This repository contains public documentation from the HOMELAB.LAN project, covering authentication, NFS roaming home directories, DNS infrastructure, and ACME/TLS integration.
- NFS Roaming Home Directories
- FreeIPA Server Setup
- IPA ACME + Traefik + Proxmox Runbook
- Bypass Comcast DNS Interception || Network-wide Ad-Block w/ Pi-Hole
FreeIPA provides Kerberos, LDAP, DNS, and CA as the identity backbone.
NFS homes use Kerberos (krb5p) and autofs for secure per-user mounts.
DNS hierarchy ensures internal resolution with external fallback.
Traefik uses IPA's ACME directory for internal certs and Let's Encrypt for public domains.
External Queries → Pi-Hole (10.10.10.200) → Upstream DNS
Internal Queries → FreeIPA (10.10.10.11) → Pi-Hole (forwarder)
- FreeIPA DNS: Handles
homelab.lanzone, SRV records, reverse DNS - Pi-Hole: Network-wide ad-blocking, external resolution, DHCP
- Split DNS: Internal names resolve internally, external names use filtered upstream
Internet/Public Homelab LAN (10.10.10.0/24)
│ │
├── (LE ACME) ├── FreeIPA (KDC / DNS / CA / ACME)
│ ├── NFS Server (/srv/nfs/home, krb5p)
│ ├── Pi-Hole (DNS filtering + DHCP)
└── Traefik (gateway) ────┴── Proxmox (PVE CA, proxied by Traefik)
- Single Sign-On: Kerberos authentication across services
- Secure Homes: Encrypted NFSv4 with automatic mounts
- Internal PKI: FreeIPA CA issues certificates for all services
- Clean DNS: Ad-free browsing with proper internal resolution
© 2025 RysLabProjects — Licensed under MIT