What it is
My home infrastructure: a Proxmox virtualization host behind an enterprise-grade firewall, running everything from home automation to media services.
Architecture
Internet (105/39 Mbps VDSL)
│
▼
┌─────────────────────────┐
│ OPNsense Firewall │
│ (Sophos SG 210) │
└─────────────────────────┘
│
├── LAN (192.168.128.0/24)
│ └── Daily devices
│
└── LAB (192.168.129.0/24)
└── Proxmox Host
├── Home Assistant
├── Media services
└── VMs & containers
Key components
Network & Security
- Firewall: OPNsense on Sophos SG 210 hardware
- DNS: DNS-over-TLS with Quad9 (primary) and Cloudflare (backup)
- Segmentation: VLANs separating daily-use from lab environment
- Monitoring: Gateway monitoring, custom LCD status display on the firewall
Virtualization
- Hypervisor: Proxmox VE
- Containers: LXC for lightweight services
- VMs: For workloads that need full isolation
Home Automation
- Platform: Home Assistant
- Protocol: Zigbee (thermostats, sensors)
- Future: Integration with eva (my AI assistant)
Design principles
- Self-hosted first — Avoid cloud dependencies where possible
- Security by default — VLAN isolation, encrypted DNS, MFA everywhere
- Document everything — If I can’t reproduce it, I didn’t learn it
- Learning platform — Real infrastructure to experiment with
What I learned
- Enterprise firewall configuration and hardening
- VLAN design and inter-VLAN routing
- DNS privacy (DNS-over-TLS, DNSSEC)
- Proxmox storage and container management
- Home automation protocols (Zigbee, MQTT)
- Running servers costs more energy than you’d think
Roadmap
- IDS/IPS with Suricata
- WireGuard VPN for remote access
- Monitoring dashboard with Grafana
- Custom ESP32-H2 Zigbee devices