Your Homelab Is More Exposed Than You Think
You're running Proxmox with 15 VMs and 30 Docker containers. Nextcloud, Jellyfin, Home Assistant, Vaultwarden, Gitea, maybe a Minecraft server for the kids. You've got a reverse proxy (Traefik or nginx proxy manager) pointing a wildcard domain at your home IP.
You've also got zero security monitoring. No IDS, no file integrity monitoring, no brute-force detection, no injection protection. Your Vaultwarden instance — which stores every password you own — is protected by a Let's Encrypt cert and whatever rate limiting Traefik provides by default (which is none).
The homelab community is incredible at building infrastructure and terrible at securing it. That's not a criticism — it's a time and tooling problem. Enterprise security tools cost thousands and require dedicated staff. Until now, there wasn't a good option for the self-hoster who wants real security without the enterprise price tag.
What 1-SEC Protects in a Homelab
Run 1-SEC on your Proxmox host, your Unraid server, or as a Docker container alongside your stack.
Reverse Proxy and Web Service Protection
Every service behind your reverse proxy gets injection protection, rate limiting, and API security automatically. SQL injection attempts against your Gitea instance, XSS probes against your Nextcloud, brute-force attacks against your Vaultwarden — all caught by the Injection Shield and Auth Fortress without configuring anything per-service.
Container and VM Monitoring
The Runtime Watcher monitors for container escapes, suspicious process execution, and file integrity changes across your Docker containers and VMs. If a compromised container tries to access the Docker socket, mount the host filesystem, or execute unexpected binaries, you get an alert.
Network Intrusion Detection
The Network Guardian watches traffic patterns across your homelab network. Port scans from the internet, lateral movement between VMs, DNS tunneling attempts, and C2 beaconing from a compromised container — all detected and alerted. This is the IDS that homelabbers have been missing.
IoT Device Monitoring
If your Home Assistant is managing smart home devices, those devices are on your network. The IoT Shield monitors for default credentials on IoT devices, protocol anomalies from smart home gear, and firmware integrity. Your smart thermostat shouldn't be making outbound connections to unknown IPs at 3 AM.
Deployment Options for Homelabs
Option 1 — Direct install on Proxmox/Unraid host: curl -fsSL https://1-sec.dev/get | sh 1sec up
Option 2 — Docker container alongside your stack: Add to your docker-compose.yml and it monitors the entire Docker network.
Option 3 — Dedicated LXC/VM on Proxmox: Spin up a lightweight Debian LXC, install 1-SEC, and point it at your network. Uses about 50MB RAM and minimal CPU.
The privacy angle matters for homelabbers: 1-SEC runs entirely locally. No cloud account required, no telemetry, no data leaves your network. The AI analysis features are opt-in and use your own Gemini API key. Everything else runs offline, on your hardware, under your control. That's the whole point of self-hosting, and 1-SEC respects it.
Alerting for Homelabbers
Most homelabbers already have a notification stack — Gotify, ntfy, Apprise, or just a Discord server. 1-SEC's webhook support sends alerts to any HTTP endpoint. Point it at your Gotify instance or Discord webhook and you get real-time security alerts on your phone.
For the Grafana crowd: 1-SEC exports JSON data that you can ingest into your existing monitoring stack. Alerts in Grafana, events in Loki, dashboards showing attack patterns over time. It fits into the homelab ecosystem instead of demanding its own separate management interface.