Architecting a Resilient, Zero-Trust Security SOC & Automation Stack on Legacy Hardware (Dell OptiPlex 3020 Micro)

​🏛️ CASE STUDY: The Lean Enterprise Micro-Datacenter

​1. Executive Summary

​This case study documents the design and deployment of a full-stack Infrastructure and Security Operations Center (SOC) on a resource-constrained Dell OptiPlex 3020 Micro (i3 CPU). By leveraging LXC containerization, custom Python middleware, and Infrastructure as Code (IaC), the project achieves enterprise-grade observability and zero-data-loss resilience while maintaining a remarkably low resource footprint (~10.5% average CPU usage).

​2. The Infrastructure Profile (The Constraints)

• ​Hardware: Dell OptiPlex 3020 Micro (Intel Core i3, 16GB RAM, 500GB SSD).
• ​Networking: MikroTik hEX r3 (Backbone).
• ​Hypervisor: Proxmox VE 8.x.
• ​Objective: Host 10+ critical services (Wazuh SIEM, n8n Orchestration, Zabbix Monitoring, Home Assistant, and custom AI UI) on a dual-core platform without compromising stability.

​3. The Logical Architecture (Sapper-Ranger Design)

​A. Network & Perimeter (The Gatekeeper)

• ​MikroTik hEX r3: Acts as the Command Post, handling VLAN segmentation and Layer 3 isolation. It separates the "Home IoT" from the "Production Lab" network.
• ​AdGuard Home: Serves as the first line of defense, intercepting DNS requests to block trackers and malware before they enter the internal network.
• ​RaptorCache: Implemented as a transparent HTTP cache to optimize bandwidth and reduce disk I/O for repetitive package downloads and updates.

​B. Access & Security (The Zero-Trust Layer)

• ​Tailscale Relay Node: Instead of multiple VPN clients, Tailscale is deployed at the Proxmox Host level as a Subnet Router. This creates a secure, encrypted mesh tunnel for all 10.0.x.x internal nodes with zero open ports on the WAN.
• ​Suricata v7: Integrated for real-time network intrusion detection (IDS), feeding telemetry into the SIEM.

​C. The Resilient Middleware (The "Circuit Breaker")

​To address potential Wazuh API crashes due to CPU/Disk spikes on the i3 hardware, a custom Python/SQLite Bridge was engineered:

• ​Standard Flow: Python script receives logs -> Pushes to Wazuh API.
• ​Failover Logic: Upon an API timeout or crash, the script instantly buffers JSON payloads into a local SQLite database on the home-syslog node.
• ​Auto-Recovery: A background worker monitors API health and "replays" the SQLite cache back to Wazuh once service is restored, ensuring 100% data integrity.

​4. The Service Fleet (LXC Micro-Segmentation)

​Using LXC instead of full VMs allowed for extreme resource density. The fleet includes:

1. ​home-iac: Semaphore/Ansible for automated configuration management.
2. ​home-protection: Wazuh SIEM for security monitoring and endpoint protection.
3. ​home-n8n: The automation brain, running complex JavaScript-based data transformations.
4. ​home-monitor: Zabbix handling granular telemetry from the MikroTik router and all nodes.
5. ​home-automation: Home Assistant for hardware monitoring (UPS, Temperature, Power).

​5. Observability & Visual Intelligence

• ​The Heartbeat: An n8n workflow runs every 7:00 AM, correlating internal Zabbix metrics with external ISP health via a GitHub Heartbeat sync.
• ​Reporting: A compiled status report is generated and delivered via Gmail SMTP, providing a "fresh" overview of the infrastructure before the workday begins.
• ​Tactical Dashboard: A Magic Mirror interface acts as the primary screensaver for the workstation, pulling real-time alerts from Home Assistant and Zabbix for immediate situational awareness.

​6. Project Results (The Proof of Concept)

• ​Efficiency: Successfully manages 10+ operational nodes on a dual-core i3 with an average CPU load of ~10.45%.
• ​Resilience: The Python/SQLite middleware provides a "graceful degradation" path, preventing log gaps during system maintenance or API instability.
• ​Scalability: The use of Infrastructure as Code (IaC) via Semaphore allows for the entire environment to be rebuilt or scaled with a single command.

​7. Professional Value

​This architecture represents the intersection of Infrastructure Engineering and Site Reliability Engineering (SRE).

• ​Skillset Demonstrated: Linux Systems Administration, Network Engineering (MikroTik), Python/JS Development, Security Integration (SIEM), and Cloud-Native Orchestration (n8n/Ansible).