Homelab Network Architecture

Interactive service map — click any card for details

v1.0 On-Premise 4 Devices

1 Network Edge

OPNsense Firewall

Gateway, DNS, DHCP, firewall

WANLAN

Gigabit Switch

Managed switch with VLAN support connecting all LAN devices

1Gbps

OPNsense FirewallDedicated mini-PC running OPNsense as the network gateway with DHCP and DNS. All LAN traffic routes through this device for firewall inspection and routing.

Managed SwitchGigabit Ethernet switch with VLAN support. AI sandbox VM is isolated to its own VLAN. All LAN devices connect through this switch.

↓

Home Network (Private LAN)

2 Always-On Infrastructure Mini PC — Proxmox 8.x Hypervisor

Homelab Hub

FastAPI + SQLite device management, Docker

REST API

Services

Reverse proxy, search, evaluation dashboards

HTTPSReverse Proxy

Proxmox API

REST API for VM/LXC management

REST API

Homelab HubCentral API for all device management. Runs FastAPI with SQLite backend inside a Proxmox LXC container. Stores the device registry, queues commands for agents, and proxies requests to the Proxmox API.

Services ContainerHosts Caddy as the central reverse proxy with TLS certificate management, search services, and LLM evaluation dashboards.

Proxmox APIThe Proxmox VE REST API provides programmatic control over VMs and LXC containers. The Homelab Hub proxies requests to this API for container provisioning and management.

↓

3 AI Server Desktop PC — GPU, 32GB RAM — Ubuntu 24.04

Ollama

LLM inference engine, multiple models

GPUInference

llama-server

Dedicated vision-language model server

GPUVLM

Open WebUI

Chat interface for local LLMs

DockerRAG

Homelab Agent

Polls hub for commands, reports stats

systemdagent

OllamaLLM inference engine serving multiple model families on demand. Automatically unloads models after idle time to free VRAM. LAN-only access.

llama-serverDedicated server running a vision-language model with built-in metrics endpoint. API key protected. Shares GPU VRAM with Ollama so only one runs at a time.

Open WebUIFull-featured chat interface for local LLMs. Runs in Docker with user authentication, persistent chat history, RAG knowledge bases, and web search integration.

Homelab AgentA systemd service that polls the Homelab Hub for queued commands and reports system statistics back. Executes commands on the host and returns results to the hub.

↓

4 Remote Devices

Remote Access

Encrypted mesh VPN for managing the homelab from anywhere

WireGuardP2P

Remote AccessWireGuard-based mesh VPN providing encrypted peer-to-peer tunnels between devices. Enables secure remote access to all homelab services without port forwarding or exposing anything to the public internet.