alexbakertech

Project Overview

The Secure Home Lab is a modular, production-style network environment built entirely from open-source tools. Its purpose is to simulate enterprise-grade architecture — including segmentation, logging, and automation — using accessible, power-efficient hardware in a homelab context.

This project is both a learning platform and a technical showcase. It maps directly to RHCSA and Security+ objectives, while also serving as a live demonstration of secure-by-default infrastructure design.

This project is growing in phases. Click here to skip to project updates.

Project Goals

Create a segmented virtual network with VLANs and firewall zoning
Deploy and harden Linux servers using Ansible automation
Implement centralized logging and threat detection (Wazuh/ELK)
Explore real-time observability through dashboards and alerting
Practice Infrastructure-as-Code with Terraform (Proxmox & AWS)
Document architecture, decisions, challenges, and outcomes

Core Technologies

Proxmox VE — Virtualization platform for lab VMs
pfSense CE — Firewall, gateway, VLAN management
TP-Link Smart Switch — VLAN-capable layer 2 switching
Rocky Linux & Ubuntu — Target platforms for automation
Ansible — Secure baseline enforcement, package deployment
Wazuh / ELK Stack — Centralized logging and threat detection
Terraform — Infrastructure provisioning (local & cloud)

Lab Architecture (In Progress)

Mgmt VLAN for administrative interfaces and jump boxes
Servers VLAN for internal services (logging, IDS, dashboards)
Guest VLAN for untrusted devices
Monitor VLAN for mirrored traffic and passive inspection
Family VLAN for trusted personal devices
This represents the true “home” portion of the homelab. QoS will be configured to ensure consistent internet performance for day-to-day household use, even under lab load.
pfSense routes, filters, and logs traffic between segments

A detailed diagram and VM topology will be added as the lab matures.

Hands-On Outcomes

Hardened Rocky and Ubuntu VMs with CIS-aligned baselines
Automated provisioning of user accounts, SSH keys, firewalls
Segmented traffic with inter-VLAN rules and DNS overrides
Real-time alerting on SSH brute force, port scans, and policy violations
Replicable IaC pipelines stored in Git

Learning Focus

This project emphasizes:

Reproducibility and automation-first thinking
Secure configuration by default (not as an afterthought)
Real-world relevance to hybrid infrastructure/security roles

Follow the Project

This lab is evolving in phases, with each post documenting a specific milestone or challenge along the way. As the infrastructure grows more complex, I’ll cover topics like VLAN setup, IDS integration, centralized logging, and Terraform provisioning.

New entries will be added here as they’re published:

Core Network Foundation for the Secure Home Lab

Intro For this project, it’s essential to have a highly configurable firewall and gateway that supports advanced networking features. Specifically, the lab requires: VLAN support for network segmentation Advanced routing and NAT rules Internal DNS resolution Traffic filtering and monitoring capabilities There are many firewalls that meet these criteria, including OPNsense, VyOS, and enterprise-grade hardware solutions. However, I’m most familiar with pfSense, a mature and feature-rich open-source firewall built on FreeBSD. It offers a robust web interface, extensive community support, and deep configuration options. ...

Project Overview#

Project Goals#

Core Technologies#

Lab Architecture (In Progress)#

Hands-On Outcomes#

Learning Focus#

Follow the Project#