Lab Notes

This is a big dump of all the research I have done with the goal of moving towards an ideal home-lab setup. I am likely to document the actual JOURNEY in another post.


9U Wall-Mount Rack

Rack Layout (Top to Bottom):

┌─────────────────────────────────────┐
│ 1U: Patch Panel (24-port)            │ ← Network organization
├─────────────────────────────────────┤
│ 2U: Managed PoE Switch               │ ← Network backbone  
├─────────────────────────────────────┤
│ 3U: pfSense Firewall/Router          │ ← Starlink interface + security
├─────────────────────────────────────┤
│ 4U: Primary Server (Proxmox)         │ ← Main virtualization host
├─────────────────────────────────────┤
│ 5U: Secondary Server (Docker)        │ ← Container host + redundancy
├─────────────────────────────────────┤
│ 6U: NAS/Storage Server               │ ← File storage + backups
├─────────────────────────────────────┤
│ 7U: UPS (1U rack-mount)              │ ← Power protection
├─────────────────────────────────────┤
│ 8U: Utility Shelf                    │ ← Tools, spare drives, etc.
├─────────────────────────────────────┤
│ 9U: Future Expansion                 │ ← GPU server, monitoring, etc.
└─────────────────────────────────────┘

Notes on Racks:

Going under my desk. Big-w racks are probably FINE for this as they will just be placed on the ground. Just make sure they have a good depth and are 19’

Depth: 400+ Width: 19 inch

Infrastructure

pfSense Router/Firewall

  • Hardware: Protectli VP2420 or equivalent mini PC
  • CPU: Intel i5-8250U (4C/8T, 15W TDP)
  • RAM: 8GB DDR4
  • Storage: 64GB mSATA SSD
  • Network: 2x Intel Gigabit NICs
  • Power: 12-15W
  • Purpose: Replace Starlink router, VLANs, VPN server, firewall

Primary Server (Proxmox Host)

  • Hardware: Lenovo ThinkCentre M93p Tiny (upgraded)
  • CPU: Intel i7-4790T (4C/8T, 35W TDP)
  • RAM: 32GB DDR3 (upgraded from 8GB)
  • Storage: 1TB NVMe SSD
  • Network: Gigabit Ethernet
  • Power: 25-35W
  • VMs Running:
    • Pi-hole (DNS/Ad blocking)
    • Home Assistant (Smart home)
    • Nextcloud (File sync)
    • Development environments

Secondary Server (Container Host)

  • Hardware: HP ProDesk 400 G2 Mini
  • CPU: Intel i5-6500T (4C/4T, 35W TDP)
  • RAM: 16GB DDR4
  • Storage: 512GB NVMe SSD
  • Network: Gigabit Ethernet
  • Power: 20-30W
  • Containers Running:
    • Plex/Jellyfin (Media server)
    • Bitwarden_rs (Password manager)
    • Gitea (Git server)
    • Monitoring stack (Grafana, Prometheus)

NAS/Storage Server

  • Hardware: Custom low-power build or Synology DS220+
  • CPU: Intel J4125 or equivalent (10W TDP)
  • RAM: 8GB DDR4
  • Storage: 2x 4TB WD Red drives (RAID 1)
  • Network: Gigabit Ethernet
  • Power: 25-40W
  • Purpose: File storage, media library, backups

Network

Starlink Dish → Starlink Power Supply → pfSense Router → Main Switch

VLANs Planned:

  • VLAN 10: Management (servers, switches, APs)
  • VLAN 20: Trusted devices (laptops, phones)
  • VLAN 30: IoT devices (smart home, cameras)
  • VLAN 40: Guest network
  • VLAN 50: Lab/testing environment

Network Equipment:

  • Main Switch: TP-Link TL-SG2428P (24-port PoE managed) - $300-400
  • Patch Panel: 24-port Cat6 - $60-80
  • Access Points: 2x Ubiquiti U6-Lite - $150 each
  • Cables: Cat6 patch cables, bulk cable for runs

UPS Sizing:

  • Target: APC SMT750RMI2U (750VA/500W) - $400-500
  • Runtime: 45+ minutes at 150W load
  • Features: Rack-mount, network monitoring, auto-shutdown

Services To Look Into

  • Bitwarden_rs: Self-hosted password manager
  • Authelia: 2FA/SSO for internal services
  • Pi-hole: Network-wide ad blocking
  • Fail2ban: Intrusion detection
  • Nextcloud: File sync, calendar, contacts, office suite
  • Plex/Jellyfin: Media streaming server
  • PhotoPrism: Google Photos replacement
  • Paperless-ngx: Document management
  • Gitea: Self-hosted Git with CI/CD
  • Code-server: VS Code in browser
  • Docker registries: Private container storage
  • Development VMs: Various Linux distributions
  • Matrix/Synapse: Slack/Discord replacement
  • Standard Notes: Note-taking and markdown
  • Bookstack: Knowledge base/wiki
  • Invoice Ninja: Business invoicing
  • Home Assistant: Smart home hub
  • Grafana + Prometheus: System monitoring
  • Uptime Kuma: Service monitoring
  • Node-RED: Automation workflows
  • Local: NAS RAID 1 for primary storage
  • Offsite: External drives rotated to bank safety deposit box
  • Cloud backup: Encrypted backups to Wasabi/Backblaze
  • VM snapshots: Daily automated snapshots
  • WAN Interface: DHCP from Starlink
  • DNS: Pi-hole (192.168.1.2) with Cloudflare fallback
  • DHCP Server: pfSense handles all internal IPs
  • VPN Server: Wireguard for remote access
  • Port Forwarding: Minimal external exposure
  • Traffic Shaping: QoS for work-from-home traffic

Future Possibilities:

  • Kubernetes cluster: 3-node setup for container orchestration
  • GPU server: RTX 4060/4070 for AI/ML, video transcoding
  • 10GbE networking: Fiber backbone between servers
  • Environmental monitoring: Temperature, humidity, power sensors