Overview
A small but practical homelab running on repurposed enterprise hardware. Primary uses: learning, testing security tooling in a controlled environment, and running self-hosted services that I actually use day to day.
Hardware
| Host | Specs | Role |
|---|---|---|
| Dell OptiPlex 7060 | i7-8700, 32 GB RAM, 512 GB SSD | Proxmox hypervisor |
| Raspberry Pi 4 | 4 GB RAM | DNS, monitoring |
| Unmanaged switch | 8-port gigabit | Core switching |
The OptiPlex was an eBay find — small form factor, low idle power draw, and enough headroom to run several VMs concurrently without thermal issues.
Network topology
ISP Modem/Router
│
[Firewall]
│
[Switch]
├── Proxmox host (VLAN 10 — lab)
├── Raspberry Pi (VLAN 20 — services)
└── Personal devices (VLAN 30 — trusted)
Lab traffic is isolated on its own VLAN and has no route to trusted devices. Anything running in the lab environment — vulnerable VMs, test detections, malware samples — stays contained.
Running services
| Service | Host | Purpose |
|---|---|---|
| Proxmox VE | OptiPlex | Virtualisation |
| Pi-hole | Raspberry Pi | DNS filtering and local resolution |
| Grafana + Prometheus | Proxmox VM | Host and service monitoring |
| Elastic Stack | Proxmox VM | Log aggregation, detection engineering |
| Kali Linux | Proxmox VM | Offensive tooling, lab testing |
| Vulnerable VMs | Proxmox VMs | Practice targets (isolated VLAN) |
What I use it for
Detection engineering — the Elastic stack ingests logs from all lab hosts. I use it to build and test detection rules before they go anywhere near production, and to replay attack scenarios against a real SIEM.
Certification prep — spun up dedicated environments for BTL1 and other practical certs. Cheaper and more flexible than booking lab time repeatedly.
Tooling evaluation — anything new goes in the lab first. Network scanners, DFIR tools, log shippers — test the behaviour before deploying it.
General tinkering — DNS configuration, certificate management, Ansible playbooks. Low-stakes place to break things.
Build notes
Proxmox over bare metal Linux — the VM snapshot and clone workflow is worth it. Being able to roll back a test environment in 30 seconds changes how you approach experimentation.
Pi-hole for DNS — handles ad blocking and local DNS resolution for lab hostnames. Pairs well with Unbound as an upstream recursive resolver if you want full local DNS resolution without relying on a third-party.
VLAN isolation is non-negotiable — if you’re running anything adversarial (vulnerable machines, malware samples, exploitation frameworks), it needs to be isolated at the network layer. A software firewall on the host isn’t sufficient.
What’s next
- Migrate from unmanaged to managed switching for proper VLAN enforcement
- Add a dedicated log forwarding agent on each host
- Document the Elastic detection rule library