Homelab

The homelab project provides a complete infrastructure for experimenting with enterprise-grade technologies, developing applications, and learning modern DevOps practices.

The foundation of this homelab consists of three physical machines connected through a professional-grade network infrastructure. The setup prioritizes high availability, energy efficiency, and quiet operation suitable for a home environment.

The Dell PowerEdge T330 serves as the primary compute node, while two Lenovo ThinkCentre M715Q mini PCs provide additional compute capacity in a compact form factor. All machines are connected through a Ubiquiti UDM PRO SE, which handles network management, VPN services, and advanced firewall capabilities.

Security and network segmentation are critical components of this homelab. The network architecture implements enterprise best practices with multiple VLANs for isolation, a DMZ for public-facing services, and VPN access for secure remote administration.

The design separates management traffic (Proxmox hosts, Dell iDRAC) from service traffic (K3S cluster, TrueNAS, Portainer), ensuring that administrative interfaces are never directly exposed. All external access is filtered through the firewall, and internal access to management systems requires VPN authentication via WireGuard.

The virtualization layer is built on a 3-node Proxmox VE cluster, providing high availability and resource pooling across all physical hosts. This configuration ensures that if one node fails, virtual machines automatically migrate to healthy nodes without service interruption.

Infrastructure as Code principles are applied using Terraform with the Proxmox Provider, allowing VM creation and configuration to be version-controlled and reproducible. Shared storage is provided by a TrueNAS SCALE VM, offering NFS and iSCSI protocols for VM disks and data storage. This architecture enables live migration of VMs between hosts and provides a solid foundation for the Kubernetes cluster running on top.

K3S, a lightweight Kubernetes distribution, forms the container orchestration layer of this homelab. The cluster features a highly available control plane with three master nodes synchronized through KubeVIP, which provides a virtual IP for seamless failover and load balancing of API server requests.

The entire cluster deployment is automated using Ansible playbooks, from initial node provisioning to K3S installation and configuration. Applications are deployed using Helm charts and managed through ArgoCD following GitOps principles—all application configurations are stored in Git repositories, and ArgoCD continuously synchronizes the desired state to the cluster. Longhorn provides distributed block storage for persistent volumes, while MetalLB enables LoadBalancer services on bare-metal, and Traefik handles ingress traffic and TLS termination.

The homelab implements modern CI/CD practices using GitOps methodology. Developed applications follow a structured pipeline from code commit to production deployment. This workflow ensures consistency, traceability, and enables rapid iteration while maintaining deployment standards.

Code changes pushed to Git repositories trigger CI pipelines that build container images and push them to a container registry. ArgoCD monitors Git repositories containing Helm chart configurations and automatically synchronizes any changes to the K3S cluster. This declarative approach means the cluster state always matches what’s defined in Git, providing a single source of truth. All deployments are automatically integrated with the observability stack, sending logs to Loki and metrics to Prometheus for comprehensive monitoring via Grafana dashboards.

Comprehensive observability is crucial for maintaining a complex infrastructure. The PLG stack (Prometheus, Loki, Grafana) provides end-to-end visibility into the entire homelab, from physical Proxmox hosts to containerized applications running in the K3S cluster.

Promtail agents collect logs from all sources and forward them to Loki for aggregation, while Prometheus scrapes metrics from exporters on every component. Grafana serves as the unified interface, combining logs and metrics in cohesive dashboards that provide real-time insights into system health and performance. UptimeKuma monitors service availability and provides status pages, while Rancher and OpenLens offer specialized Kubernetes cluster management interfaces for operational tasks.

The homelab hosts a diverse collection of self-hosted applications spanning authentication, media, productivity, databases, and network services. Each service is carefully selected to provide practical functionality while offering learning opportunities in system administration and cloud-native deployment.

Authentik serves as the central identity provider, enabling Single Sign-On (SSO) across all applications for streamlined authentication. High-availability database clusters (PostgreSQL and Redis) provide robust data persistence, while media services like Plex and PhotoPrism deliver personal streaming and photo management. Pi-hole offers network-wide ad blocking and DNS management, and management dashboards like Heimdall and Portainer simplify day-to-day operations across the entire infrastructure.

This homelab project provides hands-on experience with:

Potential areas for expansion:

This homelab serves as a comprehensive platform for learning modern infrastructure technologies, developing practical DevOps skills, and hosting personal applications in a professional-grade environment. The project demonstrates proficiency in virtualization, containerization, automation, and cloud-native technologies.