My Actual Infrastructure

Why I Reshaped My Home‑Lab

  • Power draw: old i7 tower idled at ≈80 W for almost nothing.
  • Efficiency: moved the NAS to a Raspberry Pi 5 + USB JBOD (≈6 W).
  • Consolidation: Intel N100 mini‑PC now runs Proxmox and all VMs. / LXCs
  • Hands‑on learning: every layer is mine—no SaaS lock‑in.
Intel N100 mini‑PC interior

Hosted Services

 BunkerWeb

Nginx + ModSecurity + OWASP CRS out‑of‑the‑box. Acts as a drop‑in WAF & reverse‑proxy for everything.

 Authentik

One portal for SSO, MFA and group policies across Grafana, Vaultwarden, Git and more.

 Bind 9

Self‑hosted authoritative DNS; registrar points mydomain directly to my box for full control.

 PrivateBin

End‑to‑end encrypted paste‑bin. Zero server knowledge, custom expiry & no third‑party logs.

https://bin.godef.be

 Kasm Workspaces

Disposable browser or full desktop in a Docker container—perfect for Tor sessions & testing.

Monitoring & Alerting

 Proxmox Login Watchdog

A Python script tails journalctl for pvedaemon logins and pushes instant Telegram alerts on success or failure.

GitHub — pve‑notifier
Alert example

Roadmap

Centralise logs & run rule‑based alerts with Discord / Telegram webhooks for SOC‑style visibility.

All‑in‑one Postfix/Dovecot with DKIM. Outbound SMTP relayed through a €2 VPS to bypass ISP port 25 blocks.

Lease a micro‑VPS, DNAT port 25 + others through WireGuard back to the home lab. See the guide "Avoir des adresses IPv4/IPv6 chez soi" (FR).
germain@godef.be
LinkedIn