Curriculum · grounded in your 2026-06-15 audit

Homelab Resilience & Security

From a working stack to a rock-solid one — and the vocabulary to run real infrastructure.

1. Done Lesson 1 · The 3-2-1 Rule RPO/RTO, backup vs redundancy, and your first working vzdump job. ✓ Nightly job created (all 13 guests) + test archive proven.
2. Start here Lesson 2 · The Fire Drill Restore the Prowlarr archive to a throwaway guest, time it, tear it down — turn an untested backup into a measured RTO.
3. Next Lesson 3 · Default-Deny at the Edge Turn on the disabled host firewall; read every open port and justify or close it (rpcbind, the management plane).
4. Planned Lesson 4 · Identity & Least Privilege Kill root password login, go key-only, add brute-force defence.
5. Planned Lesson 5 · Blast Radius Why the privileged Transmission container is your biggest containment risk — and how to shrink it.
6. Planned Lesson 6 · Vulnerability Management Patch cadence, security-only auto-updates, reading CVEs. (174 pending, 42 security.)
7. Planned Lesson 7 · Observability & Capacity Single-disk risk, monitoring, and the capacity headroom problem on 4 cores.

Reference

📋 Audit findings (2026-06-15) 📖 Glossary 🎯 Mission