Homelab Network Setup
Design a home or homelab network with clear gateway, switch, AP, IP, DHCP, DNS, and growth path for VLANs, NAS, and VPN.
Overview
Homelab Network Setup is an agent skill most often used in Operate (also Build, Validate) that plans gateway, switching, Wi-Fi, IP, DHCP, DNS, and cabling for growable home and homelab networks.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill homelab-network-setupWhat is this skill?
- Separates modem/ONT, gateway, managed switch, access points, servers, and client/IoT roles in one diagram
- Compares ISP router vs UniFi gateway vs OPNsense/pfSense fit by operator skill, not feature lists alone
- Covers IP ranges, DHCP scopes, static reservations, and DNS for stable NAS and lab servers
- Plans ahead for VLANs, Pi-hole, NAS, lab servers, and VPN without full rebuild
- Troubleshoots double NAT, unstable Wi-Fi, and drifting server addresses on new installs
Adoption & trust: 1.2k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your home network is ISP-router-only, has double NAT or flaky Wi-Fi, and lab servers keep getting new DHCP addresses with no plan for VLANs or DNS.
Who is it for?
Solo builders self-hosting apps, NAS, or homelab VMs who want structured L2/L3 planning before buying gear or re-cabling.
Skip if: Enterprises needing formal CCIE-grade WAN designs, or developers who only deploy to managed cloud PaaS with no on-prem network.
When should I use this skill?
Planning a new home network, choosing gateway/switch/AP roles, designing IP and DHCP, preparing for VLANs or VPN, or troubleshooting double NAT and unstable Wi-Fi.
What do I get? / Deliverables
You get a role-separated topology, gateway choice aligned to your ops comfort, and stable IP/DNS design ready for NAS, Pi-hole, VLANs, or VPN later.
- Role-based network topology diagram
- IP range, DHCP scope, and reservation plan
- Gateway platform recommendation with growth notes for VLANs and VPN
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Primary shelf is operate/infra because the skill centers on running and evolving production-like home infrastructure, though planning often starts before lab services go live. Homelab networking is foundational infra—routing, addressing, and cabling—not application frontend or marketing work.
Where it fits
Decide whether self-hosting a SaaS prototype at home is viable before committing to cloud-only hosting.
Assign static reservations and internal DNS names before standing up API and database VMs on a NAS or NUC.
Redesign Wi-Fi with wired AP backhaul and segmented IoT VLAN without rebuying the entire switch fabric.
How it compares
Physical and logical home-network planning—not a cloud VPC IaC skill or Wi-Fi speed test script.
Common Questions / FAQ
Who is homelab-network-setup for?
Indie developers and homelab operators planning or redesigning home networks for self-hosted services, stable server DNS, and future segmentation.
When should I use homelab-network-setup?
Use in operate/infra when fixing unstable lab connectivity; in validate/scope when deciding if self-hosting is feasible; in build/backend when placing servers that need fixed IPs and internal DNS.
Is homelab-network-setup safe to install?
It is advisory planning content; review the Security Audits panel on this page and apply firewall and VPN hardening yourself before exposing homelab services.
SKILL.md
READMESKILL.md - Homelab Network Setup
# Homelab Network Setup Use this skill to design a home or small-lab network that can grow without needing a full rebuild. ## When to Use - Planning a new home network or redesigning an ISP-router-only setup. - Choosing gateway, switch, and access point roles. - Designing IP ranges, DHCP scopes, static reservations, and DNS. - Preparing for future VLANs, Pi-hole, NAS, lab servers, or VPN access. - Troubleshooting a new network that has double NAT, unstable Wi-Fi, or changing server addresses. ## How It Works Start by separating device roles: ```text Internet | Modem or ONT | Gateway or router NAT, firewall, DHCP, DNS, inter-VLAN routing | Managed switch wired clients, AP uplinks, optional VLAN trunks | Access points Wi-Fi only; ideally wired backhaul Servers and NAS stable addresses, DNS names, monitoring Clients and IoT DHCP pools, isolated later if VLANs are available ``` Pick a gateway that matches the operator, not just the feature checklist: | Option | Best fit | Notes | | --- | --- | --- | | ISP router | Basic internet only | Limited control and often poor VLAN support | | UniFi gateway | Managed home network | Good UI, ecosystem lock-in | | OPNsense or pfSense | Flexible homelab | Strong VLAN, firewall, VPN, and DNS control | | MikroTik | Advanced network users | Powerful, but easy to misconfigure | | Linux router | Tinkerers | Document rollback before using as primary gateway | ## IP Plan Avoid the most common default, `192.168.1.0/24`, when you expect to use VPNs. It often conflicts with hotels, offices, and ISP routers. ```text Example small homelab plan: 192.168.10.0/24 trusted clients 192.168.20.0/24 IoT and media devices 192.168.30.0/24 servers and NAS 192.168.40.0/24 guest Wi-Fi 192.168.99.0/24 network management Gateway convention: .1 Infrastructure reservations: .2 through .49 Dynamic DHCP pool: .50 through .240 Spare room: .241 through .254 ``` Use `home.arpa` for local names. It is reserved for home networks and avoids the leakage/conflict problems of ad hoc names like `home.lan`. ```text nas.home.arpa pihole.home.arpa gateway.home.arpa switch-01.home.arpa ``` ## DHCP And DNS - Use DHCP reservations for anything you SSH into, bookmark, monitor, or expose as a service. - Hand out the gateway as DNS until a local resolver is intentionally deployed. - If using Pi-hole or another DNS filter, give it a reservation first, then point DHCP DNS options at that address. - Keep a small static/reserved range per subnet so replacements do not collide with dynamic leases. ## Cabling And Wi-Fi - Prefer wired AP backhaul over mesh when you can run Ethernet. - Use a PoE switch for APs and cameras if the budget allows it. - Label both ends of each cable and keep a simple port map. - Put the gateway, switch, DNS server, and NAS on UPS power if outages are common. ## Examples ### Beginner Upgrade Goal: Keep the ISP router but stabilize a small lab. 1. Set DHCP reservations for NAS, Pi, and any SSH hosts. 2. Move local names to `home.arpa`. 3. Disable duplicate DHCP servers on secondary routers or APs. 4. Wire the main AP instead of relying on wireless backhaul. ### VLAN-Ready Plan Goal: Prepare for future segmentation without enabling it immediately. 1. Choose non-overlapping /24 ranges for trusted, IoT, servers, guest, and management. 2. Reserve .1 for the gateway and .2-.49 for infrastructure on every subnet. 3. Buy a gateway and switch that support VLANs and inter-VLAN firewall rules. 4. Document which SSIDs and switch ports will eventually map to each network. ## Anti-Patterns - Double NAT without a reason or documentation. - Using `192.168.1.0/24` when VPN access is planned. - Dynamic addresses for NAS, Pi-hole, Home