πŸ—οΈ Infrastructure Lab: The Urithiru Project

πŸ“œ Executive Summary

The Urithiru Homelab is a virtualized, software-defined data center (SDDC) built on Proxmox VE. This environment is designed to test enterprise-level concepts including Reverse Proxying, ZFS Storage, and Network Security.

By utilizing Nginx Proxy Manager, I have implemented a centralized entry point for all internal services, allowing for secure, domain-based access across the 10.0.0.x subnet.

πŸ› οΈ Compute Resources (The Nodes)

🏰 Urithiru (Proxmox VE)

Role: Type-1 Hypervisor

  • IP: 10.0.0.254
  • Port: 8006
  • Purpose: The hardware foundation. Manages the lifecycle of all virtual machines and Linux Containers (LXC).

πŸŒ€ The Oathgate (Nginx Proxy Manager)

Role: The Oathgate (Reverse Proxy)

  • IP: 10.0.0.240
  • Port: 81
  • Purpose: Manages SSL termination and traffic routing. It translates user-friendly domains (e.g., nas.wardeck.net) into backend service IPs and ports.

πŸͺΆ Windrunner (Terminal Workstation)

  • Role: Static Site Development (Hugo)
  • IP: 10.0.0.220
  • Port: 1313
  • Deployment: GitHub -> Cloudflare Pages (CI/CD)
  • Cleaning: Automated via Cloudflare’s ephemeral build environment.
  • Alias: hugodev (mapped to hugo server -D -p 1313 --bind 0.0.0.0)
  • Purpose: Host for wardeck.net development. Accessed internally via NPM to simulate a production web-header environment.

🧱 Stoneward (TrueNAS Scale)

Role: Data Integrity & Application Hosting

  • IP: 10.0.0.250
  • Port: 8080
  • Storage Logic: ZFS Raid-Z1 (or your specific setup) for bit-rot protection and snapshots. Two 1TB HDD’s passed through proxmox for TrueNAS ZFS Pools.

Hosted Services (Apps/Datasets):

  • πŸ›‘οΈ VaultWarden: Self-hosted Bitwarden instance for encrypted credential management across the lab. vault.wardeck.net
  • πŸ“Έ Immich: High-performance photo and video backup solution, serving as a self-hosted alternative to Google Photos. photos.wardeck.net
  • πŸ”„ Syncthing: Continuous file synchronization service to bridge data between Windrunner (Dev) and local workstations.
  • 🌐 Tailscale: Mesh-VPN node allowing secure, “Zero-Config” remote access to the Urithiru network from anywhere in the world.

πŸ‘οΈβ€πŸ—¨οΈ Truthwatcher (AdGuard Home)

Role: DNS & Network Privacy

  • IP: 10.0.0.230
  • Secondary AdGuard Server:10.0.0.235
  • Virtual IP Address:10.0.0.231
  • Purpose: Resolves local DNS queries and provides the primary “DNS Rewrite” logic that points *.wardeck.net traffic toward the NPM “Oathgate.” Keepalived floats 10.0.0.231. If the proxmox host dies, the other server picks up the slack.

🀝 Bondsmith (HomeAssistant)

Role: IoT Orchestration

  • IP: 10.0.0.210
  • Purpose: Centralized automation hub for localized hardware integration.

πŸ‘€ TRUTHLESS | Raspberry Pi Edge Node

  • Hardware: Raspberry Pi 4 (Docker Host)
  • IP Address: 10.0.0.200
  • Role: External health-check node running Uptime Kuma. Hosting IT-Tools.
  • πŸ“Š Uptime Kuma | uptime.wardeck.net
    • Role: Monitoring the heartbeat of the Shattered Plains (Home Lab).
  • πŸ› οΈ IT-Tools | tools.wardeck.net
    • Role: Swiss Army Knife for Docker/A+ Study (Subnet calcs, hashing, etc.).