Home Network Build on The Home Lab

Automated Backups with Proxmox Backup Server

Sat, 07 Feb 2026 00:00:00 +0000

The Problem with Ad-hoc Backups

Proxmox VE has built-in backup functionality — you can snapshot a VM to a directory or NFS share on a schedule. But it stores full backups each time, space grows fast, and restoring requires the whole archive. Proxmox Backup Server (PBS) solves all three problems.

PBS is a dedicated backup server that:

Stores backups with client-side deduplication and compression (typically 50–80% space savings)
Does incremental backups — only changed chunks are uploaded
Supports instant verification by recalculating checksums
Has pruning policies — keep 7 daily, 4 weekly, 12 monthly backups automatically

Architecture

PBS is a separate Debian-based appliance. It does not run inside Proxmox VE. You have a few options:

Installing Proxmox VE

Sat, 13 Dec 2025 00:00:00 +0000

What is Proxmox VE?

Proxmox Virtual Environment (VE) is a free, open-source hypervisor built on Debian. It supports both KVM-based virtual machines and LXC containers, and comes with a decent web UI out of the box — no need to pay for a VMware licence.

Hardware

For this build I’m running Proxmox on two nodes:

Node	CPU	RAM	Storage
pve-01	Intel Core i5-12400	32 GB DDR4	500 GB NVMe (OS) + 2 TB SSD (VMs)
pve-02	Intel Core i5-10400	16 GB DDR4	256 GB NVMe (OS) + 1 TB SSD (VMs)

Downloading the ISO

Head to the Proxmox downloads page and grab the latest Proxmox VE ISO Installer. At the time of writing that was 8.x.

Reverse Proxy and SSL with Nginx Proxy Manager

Sat, 15 Nov 2025 00:00:00 +0000

The Problem Nginx Proxy Manager Solves

As your homelab grows, you accumulate services running on various IPs and ports: Proxmox on :8006, Jellyfin on :8096, Nextcloud on :443, Home Assistant on :8123. Remembering port numbers is tedious, but the bigger issue is HTTPS — browsers complain about self-signed certificates, and accessing services over plain HTTP on your LAN is a security risk.

Nginx Proxy Manager (NPM) solves both problems. It’s a Docker container with a web UI that lets you:

Self-Hosted VPN with WireGuard

Sat, 01 Nov 2025 00:00:00 +0000

Why Self-Host a VPN?

A self-hosted VPN gives you a secure tunnel back into your home network when you’re away. Unlike commercial VPN services (which are for hiding traffic from your ISP), this is about remote access — connecting to your NAS, home automation, internal dashboards, or development environment from a coffee shop or hotel.

WireGuard is the right choice today. It’s built into the Linux kernel, uses modern cryptography (ChaCha20, Curve25519), and has a drastically smaller codebase than OpenVPN (~4,000 lines vs ~400,000). Handshakes complete in milliseconds. Battery drain on mobile is noticeably lower.

Network-Wide Ad Blocking with Pi-hole

Sat, 18 Oct 2025 00:00:00 +0000

Why Pi-hole

Most ad blockers work at the browser level. Pi-hole works at the DNS level, which means it blocks ads for every device on your network — smart TVs, phones, game consoles, IoT devices — without installing anything on them. It works by acting as the DNS resolver for your LAN and returning 0.0.0.0 for known ad and tracking domains instead of the real IP.

The side effect is that you also get a full picture of every DNS query every device makes, which is genuinely eye-opening. You will quickly discover that your smart TV is phoning home every few minutes.

VLAN Segmentation: Isolating Your IoT Devices

Sat, 04 Oct 2025 00:00:00 +0000

Why Segment Your Network?

The average home today has dozens of connected devices — smart bulbs, cameras, thermostats, TVs. Most of these devices have poor security track records: default credentials, infrequent firmware updates, and sometimes outright malicious firmware from vendors.

Putting them on the same flat network as your laptop and NAS is an unnecessary risk. VLANs fix this.

What Is a VLAN?

A Virtual LAN (VLAN) is a logical partition of a physical network. Devices on different VLANs cannot communicate with each other unless you explicitly allow it through firewall rules — even if they share the same physical switch.

Setting Up OPNsense as Your Home Firewall

Sat, 20 Sep 2025 00:00:00 +0000

Why Replace Your ISP Router?

ISP-provided routers are designed to be cheap and manageable by support staff, not to give you control. They have opaque firmware, rarely get security updates, and have none of the features a proper firewall offers: VLAN support, traffic shaping, IDS/IPS, meaningful logs, VPN server, DNS over TLS.

OPNsense is a FreeBSD-based firewall/router that runs on commodity x86 hardware. It’s fully open-source (forked from pfSense in 2015), actively maintained, and has a polished web UI.

Hello, Homelab

Sat, 06 Sep 2025 00:00:00 +0000

Why a Homelab?

Every homelab starts somewhere. Mine started with the frustration of paying for cloud services I could run myself, and curiosity about what actually happens when packets travel across a network.

Current Goals

Full network segmentation — IoT devices on their own VLAN, completely isolated from the trusted network
Self-hosted DNS with ad-blocking (Pi-hole / AdGuard Home)
A proper NAS for media, backups, and general storage
Monitoring stack — Prometheus + Grafana so nothing breaks silently

Hardware on the Bench

Device	Role
TP-Link ER605	Router / gateway
TP-Link SG2008P	Managed PoE switch
TP-Link OC200	Omada hardware controller
TP-Link EAP245	Wi-Fi access point
Proxmox VE × 2	Compute nodes (virtualisation)
Proxmox PBS	Backup server

What’s Coming Next

The first series of posts will cover setting up a flat-to-segmented network from scratch — starting with the router/firewall choice all the way through VLAN tagging and inter-VLAN routing rules.