// Blue Team Home Lab

Project Tiramisu

A fully documented build of a Blue Team security lab on commodity hardware — from bare metal to a functioning detection and response stack. Every decision explained. Every failure included.

Phase 1 Complete · Phase 2 In Progress

// The Stack

Hypervisor

Proxmox VE

Bare-metal, Type 1. Runs everything.

Firewall

OPNsense

Network segmentation, WAN gateway.

SIEM

Wazuh

Log collection, anomaly detection, alerts.

SOAR

n8n

Automated response workflows.

Visualisation

Grafana + Loki

Dashboards and log search.

Remote Access

Tailscale

WireGuard mesh. No port forwarding.

// Phase 1 — Foundation

12 Mar 2026 · Post 00

Why I stopped watching tutorials and built a lab instead

The motivation post. Tutorial loops, the intimidation of starting, and what pushed me to finally build something real.

Published

25 March 2026 · Post 01

Choosing the stack: what to run and why everything changed

The original plan called for ELK, Shuffle, and TheHive. Then I looked at the RAM budget.

Published

1 April 2026 · Post 02

Cutting my teeth on Proxmox

Proxmox doesn't do Wi-Fi. This is journey of the lessons and the fixes.

Published

Coming soon · Post 03

Building the network: bridges, OPNsense, and the partition war

Four hours. One error message. Five commands — once I knew where to look.

Drafting

Coming soon · Post 04

Remote access without port forwarding: Tailscale in a home lab

Most guides assume you can port forward. With LTE and CGNAT, you cannot. Here's the solution.

Drafting

Coming soon · Post 05

Three devices, one lab: the full architecture explained

Phase 1 complete. How three consumer devices become a coherent security lab — and why Laptop 2 runs LUKS.

Drafting

// Phase 2 — Security Stack (Upcoming)

Upcoming · Post 06

Deploying Wazuh, the jump box, and getting OPNsense online

The firewall was installed. But without a device on the internal network, I couldn't reach its GUI.

Upcoming

Upcoming · Post 07

First detections: n8n, Grafana, and the alert that fired at 2am

The payoff post. The dashboard is live. Something got detected. Here's what it was.

Upcoming

Upcoming · Post 08

Attacking my own lab: the first Red Team exercise

I built the defences. Then I tried to break them. Here's what Wazuh caught and what it missed.

Upcoming

Full Technical Playbook — Phase 1

The complete reference document: architecture decisions, configuration files, failure log, and Phase 2 roadmap will be made available soon.