My Homelab

A controlled environment for breaking things before they matter.

đŸ§Ș The Lab

The lab runs on what used to be my gaming rig.

It turns out a Ryzen 9 and a GTX 1080 don’t suddenly become obsolete just because they’re no longer pushing frames. They just get reassigned.

This environment exists to:

  • Test ideas
  • Validate upgrades
  • Reproduce obscure issues
  • Break things safely

It is not a shrine to hardware. It’s a proving ground.

It evolves. Usually because I get curious.

đŸ–„ Compute

  • CPU: AMD Ryzen 9 3900X
  • Memory: 64GB DDR4
  • OS Disk: WD Green 240GB SSD
  • Local Data: 3 × Samsung EVO 500GB SSDs in parity RAID
  • GPU: NVIDIA GTX 1080 (media workloads and the occasional experiment)
  • OS: Windows Server 2025

At host level:

  • Hyper-V
  • Docker Desktop (running via WSL)
  • Media services

Yes, Docker runs on WSL rather than a dedicated Linux host.

That’s deliberate.

This is a Windows-first lab. Running Docker via WSL keeps the host unified while still allowing containerised workloads without spinning up another VM purely for Linux.

It’s pragmatic rather than purist.

đŸ’Ÿ Storage & Data Strategy

Primary shared storage is a Synology DS2015xs:

  • 8 × Seagate IronWolf 4TB
  • RAID5
  • ~25TB usable
  • Connected over 10Gb

It handles media, and general lab workloads.

It’s quiet. It’s consistent. It does its job. Which is exactly what storage should do.

Backup Philosophy (Brace Yourself)

The lab is not backed up. That’s intentional.

If it fails catastrophically, it gets rebuilt.

Critical personal data lives in my Microsoft 365 tenant (OneDrive). That is the authoritative store.

The lab is disposable by design. If I’m afraid to lose something, it doesn’t belong here. Rebuild speed matters more than restore speed.

🌐 Network & Perimeter

This is where I don’t compromise.

The lab runs on a full UniFi stack with a 10Gb core.

If everything depends on the network, it shouldn’t be the weakest link. Also, flat home networks make me itchy.

Edge & WAN

  • Primary WAN: 1Gbps symmetrical XGS-PON FTTP (Virgin Media)
  • Secondary WAN: Starlink (mostly in standby, occasionally used for testing or when I feel like proving a point)

The Virgin Media Hub 5x does not participate in this setup. Instead, the UDM Pro connects directly using a WAS-110 SFP module.

Less ISP hardware. Fewer unknowns. Full control. Consumer routers are fine – until they aren’t.

Core & Switching

  • UDM Pro
  • USW Aggregation (10Gb core)
  • USW Pro XG 8 PoE
  • USW 24 PoE
  • USW Flex
  • USW Flex Mini

Everything important uplinks at 10Gb.

Do I need 10Gb everywhere? Probably not.

Did I build it anyway? Absolutely.

Large VM transfers, NAS operations, and lab experiments stay internal and fast. East–west traffic doesn’t fight with internet traffic.

It’s structured. It’s clean. It doesn’t require daily tweaking.

VLAN Segmentation

Current VLANs:

  • Home LAN
  • Guest LAN
  • IoT LAN
  • CCTV LAN
  • Parents LAN
  • Isolated

IoT devices don’t get to wander. CCTV doesn’t get chatty. Guests see what they’re meant to see.

“Isolated” means exactly that. Segmentation isn’t paranoia. It’s predictability.

Wireless

  • 2 × U7 Pro XGS (primary indoor)
  • 1 × U6+ (external coverage)
  • 1 × AC Lite (because it still works)

Multiple SSIDs mapped to the correct VLANs. Devices end up exactly where they belong.

Which drastically reduces the “why is that talking to this?” moments.

Surveillance

  • 2 × G5 Bullet (external)
  • 2 × G5 Flex (internal)

Not because I enjoy dashboards. Because visibility matters.

And yes – they sit neatly on their own VLAN.

What I Don’t Publish

Internal IP ranges, hostnames, firewall rules and externally exposed services stay private.

Architecture is public. Attack surface is not.

External Services

Any web services hosted within the lab are routed through Cloudflare.

The edge handles:

  • DNS
  • TLS termination
  • Basic protection and filtering

Nothing is exposed directly. Inbound access is deliberate, minimal, and controlled.

The lab may be disposable, the perimeter is not.

🐳 Containers

Docker runs on the host via WSL.

Containers are used for:

  • Lightweight services
  • Quick testing
  • Things that don’t justify a full VM

If something grows beyond “lightweight,” it gets promoted to a proper VM.

I don’t run Kubernetes here either. Not because I can’t (although that does play into it) – but because I don’t need to.

The container layer exists for speed and flexibility, not to turn the host into a science project.

đŸ§Ș Virtualisation & Workloads

Hyper-V carries most of the experimental weight.

Current VMs include:

  • Windows XP through to Windows 11 (compatibility testing and nostalgia)
  • Ubuntu web server
  • Home Assistant
  • Short-lived test machines

VMs are disposable by design.

If I hesitate to delete something, I’ve built it incorrectly.

⚙ Operational Philosophy

Despite the amount of hardware involved, most of this stack was chosen because it generally just works.

  • UniFi gives me visibility without drama.
  • Hyper-V is predictable.
  • Synology doesn’t demand attention.

I don’t want infrastructure that requires constant babysitting.

The lab exists so I can experiment when I choose to – not because something broke for entertainment.

If a platform requires daily maintenance to remain stable, it doesn’t last long here.

đŸȘŸ Why Windows Server 2025?

Because I’d rather break it here than support it blind.

Running Server 2025 in the lab gives me:

  • Early exposure to changes
  • Behaviour differences between versions
  • Update cadence familiarity
  • Practical understanding of new features

Hyper-V remains boring in the best possible way.

I don’t need the host layer to be exciting.
I need it to be reliable.

Could I run something more exotic? Yes.

But the lab isn’t about chasing novelty for its own sake. It’s about validating real-world scenarios under controlled conditions. And occasionally seeing what happens if I push things further than I should.

🎯 Why It Exists

The lab isn’t a replica of production. It isn’t a staging environment. It’s a playground.

It exists because I enjoy building well-structured infrastructure, experimenting with networking, and occasionally pushing things further than necessary.

Sometimes that curiosity intersects with real-world issues. Sometimes it’s just because 10Gb was available and I wanted to use it.

Not everything needs a business case.

📊 Current Status

Stable.

For now.