If you want a cheap homelab that can run real workloads, you can do it for about 500 bucks. A modern Ryzen Mini-PC with 32GB of RAM is enough to host a serious lab. You can run Linux servers, Docker, Kubernetes, security tooling, and full Windows environments.
To prove the point, we will push it hard.
1. The Build
This is the class of hardware that makes this possible.
- Ryzen 7 Mini-PC
- CPU: AMD Ryzen 7 7735HS
- 8 cores, 16 threads
- RAM: 32GB minimum
- Storage: 1TB NVMe SSD
- Cost: Roughly 450–550 USD depending on sales
This form factor is quiet, power efficient, and fast enough to matter.
2. Proxmox
Install Proxmox VE 8.x directly on the hardware.
Proxmox gives you:
- KVM for Linux and Windows
- LXC for lightweight services
- Snapshots and backups
- LVM-thin storage for copy-on-write disks
Out of the box, Proxmox splits storage:
- Small root filesystem
- Large LVM-thin pool called
local-lvm
Repository Setup
If you are not using an enterprise subscription:
rm /etc/apt/sources.list.d/pve-enterprise.list
echo "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription" \
> /etc/apt/sources.list.d/pve-no-subscription.list
apt update && apt upgrade -y
3. Ludus
Ludus is what turns Proxmox from “hypervisor” into “lab platform.”
Install it:
curl -s https://ludus.cloud/install | bash
On first run, Ludus asks where to store virtual machines.
- Default:
local - Correct choice:
local-lvm
If you leave it on local, large labs will fail. Root does not have the space. local-lvm does.
4. Building Templates
Ludus uses Packer to build base images. Windows ISOs must already be uploaded to Proxmox.
Add templates:
ludus templates add -d win2016-server-x64
ludus templates add -d win2019-server-x64
Build them:
ludus templates build
On a 32GB system:
- Build one template at a time.
- Parallel builds will OOM the host.
- Swap activity is expected.
5. GOAD
Now we stress the system.
GOAD deploys multiple Windows domain controllers, member servers, trusts, and attack paths. It is intentionally heavy.
Disk Space
GOAD checks for 120GB of free space on /.
On this system, the space is in local-lvm, not root.
Even with 800GB free, the install will fail.
Workaround
Edit the GOAD disk check.
nano ~/GOAD/goad/command/cmd.py
Change:
if free_disk_gb < min_disk_gb:
To:
if False:
This bypasses a root only check and allows disks to land in local-lvm, where the space actually exists.
6. Deploying GOAD
cd ~/GOAD
./goad.sh -p ludus
Inside GOAD:
set_lab GOAD
check
install
Expect:
- Long install times
- High memory pressure
- Occasional retries during domain promotion
7. Add Kali to the GOAD Lab (Ludus-Managed)
Confirm the Kali template exists
ludus templates list | grep kali
You should see kali-x64-desktop-template with BUILT = TRUE.
Grab your GOAD user
python3 goad.py
statusExport the current GOAD range config
This gives you a local YAML you can edit.
ludus --user GOADUSER range config get -f goad_kali.yml
Edit goad_kali.yml and add the Kali VM block
Open the file:
nano goad_kali.yml
Append this at the bottom of the VM list:
- vm_name: "{{ range_id }}-kali"
hostname: kali
template: kali-x64-desktop-template
vlan: 10
ip_last_octet: 210
ram_gb: 2
cpus: 2
linux: true
Notes:
- VLAN 10 keeps Kali in the same network as the Windows hosts.
- No
network:rules needed for same-VLAN traffic. - 2GB RAM keeps a 32GB Proxmox host stable.
Save and exit.
Push the updated config back into Ludus
ludus --user <GOADUSER> range config set -f goad_kali.yml
Deploy only the VM layer
ludus --user <GOADUSER> range deploy -t vm-deploy
Watch the deployment logs
ludus --user <GOADUSER> range logs -f
Wait for a clean success.
8. Accessing the Lab with WireGuard
Ludus generates a WireGuard configuration automatically.
ludus user wireguard | tee lab.conf
Import it into your WireGuard client.
You now have routed access into the lab network for testing attacks.
SSH into Kali
ssh kali@10.3.10.210
0 Comments