AI / CyberLab

A production-grade homelab for cybersecurity and AI infrastructure research.

Architecture

Network

Dual-Subnet + VPN

Segmented network with a home LAN and isolated DMZ for lab servers. WireGuard site-to-site VPN connects a GCP production VM back to the lab for centralized log forwarding and SNMP monitoring. OpenWrt router with AdGuardHome DNS and conditional forwarding to Active Directory.

Compute

3-Node Proxmox

Proxmox VE cluster with 9+ VMs across three nodes. GPU passthrough (RTX 4070) for LLM inference. Recent migration consolidated all VMs to two nodes, freeing the i9-13900H for bare-metal AI workloads.

Identity

Active Directory + Duo

Windows Server domain with DNS, DHCP, and Cisco Duo MFA protecting Windows logon and RDP. RADIUS proxy for future VPN integration.

AI Infrastructure

Agent Swarm Architecture — Human → Ralph → Conductor → Agents → Gatekeeper → Infrastructure

Agent Swarm

14-Service Architecture

Multi-agent AI system for autonomous infrastructure management. Hierarchical design: Conductor orchestrator parses natural-language intents via LLM, routes tasks to specialized subagents (Proxmox, Docker, IaC, firewall), while independent observers monitor for safety and auditability. All privileged operations route through a non-AI Gatekeeper credential proxy with per-agent allowlists and human approval for dangerous operations.

Python / FastAPI RabbitMQ Redis PostgreSQL Prometheus Grafana

LLM Inference — GPU

RTX 4070 + RTX 5060

BigBrain (RTX 4070, 12GB) serves the primary agent model at ~73 t/s. FastForward (RTX 5060 Blackwell, 8GB) runs subagent workloads at ~67 t/s using IQ4_XS quantization to fit within VRAM constraints.

LLM Inference — CPU

35B MoE @ 8.2 t/s

MS-01 (i9-13900H, 64GB DDR5) runs the Conductor's cyberpilot model — a 35B parameter sparse MoE with only 3B active parameters. Open WebUI provides a chat interface with aviation RAG knowledge base.

Ralph the Raccoon

AI Assistant

Personal AI assistant accessible via Telegram. Currently on OpenClaw, migrating to NVIDIA NemoClaw as a simplified Conductor interface. Supports Claude, NVIDIA NIM, and local Ollama models.

Security & Monitoring

SIEM

Splunk Enterprise

Dedicated VM with Developer License. Collects syslog from all Linux hosts, Universal Forwarders from Windows DCs, and nginx logs from GCP via WireGuard tunnel.

Network Monitoring

LibreNMS

SNMPv3 monitoring across 10 devices with custom extend scripts for CPU temperature, SMART status, and LVM usage on Proxmox hosts.

MFA

Cisco Duo

Push-based MFA via Duo Authentication Proxy with AD integration. Protects Windows logon, RDP, and SSH. RADIUS-ready for VPN.

Cloud Hardening

GCP Defense-in-Depth

SSH restricted to home IP + IAP. UFW deny-all. fail2ban with 3 jails. Docker localhost-bound. Let's Encrypt auto-renewal. WordPress IP redaction for public content.

Self-Hosted Services

Gitea

Private Git server with agent read-only API access. Source of truth for lab infrastructure code.

MkDocs

Material-themed documentation site for internal lab procedures and runbooks.

Homarr

Dashboard linking all services, Proxmox consoles, and VM management.

Portainer

Docker container management across multiple hosts.