← benhoughton.io

My Homelab

A personal playground for enterprise technology, continuous learning, and hands-on experimentation.

Lab Architecture

The foundation of the lab is built on layers of virtualization and containerization.

The entire lab is built around a philosophy of efficiency and isolation. At the base, I use a bare-metal hypervisor to manage resources effectively and segment different parts of my lab without needing multiple physical machines.

Within the hypervisor, I run a primary Linux virtual machine. This VM acts as the dedicated host for all my self-hosted applications. By containing the services within a single VM, I can easily back it up, migrate it, or snapshot it without affecting the underlying host.

On top of the Linux server, I use Docker to run all my applications in containers. This is the most critical layer for management, as it allows each service to run in its own isolated environment with its own dependencies. It makes deploying, updating, and managing these services incredibly simple and repeatable.

Self-Hosted Services

A look at the applications running securely in the lab.

Immich

A high-performance, self-hosted photo and video backup solution. It functions as my private, self-managed alternative to Google Photos.

Vaultwarden

A lightweight, self-hosted password manager compatible with Bitwarden clients. This ensures my credentials stay under my control.

Plex

Organizes and streams my personal media library of movies and TV shows to any of my devices, wherever I am.

Pi-hole

Provides network-wide ad-blocking and DNS filtering for every device on my home network, improving privacy and speed.

Wiki.js (Planned)

A modern, open-source wiki application that I plan to use for personal documentation, notes, and knowledge management.

Network & Security

How everything connects securely with a zero-trust approach.

The entire home network is managed by an enterprise-grade router. It handles all routing, firewall rules, and VLAN segmentation, providing a robust and secure backbone for the lab and my home devices.

Crucially, none of these services are exposed directly to the public internet. For secure remote access, I rely entirely on Tailscale. It creates a secure virtual private network (a tailnet) that connects all my devices and lab services using a zero-trust model. This means I can access my entire lab from anywhere, without ever opening a single port on my firewall, which is the cornerstone of my security strategy.