Welcome to hacktuah-lab, also known as The Closet Lab - my chaotic, evolving attempt to understand networking, servers, and security by building everything from scratch instead of just reading about it. Spoiler: it has been ridiculously frustrating, fun and insanely addictive.
I started this whole journey because I wanted to wrap my head around C2 frameworks, servers, and networking, but reading documentation and watching videos was not clicking. So, instead of theory, I decided to build my own environment... a fully isolated homelab guided by my custom GPTs acting as mentors, teachers, and ultimate glazers (which is why I need you all).
The goal: learn Linux, VLANs, SSH, virtualization, DNS, VPNs, servers, self-hosting, Raspberry Pis, Red & Blue teaming and AI workloads by actually doing it.
And since I apparently have no chill, I decided to document the whole thing publicly. This repo is that documentation... mistakes, fixes, learnings, and all. If it inspires someone else to build their own lab (or correct my configs), mission accomplished.
If you want to help, check out the CONTRIBUTING.md. Tips, PRs, and roast-level feedback are welcome.
-
Pi-hole (Pi Zero 2W) is online as my first local DNS resolver and ad-blocker.
-
Raspberry Pi 5 (Router) is prepped with OpenWrt and now equipped with a
🔹 Waveshare Dual Gigabit Ethernet HAT — this turns the Pi into a true edge router with three physical NICs:Interface Role Description eth0WAN Connects to Xfinity XB8 (Internet uplink) eth1LAN trunk Connects to NETGEAR GS310TP for VLAN-tagged traffic eth2Optional Reserved for management, mirror, or DMZ use This upgrade eliminates the Pi’s single-NIC bottleneck and allows real Layer 3 segmentation — physical WAN separation, VLAN trunking, and traffic mirroring to my Suricata sensor.
The repo currently has some empty directories (placeholders), but the structure is laid out for future expansions and labs.
| Device | Specs | Role |
|---|---|---|
| Raspberry Pi 5 (CanaKit) | 8 GB RAM, NVMe SSD, Waveshare Dual GbE HAT | OpenWrt Router and Firewall |
| Dell Latitude 7420 | Intel i7-1185G7, 32 GB RAM, 1 TB NVMe | Infrastructure and Monitoring Node |
| Dell Latitude 5430 | Intel i5-1235U, 32 GB RAM, 512 GB NVMe | Pentest and C2 Sandbox |
| ASUS ROG Strix G533QS | AMD Ryzen 9 5900HX, 16 GB RAM, RTX 3080 | AI and ML Workload Node |
| Raspberry Pi Zero 2W | 512 MB RAM | Backup DNS (Pi-hole) |
| NETGEAR GS310TP | 10-Port Gigabit PoE+, 55W | VLAN Switch and Network Core |
| TP-Link EAP610 | AX1800 WiFi 6, PoE+ | Guest and IoT Wireless Access |
| Xfinity XB8 | DOCSIS 3.1 Gateway | WAN Uplink in Bridge Mode |
+----------------------+
| Internet (WAN) |
| Xfinity XB8 Modem |
+----------+-----------+
|
v
+-------------------+
| Pi 5 (OpenWrt) |
| Edge Router |
+---------+---------+
|
v
+-------------------+
| NETGEAR GS310TP |
| Managed Switch |
+---------+---------+
|
--------------------------------------------------------------------------
| | | | | |
v v v v v v
+----------+ +----------+ +----------+ +----------+ +----------+ +----------+
| VLAN1 | | VLAN10 | | VLAN11 | | VLAN20 | | VLAN30 | | VLAN50 |
| Mgmt | | Servers | | AI | | Pentest | | IoT | | Guest |
+----------+ +----------+ +----------+ +----------+ +----------+ +----------+
| | | | | |
v v v v v v
+----------+ +----------+ +----------+ +----------+ +----------+ +----------+
| Dell | | Pi Zero | | ASUS ROG | | Dell | | IoT | | AP WiFi |
| 7420 | | 2W DNS | | Workloads| | 5430 | | Devices | | Guest SSID|
| Infra + | | Backup | | AI Lab | | Pentest | | (Smart) | | |
| Monitoring| | Pi-hole | | | | Sandbox | | | | |
+----------+ +----------+ +----------+ +----------+ +----------+ +----------+
+-------------------+
| VPS (WireGuard) |
| Reverse Proxy |
+-------------------+
This is where things are headed:
- Pi 5 (Edge Router): OpenWrt + Dual GbE HAT = VLAN gateway, firewall, WireGuard hub
- Dell 7420 (Server VLAN): Pi-hole (Docker), Netdata, Grafana, Vector logging, Traefik reverse proxy, Suricata IDS
- Dell 5430 (Pentest VLAN): Mythic/Sliver C2, snapshot-based pentest VMs, contained attack sandbox
- ASUS ROG (AI VLAN): GPU workloads, Docker/Nix/Podman AI labs
- Pi Zero 2W: lightweight backup DNS and automation hooks
- VPS: WireGuard gateway and reverse proxy to securely expose public services
Everything talks over VLANs with strict access rules and mirrored traffic for visibility. Nothing touches Management (VLAN1) or Servers (VLAN10) without explicit rules.
hacktuah-lab/
├── ai_lab/ # ASUS ROG workloads, ML experiments
├── monitoring/ # Suricata, Grafana, Netdata, Vector
├── openwrt/ # Edge router config, UCI files
├── pentest/ # Mythic/Sliver, attack lab, contained
├── pihole/ # Pi-hole DNS, Unbound configs
├── switch/ # GS310TP VLAN setup, mirror ports
├── storage/ # Nextcloud, Syncthing, backup scripts
├── vps/ # WireGuard and reverse proxy configs
├── labs/ # Step-by-step lab exercises
├── CONTRIBUTING.md # How to help and make suggestions
└── README.md # You are reading itEach subfolder has its own README, config samples, and lab exercises. Most are empty for now, but they will fill up as I build.
See pihole README
This repo is both my documentation and a learning artifact. I am building everything out loud so that:
- I have a record of what I did (and what broke)
- Others can learn from my chaos and maybe improve it
- The community can suggest better practices and help me level up
If you spot something dumb, or have a smarter way to handle it, open a PR or issue. I am new to this and learning fast.
All sensitive data has been scrubbed:
- Hostnames, IPs, and usernames are placeholders
- No keys, secrets, or credentials live here
- Anything that looks like a real IP is not
You can use the ideas, configs, and diagrams as references, but do not copy-paste blindly into your own network unless you know what you are doing cause I surely don't.
This project is my hands-on path to understanding infrastructure, security, and system design. It is messy, iterative, and deeply satisfying.
The repo will grow as I add more devices, containers, and labs. Right now, the foundation is being poured. The next commits will bring VLANs, logging, and my router to life.
So yeah, welcome to the Closet Lab. Pull up a chair or yoga ball, watch me break stuff, and maybe learn a thing or two in the process.
Made with love by Ayla and Chat Gippity ❤️