Kernel of Truth

My Home Lab Setup

🏡 My Home Lab Setup

Welcome to an overview of my home infrastructure lab, where I combine virtualisation, container orchestration, and monitoring to build a robust and secure self-hosted environment. It’s a mix of learning, experimentation, and real-world utility—ideal for a Cyber Security Engineer to sharpen tools and concepts.

⚙️ Core Infrastructure

Hyper-V Virtualisation Host

Running on Windows 11, this acts as the main hypervisor, hosting key virtual machines.

Docker Host VM

An Ubuntu 22.04.4 VM dedicated to running Docker containers, managed via Portainer.

GitLab Enterprise VM

A separate Ubuntu VM running GitLab EE for private code repos and CI/CD experimentation.

Splunk Enterprise VM

Used for log ingestion, threat detection, and security operations simulations.

🐳 Docker & Container Services

Most services are managed via Portainer and exposed using Nginx Proxy Manager.

🌐 Web & Orchestration

  • Portainer
    A lightweight Docker management UI that simplifies container deployment and monitoring.
  • Nginx Proxy Manager
    Provides SSL termination and reverse proxying, allowing secure public access to selected services.
  • Watchtower
    Automatically checks and updates running Docker containers to the latest versions.

🔒 Security & Access

  • WireGuard VPN
    Lightweight and secure VPN tunnel providing remote access into the home lab.
  • wg-dashboard
    A graphical interface to manage WireGuard peers and monitor tunnel activity.

📸 Media & Backup

  • Immich
    Self-hosted photo and video backup solution similar to Google Photos.
  • Duplicati
    Encrypted backup tool with scheduled job support, backing up data to a QNAP NAS.

📈 Monitoring & Alerts

  • Uptime Kuma
    Monitors external and internal service availability with a beautiful dashboard and notification options.
  • Smokeping
    Tracks network latency and packet loss over time, useful for ISP reliability analysis.
  • Netdata
    Real-time performance monitoring of system metrics with historical visualisations.

🛠️ Utilities & Automation

  • Changedetection.io
    Monitors web pages for changes—handy for detecting updates or content modifications.
  • Webmin
    Browser-based system administration tool for managing the Docker host’s OS.
  • n8n
    Workflow automation platform with a drag-and-drop editor for building integrations and scripts.

📰 Frontend & Content

  • WordPress
    Used as a front-facing site for publishing notes, how-tos, and content related to cybersecurity and infrastructure.

🔐 Reverse Proxy & Access Control

All web services are securely published via Nginx Proxy Manager, with:

  • SSL certificates via Let’s Encrypt
  • Basic authentication for sensitive dashboards
  • Public-facing sites selectively exposed via domain rules

☁️ External Access & Dynamic DNS

  • External access is routed via sycamore.freeddns.org, using dynamic DNS.
  • Sky Hub forwards relevant ports to the Docker host.
  • Remote admin is secured via WireGuard VPN access.

🚀 Why This Setup?

This home lab allows for:

  • Hands-on DevSecOps practice
  • Log ingestion and analysis via Splunk
  • CI/CD experimentation in GitLab
  • Workflow automation and system monitoring
  • Secure, self-hosted replacements for cloud services