A look at the infrastructure, automation, and tooling behind the home lab.
The lab is split across three locations, stitched together with Tailscale so everything talks to everything regardless of where it physically lives.
Local hardware running a Proxmox hypervisor. Debian VMs handle everything from the AI assistant to dev environments. Backups to local NAS storage.
Hostinger VPS running all the public-facing sites. Docker containers managed by Portainer, fronted by Nginx Proxy Manager with wildcard SSL.
Asustor NAS running Portainer for home-side containers: VPN services, media management, monitoring, and internal tools.
Tailscale Mesh - Connects all three locations plus mobile devices into one flat network. SSH, web UIs, API calls - everything goes over the mesh. No port forwarding, no VPN configs, no drama.
Tailscale is the backbone of the whole operation. Every node in the lab sits on a Tailscale mesh, which means everything can reach everything over encrypted WireGuard tunnels - regardless of physical location or NAT situation.
All administration happens over Tailscale. The Proxmox host, NAS, and toolbox VPS are all reachable by Tailscale hostname. No public SSH ports, no bastion hosts.
The toolbox VPS backs up over Tailscale directly to the Asustor NAS at home. Cloud data lands on local storage without ever touching the public internet.
Both Portainer instances (NAS and toolbox) are accessible via Tailscale URLs. One mesh, two container hosts, single pane of glass from anywhere.
The NPM admin UI on the toolbox server is only exposed over Tailscale. Public traffic hits the proxy hosts; management stays private.
Bob (ai-lab) on the Proxmox VM reaches the toolbox server and NAS over Tailscale to manage containers, run scheduled jobs, and pull data.
Phone and laptop on the mesh too. Full access to every management UI, every service, from anywhere.
This is the part I'm most proud of. Spinning up a new site takes about 10 minutes, and deploying changes is just git push.
Every project lives in its own GitHub repo with a Dockerfile. Most are framework-based applications - Next.js, TypeScript, Drizzle ORM, databases - with a few simpler static sites in the mix. The deploy pipeline doesn't care. Portainer stacks on the Toolbox server point at the GitHub repos. Push to main → GitHub sends a webhook to Portainer → Portainer pulls the latest, rebuilds the image, and redeploys the container. Nginx Proxy Manager handles SSL termination and routes traffic to the right container. Wildcard DNS points at the VPS, so adding a new subdomain is just creating a proxy host entry in NPM.
The complexity of each project varies, but the pipeline is the same: create a repo, add a Dockerfile, create a Portainer stack, add a proxy host. Done. Live on the internet with SSL.
Similar CI/CD patterns as production - automated builds triggered by code changes, immutable container deployments, SSL everywhere - but with simpler tooling, less resiliency, and no observability stack. It's a great place to experiment with deployment workflows without the overhead of a full production setup.
I built my own AI orchestrator in Go that wraps the Claude Code CLI as a subprocess. His name is Bob. He runs on a Proxmox VM and has full access to every server on the Tailscale mesh.
I talk to Bob through Discord DMs. He runs a long-lived Claude Code session with streaming I/O, so it's a real conversation - not fire-and-forget prompts. He can SSH into servers, hit APIs, manage containers, whatever the task needs.
Built-in cron system backed by SQLite. Each job gets its own prompt, model selection (Opus for chat, Sonnet for scheduled work), budget cap, tool restrictions, retry logic, and Discord alerts on failure. Jobs run as one-shot Claude Code subprocesses.
Web UI with real-time SSE activity feed, conversation history, cron job management, run logs with cost tracking, and a live editor for Bob's personality file (SOUL.md).
Not an API wrapper - Bob spawns actual Claude Code CLI processes. That means he gets all of Claude Code's built-in tools (filesystem, git, shell, web search) for free without reimplementing anything.
Uses claude-mem for memory that persists across sessions. Conversation history and cron run logs are stored in SQLite. Bob remembers what he's done and what's happened.
The whole thing is a single Go binary with embedded templates and migrations. Deployed as a systemd service on Debian. Source: mago0/ai-lab
Everything running in the lab, at a glance: