Architecture of my home server

The following information represents the situation at the end of April 2026.
The architecture is made in such a way that it can easily be adapted and extended later.

1 - Hardware and OS

Hardware bought (total price 650 EUR):

• Mini PC "MINIS FORUM UM350"
  with "AirDisk" 0.5TB NVMe SSD included
• additional internal disks:
  "Crucial MX500" 2TB SATA SSD
• additional external backup disks:
  "Crucial P3 Plus" 2TB NVMe SSD,
  "UGREEN M.2 NVMe" enclosure,
  and "Crucial P3 Plus" 0.5TB NVMe SSD
• additional remote control:
  "JetKVM" as IP-based KVM

To minimize power consumption (10-20 W) and noise, no HDD's are used.
At the same time the storage speed of SSD's is up to 10 times higher.

Hypervisor software as OS installed:

• Proxmox Virtual Environment 8.3.0
  (based on Debian Linux 12)

2 - Managed Resources

Resources managed by Proxmox:

• CPU:
  4 cores/8 threads = 8 CPU
• Memory:
  16GB RAM
• Internal Storage:
  0.5TB NVMe SSD is named "/dev/nvme0n1" in Proxmox,
  and LVM partition is used by directory "local" (path /var/lib/vz);
  2TB SATA SSD is named "/dev/sda" in Proxmox,
  and ext4 partition is used by directory "local-extra" (path /mnt/pve/local-extra);
• External Storage:
  2TB NVMe SSD is named "/dev/sda" in Proxmox,
  and ntfs partition is used by directory "usb-backup" (path /mnt/usb-baskup);
  the other 0.5TB NVMe SSD is used only as extra recovery disk for software on "local" storage

To maximize usable disk space, no RAID file system is used.
A backup system is implemented to take a snapshot every day, which is saved on external "usb-backup" storage.
This way, data of the previous day can be recovered easily within a day (which is sufficient in my situation).

(*)
File system determines how data is stored, eg ext4, xfs, zfs, btrfs;
Storage type determines how proxmox interacts with file system service, eg vm-disk, backup, iso-file;
Storage types on node level: Directory, LVM (logical volume management), LVM Thin, ZFS

3 - Managed Execution Environments

3.1 - Datacenter

Datacenter provides central management for 1 or more nodes (physical servers).
Currently only 1 node exists in my proxmox cluster.

3.2 - Node

Node "home-pve" (previously "proxmox01") with IP "192.168.0.11":

• manages LXC Containers and Virtual Machines as logical servers,
  and allocates resources to these servers
• users: root, myadmin (with sshkey)
• internal DNS name "home-pve.robertthecoder.org"
• installed software: Git, Cloudflare-DDNS

3.3 - LXC Containers (LC)

• "home-backupserver" (previously "nas-fileserver") with id "1091" and IP "192.168.0.91":
  used for installing file server and backup server software;
  added internal DNS name "home-backupserver.robertthecoder.org";
  added mounts: 64GB "local", 1024GB "local-extra", 1024GB "usb-backup" storage;
  added software: Cockpit, Syncthing, Borgbackup
• "home-utilityserver" with id "1092" and IP "192.168.0.92":
  used for installing utility software (not for custom applications);
  added internal DNS name "home-utilityserver.robertthecoder.org";
  added software: Authelia, Homarr
• "home-devdepserver" with id "1093" and IP "192.168.0.93":
  used for installing development and deployment software for custom applications;
  added internal DNS name "home-devdepserver.robertthecoder.org";
  added software: Gitea, Ansible
• “home-testappserver” with id "1094" and IP "192.168.0.94":
  used for installing custom applications in staging/test phase;
  added internal DNS name "home-testappserver.robertthecoder.org";
  added software: Cloudflare-Agent, Traefik
• "home-prodappserver" with id "1095" and IP "192.168.0.95":
  used for installing custom applications in production;
  added internal DNS name "home-prodappserver.robertthecoder.org";
  added software: Cloudflare-Agent, Traefik

All LXC Containers are created using the following Container Template:

• "templ-ubuntu" with id "1301":
  resources: 2 CPU, 2GB Memory, 20GB "local" storage;
  users: root, myadmin (with sshkey);
  installed software: Ubuntu-server 24.10 (includes ssh), Screenfetch, Fresh, Curl, Docker, Stow, Git, Zsh

(*)
SSH, Zsh and user 'myadmin' with sskey are used to easily access the servers.
Curl and Docker (or Podman) are installed on all servers,
because they are often needed to install other software.
Stow and Git are installed on all servers,
because they are used to distribute software settings and data.

3.4 - Virtual Machines (VM)

None

(*)
LXC Containers (sort of "lightweight virtual machines"), and not virtual machines, are used as logical servers,
because they only allocate resources dynamically at the moment that it's realy needed.
LXC Containers can be started and shutdown very fast and easily when needed.

4 - Network and Firewall organization

4.1 - Networking

Datacenter-level networking is not considered, because my proxmox only contains 1 node.
Used Node-level networking:

• one network device (physical port on my machine) "enp*"
• one linux bridge (virtual switch) "vmbr0"
  to connect all lxc's/vm's with network device as bridge port

4.2 - Firewall hierarchy

Proxmox provides firewall for datacenter, nodes, lxc's and vm's.
Used firewall configuration:

• datacenter & nodes:
  firewall is enabled in datacenter and node;
  rules to only allow access to ssh and proxmox web interface,
  exist on datacenter level (all other incoming traffix is dropped);
  no rules exist on node level;
• lxc's & vm's:
  firewall is enabled in lxc's and vm's;
  rules to allow access to specific service port, exist on lxc/vm level,
  and overwrite datacenter rules for specific lxc/vm;