Homelab

Consumer routers give you one flat LAN. Everything talks to everything. That’s fine for five devices. Not fine for a homelab with IoT toasters, security cameras, a NAS with your whole life on it, and a gaming PC that absolutely does not need to see the Frigate NVR’s admin interface. MikroTik’s RouterOS handles VLANs natively — bridge VLAN filtering, inter-VLAN routing, per-VLAN DHCP, and firewall rules to control traffic between segments. All from the CLI. No third-party tools, no extra switches, no license fees. ...

Every homelab needs observability. Not because you’re running a production SLA — because you can’t fix what you can’t see. Running out of disk on the ZFS pool at 3 AM, a Docker container silently OOM-killed, or the Frigate NVR eating 100% CPU for hours — these are the things you catch with a monitoring stack, not by noticing the UI feels sluggish. This post covers a full Prometheus + Grafana + Loki stack deployed on Docker in a Proxmox LXC, with metrics from the host, Docker containers, and system logs collected into one dashboard. ...

Docker Compose is the default orchestration tool for most homelab setups. It’s not Kubernetes, but it doesn’t need to be — a well-structured Compose file with proper environment management, networking, and health checks will serve a single-host stack for years without drama. This post covers the patterns I use across my Proxmox Docker hosts. These aren’t theoretical — they’re what’s running right now on the homelab. Note: Some examples are partial Compose snippets meant to demonstrate one pattern at a time. When copying them into a real compose.yml, make sure referenced services, images, secrets, volumes, and networks are also defined. ...

ZFS is the default filesystem on Proxmox VE for good reason — checksumming, snapshots, compression, and built-in replication. But “default” doesn’t mean one-size-fits-all. Pool layout, recordsize, snapshot cadence, and backup strategy all depend on your workload. This post covers the ZFS setup on my Proxmox host (SRV1), the snapshot pipeline, and how ZFS send/receive + sanoid handle retention and offsite recovery. Pool Layout System: HP ProDesk 600 G4 DM (i5-8500T, 32 GB RAM) Disks: 1× NVMe (OS + VMs), 1× SATA SSD (bulk storage) Boot/OS Pool — rpool Standard Proxmox installation creates rpool on the boot disk. No RAID, no redundancy — just a single NVMe: ...

Docker Hub rate-limits anonymous pulls to 100 per 6 hours (200 for authenticated users). In a homelab with frequent rebuilds, multiple hosts, or CI-style workflows, you’ll hit that limit fast. Even if you don’t, pulling the same nginx:alpine image ten times across ten containers wastes bandwidth and time. A local Docker registry mirror fixes both: it acts as a pull-through cache. First pull is from Docker Hub (or any upstream). Every subsequent pull from any host in your lab hits the local cache instead. ...

Proxmox Backup Server (PBS) is purpose-built backup storage for Proxmox VE. It does one thing and does it well: store, deduplicate, verify, and garbage-collect VM and container backups. No more cramming vzdump archives onto a NFS share and hoping they survive. This guide covers installing PBS on Debian 12, creating a datastore with sane retention, connecting a PVE host, and avoiding the gotchas that’ll eat your disk space. Why PBS Instead of a Simple NFS Export Capability NFS vzdump PBS Deduplication None Chunk-level, across all backups Incremental backups Full dump each time Changed blocks only Integrity verification None Auto-verify after backup Garbage collection None Prunes orphaned chunks Restore granularity Full restore only File-level, single disk, or full VM For a homelab with multiple VMs and LXCs, the deduplication alone saves hours of transfer and disk space. Incremental backups mean daily backups take seconds, not minutes. ...

If you have fiber-to-the-home (FTTH), your ISP almost certainly gave you a combo ONT/router. It’s a locked-down all-in-one box that does GPON optical termination, routing, Wi-Fi, and often double NAT. For a homelab with VLAN segmentation and a proper router like MikroTik, that box is a bottleneck — and you can bypass it entirely. This post covers replacing the ISP ONT/router with a MikroTik router using an SFP GPON stick, covering the hardware, VLAN configurations, PPPoE quirks, and the gotchas that aren’t in the marketing material. This is specifically from my experience with Dominican Republic FTTH providers, but the patterns apply to most GPON deployments globally. ...

Cloudflare Tunnel gives you a secure outbound-only connection from your homelab to Cloudflare’s edge, proxying public traffic without opening any firewall ports. No pinholes, no DMZ, no exposing your home IP. The usual deployment is a Docker container or a systemd service on a Linux box. But if you have a MikroTik router running RouterOS 7.6+ with container support, you can run cloudflared directly on the router — zero extra hardware, zero extra VMs. ...

WireGuard on MikroTik RouterOS is production-ready as of RouterOS 7.x, and it’s dramatically simpler than IPsec or OpenVPN for homelab use. No certificate authorities, no confusing phase 1/phase 2 settings, no userspace daemon eating CPU — just a kernel module, a private key, and a peer config. This post covers two WireGuard topologies running on the same MikroTik router (R1 from the previous deployment post): Road Warrior — remote devices (phone, laptop) connect to the homelab Site-to-Site — two MikroTik routers connected across the internet Both share the same base config and coexist on the same router. ...

Proxmox VE’s networking layer is simple on the surface — bridges, bonds, VLANs — but there’s a gap between “it works” and “it’s maintainable.” A poorly planned bridge topology leads to broadcast storms, accidental cross-VLAN routing, or containers that can’t reach the internet because the bridge isn’t connected to anything. This post breaks down the networking setup on my Proxmox host (SRV1), which connects to a MikroTik router (R1) with VLAN filtering and a trunk port. By the end, you’ll know exactly how bridges map to the physical wire, how VLAN-aware bridges differ from the old approach, and how to assign VLANs to both VMs and LXC containers cleanly. ...