TillyNet Home Lab

Overview

TillyNet is a self-hosted lab environment that simulates enterprise-grade IT infrastructure. Built on Proxmox virtualization with pfSense firewall enforcement, it features 16 segmented VLANs, centralized identity management via Samba Active Directory, single sign-on through Authentik, reverse proxy with Traefik, and enterprise 802.1X port-based authentication.

Tech Stack

Layer	Technology	Purpose
Hypervisor	Proxmox VE	Virtual machine and container management
Firewall	pfSense	VLAN routing, NAT, firewall rules
Identity	Samba AD	Domain controller, LDAP, DNS
SSO	Authentik	Single sign-on, LDAPS integration
Reverse Proxy	Traefik	TLS termination, service routing
DNS	Pi-hole	Ad-blocking, local DNS resolution
Auth	FreeRADIUS	802.1X EAP-TLS port authentication
IaC	Docker Compose	Service deployment and management

Build Journey

This lab was built incrementally over several months. Each step is documented as a detailed blog post:

1. The Big Bang — Proxmox + pfSense foundation (April 2025)
2. Network Management Isolation — Management VLAN separation
3. Remote VLAN Recovery — Proxmox network repair over VPN
4. Pi-hole DNS — DNS migration to production VLAN
5. Publishing Pipeline — Blog automation setup
6. Network Topologies — Topology experimentation
7. Current TillyNet Version — Architecture snapshot
8. Wi-Fi Proxmox Node — Dell XPS laptop as compute node
9. VM Connectivity Fix — Routed subnet troubleshooting
10. Samba AD — Domain controller provisioning
11. Authentik SSO — Docker-based identity provider
12. LDAPS Integration — Samba AD + Authentik via LDAPS
13. Traefik Reverse Proxy — TLS termination with internal CA
14. Authentik + Traefik — Forward auth middleware
15. PKI Chain of Trust — Root CA + intermediate CA hierarchy
16. 802.1X EAP-TLS — Enterprise port-based authentication