Pakkit.net
← Back to projects

Infrastructure / Security

Lab

Private Cloud / Homelab

Private-cloud experiments with Docker, VMware, PKI, networking, monitoring, and zero-trust patterns.

  • Docker
  • VMware
  • PKI
  • Zero Trust
  • Self Hosting
  • Monitoring
  • Infrastructure
Illustration of a private-cloud lab: a server rack, containers and virtual machines, a PKI key, a monitoring graph, and a backup-and-recovery cycle.

What this proves

Proves I understand messy, self-operated infrastructure — failure modes, trust boundaries, and recovery included — not just tidy diagrams or toy examples.

Overview

The Private Cloud / Homelab project is where I test infrastructure ideas before they become opinions. It’s a practical environment for learning how systems behave when you have to design them, deploy them, secure them, monitor them, and recover them yourself — with no managed service quietly papering over the hard parts.

It’s a learning and validation lab, not a public cloud provider or a commercial hosting claim. What makes it valuable is exactly that you operate the consequences: the lab is where patterns earn their place before they show up in independent consulting — including earlier work like Duvall WiFi — or in a product build like NexusPort.

Why build a private cloud

You learn infrastructure by operating it, not just by diagramming it:

  • Learning through operation — owning the whole stack means owning the failures, which is where the real lessons live.
  • Understanding failure modes that managed platforms abstract away.
  • Validating patterns before recommending them — taste you can stand behind because you’ve felt the tradeoffs.
  • Building intuition for tradeoffs between reliability, maintainability, security, recovery, and complexity.
  • Keeping curiosity tied to real systems instead of slideware.

This isn’t an “I replaced the cloud” story. It’s a place to build judgment.

Architecture themes

The lab is organized around the same principles I’d want in any serious system, kept deliberately high-level here:

  • Modular services with clear separation of concerns.
  • Network boundaries that make trust explicit rather than assumed.
  • Identity and trust treated as first-class design inputs.
  • Repeatable deployment, so rebuilding is routine, not heroic.
  • Recovery planning — assuming things break and designing for the rebuild.
  • Documentation that keeps the whole thing understandable over time.

Containers and virtualization

Two tools, used for different jobs:

  • Docker for repeatable, disposable services — packaging deployment so the same thing comes up the same way every time, which keeps environment drift from creeping in.
  • Virtualization (VMware) for isolation and multi-system lab environments, where having a full, separable machine is the right unit.
  • When containers win: stateless-ish services, fast iteration, clean teardown.
  • When VMs still make sense: stronger isolation, OS-level experiments, and scenarios where a whole-machine boundary is the point.

The goal is simple, repeatable deployment patterns — not the most exotic setup.

Security and trust boundaries

Internal services still get treated as real systems. Convenience is not a reason to lower the bar:

  • Least privilege by default — access is granted narrowly and on purpose.
  • Segmentation to reduce blast radius when something does go wrong.
  • Certificate trust / PKI as a design concept — building and operating the trust boundaries yourself makes them far easier to reason about.
  • Reducing attack surface through careful, deliberate exposure.
  • Secrets stay out of docs and repos — full stop.

This is principle, not implementation: no private addresses, hostnames, keys, or access methods belong on a public page like this one.

Observability and operations

A lab you can’t see into is just a pile of surprises:

  • Logs and monitoring so behavior is visible, not guessed at.
  • Alerts that point at the real problem instead of the symptom.
  • Backups and recovery drills — a backup you’ve never restored is a rumor.
  • Knowing what changed, so an incident starts from facts.
  • Operational documentation that makes the safe path the easy path.

What the lab teaches

This is the part that pays off in professional work:

  • Operating a system teaches better architecture than only designing one.
  • Complexity has a carrying cost — every clever addition is something to operate later.
  • Clean rollback paths matter more than clever forward paths.
  • A lab is a place to safely break things and learn, on purpose.
  • Private infrastructure sharpens consulting judgment — you advise differently when you’ve lived with the consequences.

What I learned

  • Boring reliability is a feature, not a lack of ambition.
  • Secure defaults save a lot of future pain.
  • Automation should reduce risk, not hide it — a hidden process is a future incident.
  • Documentation is part of operations, not an afterthought to them.
  • The best lab systems are the ones still understandable after you haven’t touched them for weeks. (More of that mindset in notes from a private cloud gremlin.)

What’s next

Honest, directional next steps:

  • More standardized service templates.
  • Cleaner documentation and runbooks.
  • A stronger, well-tested backup and recovery model.
  • Deeper monitoring that explains why, not just that.
  • Improved secrets handling.
  • More portable container patterns.
  • Public-safe architecture diagrams, once they can be shared without exposing anything sensitive.

If infrastructure, security, or homelab-flavored problem-solving is your kind of thing, let’s compare notes.

The companion essay, Notes From a Private Cloud Gremlin, goes deeper on the lab mindset: why operating your own systems teaches better architecture than only designing them on paper.

Where to next

Keep exploring

A few good next steps from here — a related build, some background reading, or a way to take it further together.