As most of my friends know I have been using my old acer aspire laptop as my main server. Transitioning to a Mini PC has helped me to reduce electricity costs and open to a new world into more flexible hardware to work with.
Hardware
Elitedesk G3 mini is equipped with Intel(R) Core(TM) i5-6500T CPU @ 3.100GHz and 8 GB RAM (Upgradable to 32GB of RAM). However, in my home lab I have installed 16 GB RAM from my old setup to prioritize virtualization. Motherboard also has a swappable CPU slot in case I want to upgrade my CPU from i5 to i7 later.
As for the Storage, Motherboard has 2 M.2 slots and 1 SATA connector for 2.5 inch hard drives. In my current setup I am using 1TB WD Hard Disk with 512 GB KIOXIA M.2 Storage. Now that I am left with a second M.2 slot I have installed Intel Wi-Fi Card to map it directly to a virtual machine running on it.
Software
Proxmox
In my new setup I have completely ditched using just Ubuntu and moved to Proxmox VE. There are so many possibilities including virtualizing different operating systems. Such as Windows Virtual Machines, LXC Containers and most importantly Docker containers.
Docker
For me it is essential to have docker engine running in my home lab for different services. I have 2 docker engines running on this environment, one inside a Virtual Machine and one inside a LXC container with unprivileged.
Maincontroller VM has GPU passthrough done to it and USB Hard Disk attached to it. so that I can use Jellyfin transcoding and realtime sync when I watch something with my friends. On the other hand PVE-Docker has containers for monitoring and other automations that doesn't require GPU or SMB (Windows File Share).
Backups
Server backups are automated and stored on a separate USB hard drive, and they are notified to me via Email regularly. The piece of software that is responsible to manage these backups is called Proxmox Backup Server.
Exposing Webservices to Internet
On a very recent event I have completely stopped using cloudflare tunnels, as I have moved away from Dhiraagu and been using Ooredoo. They provided static IP and removed CGNAT completely in my network just for 10 MVR lifetime, which Dhiraagu offered 90 MVR per month. I think it is not a very good excuse or understandable that an ISP charges loads of amount to the bill just because they are running out of ipv4.
Conclusion
Establishing robust security measures within my homelab is not just a necessity but a critical aspect of responsible and informed experimentation. As a lot happens in local network and being exposed to internet, it is my responsible to take good security measures before I add any device to my network. By adopting a multi-layered approach, including strong password policies, exposing just port 80 and 443, firewall and fail2ban, network segmentation.