | 3010 | Internal/VPN | Automated media management tool |
| cabernet | 6077 | Internal/VPN | IPTV/M3U proxy service |
| dev | 8443 | Public | Development environment (dev.wompmacho.com) |
| coder | 8445 | Internal/VPN | Coder / VS Code remote environment |
| slopsmith | 10101 | Internal/VPN | Custom internal application |
| calibre | 32015 | Internal/VPN | E-book management and server |
| linkstack | 80, 8190 | Public | Personal link landing page |
| torrent | (via Gluetun) | Internal/VPN | qBittorrent routed through VPN (http://torrent/) |
| nicotine | (via Gluetun) | Internal/VPN | Soulseek client routed through VPN (http://nicotine/) |
| navidrome | 4533 | Internal/VPN | Personal music streaming server (http://music/) |
| picard | 5800 | Internal/VPN | MusicBrainz Picard tagger GUI (http://picard/) |
| dozzle | 4343 | Internal/VPN | Real-time Docker log viewer (http://dozzle/) |
Media stack#
These services are hosted on the TrueNAS node (truenas) and proxied via the Docker VM (10.0.0.190).
| Service | Upstream Port | Description |
|---|---|---|
| Sonarr | 30027 | TV Show Management |
| Radarr | 30025 | Movie Management |
| Lidarr | 30014 | Music Management |
| Readarr | 30045 | Book Management |
| Prowlarr | 30050 | Indexer Management |
| Bazarr | 30046 | Subtitle Management |
| Jellyfin | 30013 | Media Streaming Server |
| Jellyseerr | 30042 | Media Requests (jellyseer.wompmacho.com) |
Self-Hosted AI Infrastructure#
The lab includes a distributed self-hosted AI architecture utilizing the high-speed local network:
- Compute Backend: The game-pc (
10.0.0.109) runs Ollama, utilizing the RTX 4080 GPU to serve large language models (e.g.,gemma4:26b,gemma4:e4b) over port11434. - Web Interface: The open-webui container runs on the Docker VM (
10.0.0.190), providing a ChatGPT-like RAG interface for general use, mapping/srv/open-webuifor persistent chat and vector databases. - Developer Integration: VS Code instances (like
code-serverrunning directly on the Proxmox host) utilize the Continue.dev extension configured with MCP (Model Context Protocol) to execute autonomous terminal commands via the remote Ollama models.
Security and maintenance#
- SSL/TLS: Managed via Nginx Proxy Manager with Cloudflare DNS challenge.
- Firewall: OPNsense handles all inter-VLAN and external routing.
- Monitoring: Portainer for container health; UPS for power stability.