fr4nç01s
                
            


            

            
  
    
    
  
  
  
  


        


        




  Table of contents
  





  
Context


For a couple of years I wanted to set up a homelab with a recycled PC from my university.
It seated quietly for 3 years in a corner of my room, until I finally got around to it last month.


The goal was to have a dedicated machine accessible from anywhere to experiment with different self-hosted services, and sharing while applying some cybersecurity knowledge to harden it as much as possible.


The Setup


The machine is a Dell Optiplex 7050 with an i5, 8GB of RAM, and a 256GB SSD. I also just had bought a domain name (theron.fyi) so I wanted to use it for the homelab as well.


1. Proxmox VE


I flashed a USB with Ventoy and installed Proxmox VE, a powerful open-source virtualization platform. Proxmox allows me to run multiple virtual machines (VMs) on the same hardware, giving me the flexibility to experiment with different operating systems and configurations without risking my main system.


2. Internet Connection


I bought a wifi USB adapter (TP-Link TX20U) to connect the homelab to my home network.
At the time I bought it there were no driver on Linux, but after some research I was finally able to get it work easily:


modprobe rtw89_8852bu

Since I’m on a “public” residency network the proxmox VE management is accessible to anyone on the same network, couple hundred people, it was a bit of a security concern.
So I modified the pveproxy configuration to only listen on localhost, so the management interface is not accessible from the local network anymore.


echo 'LISTEN_IP="127.0.0.1"' >> /etc/default/pveproxy
systemctl restart pveproxy

3. Cloudflare Tunnel


To access the homelab from anywhere, I set up a Cloudflare Tunnel. This allows me to securely expose the services running on my homelab to the internet without having to open any ports on my router. I configured the tunnel to point to the Proxmox management interface, so I can access it remotely.
I secured the tunnel with the original Proxmox login page + 2FA, and I also set up a Cloudflare login + Access policy to add an extra layer of security, especially against CVEs targeting Proxmox/Debian and bruteforce attacks.


See tutorial here


4. Cloudflare Pages


I also set up this site with Cloudflare Pages + Hugo, so I can easily update it from anywhere and share my experiments with the world. I configured a custom domain (blog.theron.fyi) and set up automatic deployments from Cloudflare directly.


See tutorial here.


Future Plans


Now that the homelab is up and running, I plan to self-host a few services like Obsidian Live Sync, and will see for the rest as I go.