Snapshot
What the lab is for
This is not a demo rack. Real services on the home network depend on it staying up, which makes the mistakes and fixes more honest than a throwaway test environment.
The main rule I impose on the setup is simple: if the environment cannot be rebuilt from the repo in under an hour, it does not count as managed infrastructure. That pushes me toward clean separation between config, state, and service boundaries.
Mostly it gives me a place to break things that actually matter and have to be fixed properly.
Outcome: A containerized setup that gets rebuilt fast when something breaks. The rebuild constraint is the whole point because it keeps the config clean.
Build
What is running
01
Container Orchestration
All services run as Docker Compose stacks with explicit volume mounts and network definitions. Every config file is version-controlled, which became essential after a storage migration went sideways and I had to rebuild containers quickly.
Docker
Docker Compose
Version-Controlled Config
Network Isolation
02
Network-Level Services
Pi-hole runs as the primary DNS resolver for the whole home network. It handles ad blocking and internal hostname resolution, which made it a very good teacher the first time it failed and broke everything that depended on it.
Pi-hole
Local DNS
Network-Wide Ad Blocking
Custom Upstream Resolvers
Screenshot