[{"content":"Hi, I\u0026rsquo;m Hitanshu.\nI write about software, systems, self-hosting, and whatever I\u0026rsquo;m currently breaking in my homelab.\nThis blog is called Original Intent — a reminder to stay curious about why things were built the way they were, not just how to use them.\nYou can find my self-hosted projects and code on Gitea.\n","permalink":"https://hitanshu.zukizu.net/about/","summary":"\u003cp\u003eHi, I\u0026rsquo;m Hitanshu.\u003c/p\u003e\n\u003cp\u003eI write about software, systems, self-hosting, and whatever I\u0026rsquo;m currently breaking in my homelab.\u003c/p\u003e\n\u003cp\u003eThis blog is called \u003cem\u003eOriginal Intent\u003c/em\u003e — a reminder to stay curious about why things were built the way they were, not just how to use them.\u003c/p\u003e\n\u003cp\u003eYou can find my self-hosted projects and code on \u003ca href=\"https://gitea.home.zukizu.net/gitea\"\u003eGitea\u003c/a\u003e.\u003c/p\u003e","title":"About"},{"content":"Here\u0026rsquo;s a breakdown of everything running in my homelab — hardware, network, virtualisation, storage, and services.\nI\u0026rsquo;ve been running a homelab for a while now and it\u0026rsquo;s grown into something I actually rely on daily. This page covers the hardware, how the network is structured, and what\u0026rsquo;s running on it. Everything sits in a corner of my bedroom — no rack, no server room, just a pile of machines that make the room run a couple of degrees warmer during the day.\nHardware No rack. Four machines, a switch, and an access point. Each one has a dedicated job.\nDevice Role CPU RAM Storage OS Custom Desktop Daily Driver AMD Ryzen 7 7800X3D (16c @ 5.05GHz) 62 GB DDR4 2 TB SSD Arch Linux (Omarchy) Intel N150 Mini PC Router / Firewall Intel Twin Lake N150 12 GB 512 GB SSD OPNsense Custom Tower NAS Intel Core i5-4670K (3.4GHz) 8 GB 45 TB RAID + 2×7 TB Mirror TrueNAS Dell OptiPlex Micro 7010 Hypervisor Intel i5-13500T (20c) 32 GB DDR4 1 TB SSD Proxmox VE TP-Link SG108E Managed Switch — — — — UniFi AP Access Point — — — — The daily driver is overkill by any reasonable measure — the 7800X3D and RTX 5070 Ti are primarily for gaming and development, but it also pulls double duty on homelab tasks when needed. The Dell OptiPlex Micro is the quiet workhorse: tiny form factor, 20 threads courtesy of the i5-13500T\u0026rsquo;s hybrid core layout, and efficient enough to run 24/7 without guilt.\nNetwork The network is the part I\u0026rsquo;ve spent the most time getting right. The goal was full segmentation — devices that don\u0026rsquo;t need to talk to each other shouldn\u0026rsquo;t be able to, regardless of whether someone misconfigures something.\nRouter / Firewall An Intel N150 Mini PC running OPNsense handles everything at the edge: DHCP, DNS, firewall rules, and VLAN routing. The N150 is fanless and draws very little power. It\u0026rsquo;s the right tool for a job that needs to be on and reliable around the clock.\nSwitch \u0026amp; Wi-Fi All machines are wired through a TP-Link SG108E 8-port managed Gigabit switch. The UniFi Access Point broadcasts a separate SSID per VLAN, so wireless clients land on the correct network segment automatically without any manual configuration on the device side.\nVLANs Five VLANs, each with its own firewall policy:\nVLAN Name Purpose 10 Daily Drivers Personal computers and main workstation 20 Homelab Services VMs and self-hosted services on Proxmox 30 NAS Storage array — isolated from direct client access 40 IoT Smart home devices 50 Guest Guest Wi-Fi The segmentation isn\u0026rsquo;t just cosmetic. VLAN 30 (NAS) has no direct inbound access from clients — storage is only reachable via services running on VLAN 20. If something on a client machine gets compromised, it can\u0026rsquo;t browse or mount network shares directly. VLAN 40 is fully air-gapped from everything else on the network; smart devices can reach the internet but have zero visibility into any other VLAN or host. VLAN 50 follows the same principle for guests — internet only, nothing internal is visible or reachable.\nRemote Access Tailscale handles remote access. Every machine in the lab is on a Tailnet, so I can reach any service from anywhere without opening ports or punching holes in the firewall.\nPrivacy ProtonVPN is used for general internet traffic on the daily driver, keeping browsing off the ISP\u0026rsquo;s logs without routing all homelab traffic through an external tunnel unnecessarily.\nVirtualisation — Proxmox VE The Dell OptiPlex Micro 7010 runs Proxmox VE. It\u0026rsquo;s small enough to forget it\u0026rsquo;s there, but the i5-13500T gives it enough headroom to run everything comfortably.\nMost services run as LXC containers — lightweight, fast to spin up, and easy to manage. LXC shares the host kernel, so there\u0026rsquo;s no virtualisation overhead for services that don\u0026rsquo;t need it. The media automation stack (*arr services) runs as Docker containers inside a dedicated LXC, keeping the container ecosystem self-contained and portable.\nThis split works well in practice: LXC for long-running services that need to feel like real machines, Docker Compose for the media stack where the services are tightly coupled and benefit from being managed together.\nStorage — TrueNAS The NAS is an older i5-4670K tower repurposed purely for storage. It doesn\u0026rsquo;t need to be fast — a NAS spends most of its time waiting on disk I/O, not running computations.\nStorage layout:\n45 TB RAID array — bulk media and long-term storage 2×7 TB mirrored pool — higher-value data with redundancy on both drives TrueNAS handles SMB/NFS shares, exposed only to VLAN 20. Shares are never mounted directly on client machines — all access goes through services on the homelab VLAN.\nMedia Stack Jellyfin is the media server. Jellyseerr sits in front of it as the request interface — browse, request, and it automatically hands off to the right *arr app. The *arr stack handles everything before a file lands in the library.\nThe flow: Jellyseerr → Radarr or Sonarr picks up the request → Prowlarr finds the source → qBittorrent downloads it → renamed and moved into the library → Jellyfin picks it up automatically. Bazarr runs alongside and handles subtitles.\nService Purpose Jellyfin Open-source media server for streaming movies and TV shows Jellyseerr Media request and discovery interface for Jellyfin Radarr Movie library management and automated downloads Sonarr TV show library management and automated downloads Prowlarr Centralised indexer manager — connects all *arr apps to sources qBittorrent Torrent download client Bazarr Automatic subtitle downloads and sync for movies and shows Other Services Beyond the media stack, a collection of self-hosted tools covering productivity, file management, security, and utilities — all running as LXC containers on Proxmox.\nService What it does Immich Photo and video backup — self-hosted Google Photos alternative Nextcloud Self-hosted cloud storage and file sync — self-hosted Google Drive Bitwarden Self-hosted password manager (Vaultwarden) Gitea Lightweight self-hosted Git service — private GitHub Audiobookshelf Audiobook and podcast server with progress sync across devices Vikunja Task and project management — self-hosted Todoist alternative Shelfmark Bookmark manager and read-later tool Nginx Proxy Manager Reverse proxy with a web UI — handles routing and SSL for all services Portainer Docker container management web UI PDF Editor Self-hosted PDF tools — merge, split, convert, and edit Homepage Customisable dashboard aggregating all services, status, and stats Everything is surfaced through Homepage, which gives a single pane of glass across all running services with live status indicators and stats.\n","permalink":"https://hitanshu.zukizu.net/posts/homelab/","summary":"\u003cp\u003eHere\u0026rsquo;s a breakdown of everything running in my homelab — hardware, network, virtualisation, storage, and services.\u003c/p\u003e\n\u003cp\u003eI\u0026rsquo;ve been running a homelab for a while now and it\u0026rsquo;s grown into something I actually rely on daily. This page covers the hardware, how the network is structured, and what\u0026rsquo;s running on it. Everything sits in a corner of my bedroom — no rack, no server room, just a pile of machines that make the room run a couple of degrees warmer during the day.\u003c/p\u003e","title":"Homelab"}]