# HOMELAB CONFIGURATION SUMMARY — UPDATED 2025-10-31 ## NETWORK INFRASTRUCTURE Main Router: TP-Link BE9300 (2.5 Gb WAN + 4× 2.5 Gb LAN) Secondary Router: Linksys WRT3200ACM (OpenWRT) Managed Switch: TP-Link TL-SG608E (1 Gb) Additional: Apple AirPort Time Capsule (192.168.1.153) Backbone Speed: 2.5 Gb core / 1 Gb secondary DNS Architecture: 3× Pi-hole + 3× Unbound (192.168.1.196, .245, .62) with local recursive forwarding VPN: Tailscale (Pi 4 as exit node) Reverse Proxy: Traefik (on .196; planned Swarm takeover) LAN Subnet: 192.168.1.0/24 Notes: Rate-limit prevention on Pi-hole instances, Unbound local caching to accelerate DNS queries --- ## NODE OVERVIEW 192.168.1.81 — Ryzen 3700X Node • CPU: AMD 8C/16T • RAM: 64–80 GB Current 2 of 4 3200 32gb 4x8gb 3600 availible • GPU: RTX 4060 Ti • Network: 2.5 GbE onboard • Role: Docker Swarm Worker (label=heavy) • Function: AI compute (LM Studio, Llama.cpp, OpenWebUI, Ollama planned) • OS: Windows 11 + WSL2 / Fedora (Dual Boot) • Notes: Primary compute node for high-performance AI workloads. Both OS installations act as interchangeable swarm nodes with the same label. 192.168.1.57 — Acer Aspire R14 (Proxmox Host) • CPU: Intel i5-6200U (2C/4T) --- ## NETWORK UPGRADE & VLAN * **Switch**: Install a 2.5 Gb PoE managed switch (e.g., Netgear GS110EMX). * **VLANs**: Create VLAN 10 for management, VLAN 20 for services. Add router ACLs to isolate traffic. * **LACP**: Bond two NICs on the Ryzen node for 5 Gb aggregated link. ## STORAGE ENHANCEMENTS * Deploy a dedicated NAS (e.g., Synology DS920+) with RAID‑6 and SSD cache. * On Proxmox host, create ZFS pool `tank` on local SSDs (`zpool create tank /dev/sda /dev/sdb`). * Mount NAS shares on all nodes (`/mnt/nas`). * Add cron job to prune unused AI model caches. ## SERVICE CONSOLIDATION & RESILIENCE * Convert standalone Traefik on Pi 4 to a Docker‑Swarm service with 2 replicas. * Deploy fallback Caddy on Pi Zero with a static maintenance page. * Add health‑check sidecars to critical containers (Portainer, OpenWebUI). * Separate persistent volumes per stack (AI models on SSD, Nextcloud on NAS). ## SECURITY HARDENING * Enable router firewall ACLs for inter‑VLAN traffic (allow only required ports). * Install `fail2ban` on the manager VM. * Restrict Portainer UI to VPN‑only access and enable 2FA/OAuth. ## MONITORING & AUTOMATION * Deploy `node-exporter` on Proxmox host. * Create Grafana alerts for CPU > 80 %, RAM > 85 %, disk > 80 %. * Add Home‑Assistant backup automation to NAS. * Integrate Tailscale metrics via `tailscale_exporter`. ## OFF‑SITE BACKUP STRATEGY * Install `restic` on manager VM and initialise Backblaze B2 repo. * Daily backup script (`/usr/local/bin/backup_daily.sh`) for HA config, Portainer DB, important volumes. * Systemd timer to run at 02:00 AM. --- • RAM: 8 GB • Network: 2.5 GbE via USB adapter • Role: Proxmox Host • Function: Virtualization host for Apps VM (.196) and OMV (.70) • Storage: Local SSDs + OMV shared volumes • Notes: Lightweight node for VMs and containerized storage services 192.168.1.196 — Apps Manager VM (on Acer Proxmox) CPU: 4 RAM: 4 GB min 6 GB max • Role: Docker Swarm Manager (label=manager) • Function: Pi-hole + Unbound + Portainer UI + Traefik reverse proxy • Architecture: x86 (virtualized) • Notes: Central orchestration, DNS control, and reverse proxy; Portainer agent installed for remote swarm management 192.168.1.70 — OMV Instance (on Acer) CPU 2 RAM: 2 GB min 4 GB max • Role: Network Attached Storage • Function: Shared Docker volumes, media, VM backups • Stack: OpenMediaVault 7.x • Architecture: x86 • Planned: Receive SMB3-reshares from Time Capsule (.153) • Storage: Docker volumes for AI models, backup directories, and media • Notes: Central NAS for swarm and LLM storage 192.168.1.245 — Raspberry Pi 4 (8 GB) • CPU: ARM Quad-Core • RAM: 8 GB • Network: 1 GbE • Role: Docker Swarm Leader (label=leader) • Function: Home Assistant OS + Portainer Agent + HAOS-based Unbound (via Ubuntu container) • Standalone Services: Traefik (currently standalone), HAOS Unbound • Notes: Central smart home automation hub; swarm leader for container orchestration; plan for Swarm Traefik to take over existing Traefik instance 192.168.1.62 — Raspberry Pi Zero 2 W • CPU: ARM Quad-Core • RAM: 512 MB • Network: 100 Mb Ethernet • Role: Docker Swarm Worker (label=light) • Function: Lightweight DNS + Pi-hole + Unbound + auxiliary containers • Notes: Low-power node for background jobs, DNS redundancy, and monitoring tasks 192.168.1.153 — Apple AirPort Time Capsule • Network: 1 GbE via WRT3200ACM • Role: Backup storage and SMB bridge • Function: Time Machine backups (SMB1) • Planned: Reshare SMB1 → SMB3 via OMV (.70) for modern clients • Notes: Source for macOS backups; will integrate into OMV NAS for consolidation --- ## DOCKER SWARM CLUSTER Leader 192.168.1.245 (Pi 4, label=leader) Manager 192.168.1.196 (Apps VM, label=manager) Worker (Fedora) 192.168.1.81 (Ryzen, label=heavy) Worker (Light) 192.168.1.62 (Pi Zero 2 W, label=light) Cluster Functions: • Distributed container orchestration across x86 + ARM • High-availability DNS via Pi-hole + Unbound replicas • Unified management and reverse proxy on the manager node • Specific workload placement using node labels (heavy, leader, manager) • AI/ML workloads pinned to the 'heavy' node for performance • General application services pinned to the 'leader' node • Core services like Traefik and Portainer pinned to the 'manager' node --- ## STACKS ### Networking Stack • **Traefik:** Reverse Proxy • **whoami:** Service for testing Traefik ### Monitoring Stack • **Prometheus:** Metrics collection • **Grafana:** Metrics visualization • **Alertmanager:** Alerting • **Node-exporter:** Node metrics exporter • **cAdvisor:** Container metrics exporter ### Tools Stack • **Portainer:** Swarm Management • **Dozzle:** Log viewing • **Lazydocker:** Terminal UI for Docker • **TSDProxy:** Tailscale Docker Proxy • **Watchtower:** Container Updates ### Application Stack • **OpenWebUI:** AI Frontend • **Paperless-ngx:** Document Management • **Stirling-PDF:** PDF utility • **SearXNG:** Metasearch engine ### Productivity Stack • **Nextcloud:** Cloud storage and collaboration --- ## SERVICES MAP • **Manager Node (.196):** • **Networking Stack:** Traefik • **Monitoring Stack:** Prometheus, Grafana • **Tools Stack:** Portainer, Dozzle, Lazydocker, TSDProxy, Watchtower • **Leader Node (.245):** • **Application Stack:** Paperless-ngx, Stirling-PDF, SearXNG • **Productivity Stack:** Nextcloud • **Heavy Worker Node (.81):** • **Application Stack:** OpenWebUI • **Light Worker Node (.62):** • **Networking Stack:** whoami • **Other Services:** • **VPN:** Tailscale (Pi4 exit node) • **Virtualization:** Proxmox VE (.57) • **Storage:** OMV NAS (.70) + Time Capsule (.153) --- ## STORAGE & BACKUPS OMV (.70) — shared Docker volumes, LLM models, media, backup directories Time Capsule (.153) — legacy SMB1 source; planned SMB3 reshare via OMV External SSDs/HDDs — portable compute, LLM scratch storage, media archives Time Machine clients — macOS systems Planned Workflow: • Mount Time Capsule SMB1 share in OMV via CIFS • Reshare through OMV Samba as SMB3 • Sync critical backups to OMV and external drives • AI models stored on NVMe + OMV volumes for high-speed access --- ## PERFORMANCE STRATEGY • 2.5 Gb backbone: Ryzen (.81) + Acer (.57) nodes • 1 Gb nodes: Pi 4 (.245) + Time Capsule (.153) • 100 Mb node: Pi Zero 2 W (.62) • ARM nodes for low-power/auxiliary tasks • x86 nodes for AI, storage, and compute-intensive containers • Swarm resource labeling for workload isolation • DNS redundancy and rate-limit protection • Unified monitoring via Portainer + Home Assistant • GPU-intensive AI containers pinned to Ryzen node for efficiency • Traefik migration plan: standalone .245 → Swarm-managed cluster routing --- ## NOTES • Acer Proxmox hosts OMV (.70) and Apps Manager VM (.196) • Ryzen (.81) dedicated to AI and heavy Docker tasks • HAOS Pi 4 (.245) leader, automation hub, and temporary standalone Traefik • DNS load balanced among .62, .196, and .245 • Time Capsule (.153) planned SMB1→SMB3 reshare via OMV • Network speed distribution: Ryzen/Acer = 2.5 Gb, Pi 4/Time Capsule = 1 Gb, Pi Zero 2 W = 100 Mb • LLM models stored on high-speed NVMe on Ryzen, backed up to OMV and external drives • No personal identifiers included in this record # END CONFIG --- ## SMART HOME INTEGRATION ### LIGHTING & CONTROLS • Philips Hue - Devices: Hue remote only (no bulbs) - Connectivity: Zigbee - Automation: Integrated into Home Assistant OS (.245) - Notes: Remote used to trigger HAOS scenes and routines for other smart devices • Govee Smart Lights & Sensors - Devices: RGB LED strips, motion sensors, temperature/humidity sensors - Connectivity: Wi-Fi - Automation: Home Assistant via MQTT / cloud integration - Notes: Motion-triggered lighting and environmental monitoring • TP-Link / Tapo Smart Devices - Devices: Tapo lightbulbs, Kasa smart power strip - Connectivity: Wi-Fi - Automation: Home Assistant + Kasa/Tapo integration - Notes: Power scheduling and energy monitoring ### AUDIO & VIDEO • TVs: Multiple 4K Smart TVs - Platforms: Fire Stick, Apple devices, console inputs - Connectivity: Ethernet (1 Gb) or Wi-Fi - Automation: HAOS scenes, volume control, source switching • Streaming & Consoles: - Devices: Fire Stick, PS5, Nintendo Switch - Connectivity: Ethernet or Wi-Fi - Notes: Automated on/off with Home Assistant, media triggers ### SECURITY & SENSORS • Vivint Security System - Devices: Motion detectors, door/window sensors, cameras - Connectivity: Proprietary protocol + cloud - Automation: Home Assistant integrations for alerts and scene triggers • Environmental Sensors - Devices: Govee temperature/humidity, Tapo sensors - Connectivity: Wi-Fi - Automation: Trigger HVAC, lights, or notifications