{"id":60,"date":"2025-09-18T09:26:02","date_gmt":"2025-09-18T09:26:02","guid":{"rendered":"https:\/\/ryslab.dev\/?p=60"},"modified":"2025-09-20T04:48:52","modified_gmt":"2025-09-20T04:48:52","slug":"why-proxmox-is-perfect-for-your-homelab","status":"publish","type":"post","link":"https:\/\/ryslab.dev\/index.php\/2025\/09\/18\/why-proxmox-is-perfect-for-your-homelab\/","title":{"rendered":"Why Proxmox is Perfect for Your Homelab"},"content":{"rendered":"\n<p>Most people exploring IT System Administration don\u2019t have racks of servers or a massive budget for enterprise licensing. Many of us start with just one modest machine and the need to run multiple isolated systems. That\u2019s exactly where <strong>Proxmox Virtual Environment (Proxmox VE)<\/strong> excels. Proxmox also allows for clustering nodes providing high availability scaling with you, from beginner to advanced setups..<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>One Box, Many Systems<\/strong><\/h2>\n\n\n\n<p>With Proxmox, you can run <strong>both virtual machines and containers<\/strong> side by side:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Virtual Machines (KVM)<\/strong> \u2192 Full operating systems like Windows Server or a hardened Linux distro.<br><\/li>\n\n\n\n<li><strong>Containers (LXC)<\/strong> \u2192 Lightweight services (web servers, VPNs, databases) that share the host kernel but remain logically isolated.<br><\/li>\n<\/ul>\n\n\n\n<p>On limited hardware, containers let you squeeze more workloads out of your system, while VMs provide strong isolation where it matters.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Built-In Segmentation and Security<\/strong><\/h2>\n\n\n\n<p>Even on a single host, you can enforce segmentation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Isolated networks<\/strong> \u2192 Create bridges and VLANs so services don\u2019t bleed into each other.<br><\/li>\n\n\n\n<li><strong>Firewalls<\/strong> \u2192 Proxmox has per-VM and per-container firewall rules with iptables\/nftables under the hood.<br><\/li>\n\n\n\n<li><strong>Snapshots &amp; Rollbacks<\/strong> \u2192 If a system breaks or gets compromised, roll back to a known-good state. RUN BACKUPS IN STOP MODE if you have SQL databases or other data that is easily corrupted.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/ryslab.dev\/wp-content\/uploads\/2025\/09\/image-1024x550.png\" alt=\"\" class=\"wp-image-61\"\/><\/figure>\n\n\n\n<p>This turns one physical box into a segmented lab or small production environment where workloads can\u2019t interfere with each other.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>My Setup on a Single Host<\/strong><\/h2>\n\n\n\n<p>To show how powerful this can be, here\u2019s what I\u2019m currently running on <strong>a single Core i5 9500<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OPNSense (VM)<\/strong> \u2013 Router\/firewall for the network, providing segmentation, VPN, and traffic filtering.<br><\/li>\n\n\n\n<li><strong>Production (Ubuntu Server 24 VM)<\/strong> \u2013 Runs multiple Docker containers for applications and services, plus NFS shares for roaming home directories.<br><\/li>\n\n\n\n<li><strong>Testing (Ubuntu Server 24 VM)<\/strong> \u2013 A sandbox environment to trial new software and updates without risking production stability.<br><\/li>\n\n\n\n<li><strong>FreeIPA Server (Rocky Linux 10 VM)<\/strong> \u2013 Manages identity, authentication, and permissions across my systems.<br><\/li>\n\n\n\n<li><strong>Pi-Hole (LXC Container)<\/strong> \u2013 Local DNS sinkhole for blocking ads and telemetry network-wide.<br><\/li>\n\n\n\n<li><strong>Certificate Authority (LXC Container)<\/strong> \u2013 Issues and manages HTTPS certificates for internal services.<br><\/li>\n\n\n\n<li><strong>CachyOS Desktop (VM)<\/strong> \u2013 A testing desktop with KDE Plasma to experiment with a modern Arch-based environment.<br><\/li>\n<\/ul>\n\n\n\n<p>That\u2019s <strong>seven separate systems<\/strong>, all logically isolated, running securely on a single machine. Without Proxmox, this level of segmentation would require multiple physical boxes, more power draw, and much higher costs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>WebUI That Doesn\u2019t Get in the Way<\/strong><\/h2>\n\n\n\n<p>Unlike barebones hypervisors that require third-party management tools, Proxmox has a <strong>built-in web interface<\/strong>. It\u2019s fast, lightweight, and does everything a sysadmin needs without being bloated:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create and configure VMs or containers in a few clicks.<br><\/li>\n\n\n\n<li>Monitor CPU, RAM, and disk I\/O usage in real time.<br><\/li>\n\n\n\n<li>Manage networking \u2014 bridges, VLANs, bonds \u2014 directly in the UI.<br><\/li>\n\n\n\n<li>Schedule backups and restore with point-and-click simplicity.<br><\/li>\n\n\n\n<li>Cluster nodes and even migrate VMs between them, all from a single pane of glass.<\/li>\n\n\n\n<li>Even lets you access the system through the Console button.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/ryslab.dev\/wp-content\/uploads\/2025\/09\/image-2-1024x550.png\" alt=\"\" class=\"wp-image-63\"\/><\/figure>\n\n\n\n<p>The best part? You still have <strong>full CLI access<\/strong> (qm, pct, pveproxy, etc.). If you prefer automation and scripts, you\u2019re not locked into the UI. The WebUI is just a convenience layer, not a walled garden.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Hardware Passthrough (PCIe, USB, GPU)<\/strong><\/h2>\n\n\n\n<p>Proxmox also makes it straightforward to passthrough hardware to VMs. Direct access gives the VM the physical hardware instead of software defined hardware.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>GPU passthrough<\/strong> \u2192 Assign a dedicated graphics card to a VM (e.g., a Windows gaming VM or a CUDA machine learning workload).<br><\/li>\n\n\n\n<li><strong>USB passthrough<\/strong> \u2192 Attach things like security keys, external drives, or DVB tuners directly to a VM.<br><\/li>\n\n\n\n<li><strong>NIC passthrough<\/strong> \u2192 Give a VM its own physical network card for high-performance or firewall\/router setups.<br><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/ryslab.dev\/wp-content\/uploads\/2025\/09\/image-1-1024x550.png\" alt=\"\" class=\"wp-image-62\"\/><\/figure>\n\n\n\n<p>For example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OPNSense firewall<\/strong> often runs best with direct NIC passthrough, so it handles traffic at line speed instead of through a virtual bridge.<br><\/li>\n\n\n\n<li><strong>CachyOS KDE desktop VM<\/strong> could benefit from GPU passthrough for smooth desktop rendering.<\/li>\n<\/ul>\n\n\n\n<p>I briefly experimented with installing Proxmox on my main workstation and passing around my GeForce 2080, but I spent more time fixing kernel panics, video that wouldn&#8217;t render, and rebooting so be aware of the limitations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most people exploring IT System Administration don\u2019t have racks of servers or a massive budget for enterprise licensing. Many of us start with just one modest machine and the need to run multiple isolated systems. That\u2019s exactly where Proxmox Virtual Environment (Proxmox VE) excels. Proxmox also allows for clustering nodes providing high availability scaling with [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":61,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-60","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-homelab"],"_links":{"self":[{"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/posts\/60","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/comments?post=60"}],"version-history":[{"count":1,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions"}],"predecessor-version":[{"id":62,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions\/62"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/media\/61"}],"wp:attachment":[{"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/media?parent=60"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/categories?post=60"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ryslab.dev\/index.php\/wp-json\/wp\/v2\/tags?post=60"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}