This is the honest version of a home lab. Not the polished rack someone posts on Reddit. A two node Proxmox cluster sitting in a closet, doing real work for the people who live in this house and a chunk of thyfwxit.com's public side.

The idea

Two ordinary machines, partitioned sensibly, handle everything. No 96 core monster, no screaming rack. Every service runs in its own lightweight LXC container, or a small VM when it genuinely needs one, kept lean on purpose. The constraint was never CPU. It was RAM and a bit of restraint. Two nodes means I can shove a workload onto the other one and reboot the first without the house ever noticing.

It runs the home side of my life. Filtering DNS across every device on the network, automating the house, holding the files, and quietly watching itself for trouble. When the fridge tries to phone home to some telemetry endpoint at 3am, it never gets the chance. It started as a way to learn and stayed because it turned out genuinely useful.

What is actually on it

The cluster is the quiet backbone. Here is what lives on it, named honestly. Almost everything is a container. Home Assistant and OpenMediaVault get full VMs because they want deeper access to the hardware than a container gives them.

ServiceSoftwareType
DNS filteringAdGuard HomeLXC
Home automationHome AssistantVM
Network storageOpenMediaVaultVM
Container stackPortainerLXC
Network bootnetboot.xyzLXC
Reverse proxyNginx Proxy ManagerLXC
MonitoringUptime KumaLXC
Remote accessWireGuardLXC

One thing lives outside the cluster on purpose. A separate always on machine handles the loud public work: the Minecraft server, the Discord bot, and Nexus AI, my self hosted open models running on a dedicated GPU. The cluster handles the home. That box handles the crowd.

Nothing on it is exposed

The part I care about most. Nothing on the cluster opens a port to the internet. The public pieces reach back out through a Cloudflare Tunnel, so from the outside the only thing reachable is Cloudflare's edge. There is no inbound door to find, nothing to port scan, no service sitting out there waiting to be poked. Every service runs unprivileged and isolated, so even an internal problem stays boxed into one corner.

It watches itself

Uptime Kuma keeps an eye on every service and pings me the second something goes sideways. A slice of that same data feeds the live status row on the home page, so the green dots you see there are real, read straight off the lab, not a screenshot from a good day.

Backups, because everything fails eventually

Two tiers. A local one that catches the everyday failures, and an encrypted offsite one for the rare catastrophic cases. The hard part of backups is testing them, and mine get tested whenever something breaks, which is the worst possible strategy and has somehow worked fine for years. I have never lost more than a few minutes of work to a lab failure.

Why Proxmox, and why it stays

I have tried the alternatives. Proxmox is the one that stuck, for boring reasons that matter every week. Snapshots before a risky update. Containers and full VMs in the same tree. Live migration between the two nodes when I want to take one down. A web UI that is honest rather than pretty. When something breaks at 1am it shows me the answer in two clicks, and a rollback is five seconds back to a working state. That single feature is the reason I run it over plain Docker on bare metal.

Cheap to run, a handful of watts and pennies a month, and it paid for itself in a few months against renting the same compute in a cloud. The portfolio you are reading is not even on it. The public stuff lives on someone else's infrastructure on purpose, so if my home internet drops, the site stays up. The lab handles the home. That split is deliberate.