1 min read

My Proxmox Home Lab Setup

How I run a self-hosted home lab on Proxmox: LXC containers, VMs, networking, and the services I depend on every day.

On this page

Running my own infrastructure keeps me close to networking, automation, and what it takes to keep software online. Proxmox is the foundation.

Containers vs. virtual machines

I default to LXC containers for lightweight services and reserve full VMs for workloads that need a real kernel or strict isolation.

What runs on it

  • A reverse proxy terminating TLS for every service.
  • A WireGuard tunnel for secure remote access.
  • Docker hosts for app stacks.
  • Scheduled backups to a separate node.

Lessons learned

Snapshot before every change, keep configuration in version control, and monitor early. A home lab is the cheapest place to make the mistakes you never want to make in production.

Provisioning SSH access

A small helper I run to push my public key to a freshly created node:

# Note: ~/.ssh/environment should not be used, as it
# already has a different purpose in SSH.
env=~/.ssh/agent.env
# Note: Don't bother checking SSH_AGENT_PID. It's not used
# by SSH itself, and it might even be incorrect
# (for example, when using agent-forwarding over SSH).
agent_is_running() {
if [ "$SSH_AUTH_SOCK" ]; then
# ssh-add returns:
# 0 = agent running, has keys
# 1 = agent running, no keys
# 2 = agent not running
# if your keys are not stored in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub, you'll need
# to paste the proper path after ssh-add
ssh-add -l >/dev/null 2>&1 || [ $? -eq 1 ]
else
false
fi
}
agent_has_keys() {
# if your keys are not stored in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub, you'll need
# to paste the proper path after ssh-add
ssh-add -l >/dev/null 2>&1
}
agent_load_env() {
. "$env" >/dev/null
}
agent_start() {
(umask 077; ssh-agent >"$env")
. "$env" >/dev/null
}
if ! agent_is_running; then
agent_load_env
fi
# if your keys are not stored in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub, you'll need
# to paste the proper path after ssh-add
if ! agent_is_running; then
agent_start
ssh-add
elif ! agent_has_keys; then
ssh-add
fi
unset env
view raw ssh_key_add.sh hosted with ❤ by GitHub