Homelab Overview

Important Note

This document is intentionally anonymized: hostnames, IP ranges, exact OS versions, and specific product names are replaced with generic descriptors.

Infrastructure

physical_servers:
  - name: Primary Node
    specs: mid-range CPU / 24GB RAM / ~500GB storage
    role: ["Primary Node", "VPN Gateway", "Hypervisor Host"]
    os: Virtualization OS / Linux
    backup: Secondary Node
    uptime_policy: always-on

  - name: Secondary Node
    specs: low-mid CPU / 12GB RAM / ~1TB storage
    role: ["Secondary Node", "Backup Target"]
    os: Linux
    backup: none
    uptime_policy: standby

vm:
  - name: Docker Host A
    specs: 4 cores / 6GB RAM / GPU passthrough
    role: ["Primary Docker Host"]
    services:
      - Media Server
      - Photo Backup

  - name: Docker Host B
    specs: 2 cores / 4GB RAM
    role: ["Monitoring & Core Stack"]
    services:
      - Password Manager
      - Reverse Proxy
      - Dashboard / Metrics
      - Automation Stack
      - Torrent / Media Download

lxc:
  - name: VPN LXC
    purpose: Encrypted remote gateway
    host: Primary Node
    resources: small
    uptime_policy: always-on

  - name: DNS LXC
    purpose: Internal DNS / DHCP services
    host: Primary Node
    resources: small
    uptime_policy: always-on

  - name: CI LXC
    purpose: CI/CD IaC
    host: Primary Node
    resources: small-to-medium
    uptime_policy: on-demand

Networking

Home NetworkRemote AccessVLAN Map

Internet (ISP)

⇅

ISP Router [Subnet A]
Modem/Router combo

⇅

Home Router [Internal LAN]
Wi‑Fi + Ethernet for devices

⇅

Desktop / Laptop

Phone / Tablet

Smart TV / IoT

Server / Lab Device

Remote Devices

▼

Encrypted Remote Gateway
VPN / Overlay Network

▼

Reverse Proxy
Handles Internal Services

▼

Media Server

Password Manager

Dashboard / Monitoring

Automation / Stack

Other Service

vlans:
- id: 1
    name: WAN
    subnet: Subnet A
    dhcp: router
    notes: ISP network / failover

- id: 2
    name: LAN
    subnet: Internal LAN
    devices: [gateway, workstation, router]
    dhcp: internal DHCP
    notes: Primary internal network

- id: 3
    name: VPN Overlay
    subnet: Overlay Network
    firewall: restricted
    notes: Encrypted remote access / VPN

Service Catalog

Core ServicesObservability

core_services:
- name: DNS / DHCP
    type: network services
    restore_priority: critical
    hosted_on: gateway / virtual node
    dependency: network-online.target

- name: VPN Mesh
    type: encrypted overlay
    restore_priority: high
    hosted_on: gateway / virtual node
    dependency: network-online.target

- name: File Sharing
    type: storage service
    restore_priority: high
    hosted_on: workstation
    dependency: DNS / DHCP

observability:
- Dashboard / Metrics
- Time Series DB
- Node Exporter

Emergency Procedures

Danger

All commands should be executed from Primary Node [gateway] unless otherwise noted. Ensure network connectivity and backups before applying reset scripts.

Lockdown ProcedureNetwork Factory Reset

# Step 1: Disable remote/overlay access
vpn stop

# Step 2: Stop all containerized services
container stop --all

# Step 3: Reset firewall rules to default
firewall reset

# Step 4: Verify network containment
network-scan local-subnets

# Implementation depends on your environment.
# Generic steps: backup configuration → disconnect internet → reset network devices → restore minimal services.