Welcome to the lab!

Congratulations, you’re viewing this on the hugo-7787dd84d9-7r42q Pod!

All my in-home infrastructure, services, and nearly all my hobbies run on my homelab. I’ve spent a long time getting it how I like it and it’s gone through a whole slew of complete teardowns and rebuilding. This is primarly how I learned my entire trade before being hired to work in a small IT department that lead to success I have now.

There is an additional external cloud VM running UptimeKuma that monitors external connections and is connected via a Wireguard Site-to-Site VPN mesh to monitor internal services as well.

The above diagram shows the basic network diagram and service layout that’s currently running. Well, it will when it’s there. Probably.

Infrastructure Rules

All my infrastructure has two rules:

  • They all have to obey my chosen Hostname Naming Scheme. No exceptions.
  • As much as possible, everything should be controlled via Terraform.

Hostnames follow these patterns:

  • Physical network infrastructure: Named after planets in the Lylat system from the Star Fox games
  • Physical compute infrastructure: Named after either a Forgotten Realms D&D diety or in the case of the hypervisor nodes, the two planes of the world that makes up much of the D&D content we know and love.
  • Workstations, desktops, laptops: Named after characters from the Borderlands games.

Network Infrastructure

TBD

Compute Infrastructure

Nearly everything runs on my three node Proxmox cluster. For high availability, these nodes store the VM disks over NFS to one of my two TrueNAS machines running in zfs mirrored stripe.

There is a secondary TrueNAS machine that acts as minio S3 storage backend for Loki cluster logging and also acts as the backend for my NFS Kubernetes StorageClass I use for provisioning VolumeClaimTemplates on my Talos cluster.

Speaking of the cluster, the vast majority of Proxmox’s use is to run a three control plane, five worker Talos Linux Kubernetes cluster. One of the control nodes is run on a small form factor machine up in my office just in cae the Proxmox cluster drops off the face of the earth, at least etc will be intact.

TrueNAS Boxes

  • shar - Dell PowerEdge R630, runs VM disk storage
  • selune - Dell PowerEdge R510, runs NFS PVC backend storage and S3 minio storage

Compute Boxes

  • ao: Proxmox Cluster node, Dell PowerEdge R630
  • toril: Proxmox Cluster node, Dell PowerEdge R630
  • abeir: Proxmox Cluster node, Dell PowerEdge R630

Misc Physical Boxes

  • There is a single SFF machine sitting on top of my desk that acts as the third control plane node for the Talos cluster.
  • Additional SFF machine with all manner of USB stuff plugged in that acts as my Home Assistant box and runs all the automation in the house.

Services

These are some of core services that my homelab serves that I use every day:

  • Vaultwarden (used with Bitwarden clients) as a central password vault for any secret I need. All the clients on my devices keep offline copies of the vault, so there’s little chance of losing all of the data as long as one of them is intact.
  • Home Assistant which controls nearly every aspect of my home from lights, to locks, to the alarm system, to even tracking the family’s devices and their distance from home. This thing basically runs my home life.
  • Kanidm which is a wonderful Identity Management platform. It’s simple and built in Rust. I hang out in their dev channels and they really seem like they care a lot about integry and security. I maintain Helm charts for this one and it’s really been awesome to watch it grow. I moved to this from FreeIPA whenever that got untenable to continue maintaining.
  • Technitium DNS is running all my local DNS. Not really sure there’s much else to say there. External DNS on the cluster uses this and RFC2136 integration to automatically provision new CNAME records for my in-home domain based on Kubernetes Service annotations.
  • Gitea for local hosting of stuff I really don’t care to be on a public platform. This site’s source is one of those things!
  • Harbor is my local Docker registry. It’s been pretty nice to use and I don’t really have any complaints.
  • Nextcloud which is used for pretty much all central document, file, picture, anything digital storage.

Some other non-essential, but equally cool, things are:

  • This site! This site is built on th Hugo static site generation engine. The source lives in the local Gitea instance and uses the Gitea Actions runners to build and deploy a static site container to the cluster on updates to the repository.
  • Netbox which is a nifty little software for IPAM and network source of truth/diagraming/documentation. Really great for when I forget where something is or which R630 is “abeir” and need to know what RU that particular hostname represents in the rack.
  • Linkwarden for central bookmark storage. Using this to sync bookmarks from my desktop and laptop all up to the same central place is really nice.
  • Tofutf This is something I’m still playing with a bit, but it mimics what I would call the basic functionality of Terraform Enterprise on-prem. It’s open source and it’s great for state storage and using the cluster as Terraform runners.
  • Bluesky PDS is running my identity for Bluesky. I’d like to see them get a frontend I can host as well, but for now I’m quite satisfied federating my identity server for my @k8ekat.dev identity.
  • External Secrets Provider Using this to pull secrets from Bitwarden and set them as Kubernetes Secrets for use by cluster applications. This allows to keep things like my Postgresql admin password synced in one place.
  • Media Server and *arr Stack This is self-explanatory if you’re into the media collection scene. I’m runing Jellyfin for playing media and the whole *ARR stack behind it for media organization.