homelab proxmox truenas selfhosted homeserver

Running Proxmox, TrueNAS, Docker, and Backup on One Box Is Now a Reasonable Home Lab Setup

3 min read

Running Proxmox, TrueNAS, Docker, and Backup on One Box Is Now a Reasonable Home Lab Setup

The case for consolidating home server infrastructure onto a single physical machine used to require either accepting significant tradeoffs or spending more than the project warranted. Current hardware and software tooling have changed that calculation.

The architecture in question: Proxmox as the base hypervisor, TrueNAS running as a virtual machine for network storage, Proxmox Backup Server for snapshot management, and Docker for containerized services — all on one NAS-class machine. Each component runs in isolation, shares hardware resources efficiently, and can be updated or replaced without touching the others.

Why Proxmox Is the Right Foundation

Proxmox Virtual Environment is an open-source hypervisor that handles both full virtual machines and container-based workloads. Running TrueNAS inside a Proxmox VM rather than as the bare-metal operating system gives you the full storage management capabilities of TrueNAS while keeping the hypervisor layer available to host additional services.

The practical benefit is flexibility. With TrueNAS bare-metal, the machine does storage and only storage. With Proxmox underneath, the same hardware can simultaneously run a TrueNAS VM, a Home Assistant instance, a VPN server, and whatever containers your household or lab needs — without dedicating separate machines to each function.

Storage and Backup Architecture

TrueNAS handles the NAS functions — ZFS pools, SMB shares, iSCSI targets — and passes storage through to Proxmox via specific storage interfaces. Proxmox Backup Server, running as its own VM, handles incremental backups of the other VMs on a schedule. When a VM gets corrupted or misconfigured, rollback is a few clicks and a few minutes rather than a rebuild from scratch.

ZFS on TrueNAS provides checksumming and self-healing for storage integrity. The combination makes data loss from silent corruption substantially less likely than on traditional file systems — a meaningful difference for a machine running without active monitoring most of the time.

Remote Access Without Port Forwarding

Exposing home server services to the internet through port forwarding creates attack surface. Twingate is a zero-trust network access tool that creates encrypted tunnels to specific services without opening ports. The result is that remote access to your home server services works without your machine being directly reachable from the public internet.

This is a meaningful security improvement over the VPN-or-port-forward choice that previously dominated home lab remote access design. You get the same functional result — reach your services from anywhere — without the associated exposure.

Who This Is For

The setup has a meaningful configuration time investment upfront. It's not for people who want services that just work without engagement. It's well-suited for people who want to understand their infrastructure, own their data, and avoid ongoing subscription costs for storage and self-hosted services.

The one-box architecture pays back in electricity savings, space, and reduced complexity compared to a multi-machine setup doing the same jobs. Once configured, it runs without regular attention — and when something does need attention, the snapshot-based backup architecture means intervention is low-stakes.