Homelab
The current state of the Homelab.
Hardware
Selection of hardware is inspired by Project TinyMiniMicro.
| Machine | Role |
|---|---|
| Lenovo ThinkCentre M900 Tiny, Intel Core i5 6500T 2.5 GHz, 32GB RAM, 480GB SSD, Gigabit Ethernet | Proxmox host 1 |
| Lenovo ThinkCentre M900 Tiny, Intel Core i5 6500T 2.5 GHz, 32GB RAM, 960GB SSD, Gigabit Ethernet | Proxmox host 2 |
| HP EliteDesk G5 705, AMD Ryzen 5 PRO 3400G 3.7 Ghz, 64GB RAM, 240GB SSD, 1TB NVME, Gigabit Ethernet | Proxmox host 3 |
| TLSense 2980U, Intel Celeron 2980U 1.60 GHz, 4GB RAM, 16GB SSD, 2x Gigabit Ethernet, 4x SFP | OPNsense |
| TP-Link TL-SG108E | Switch |
Networking
Physical
graph TB
subgraph switch[Switch]
port_1["Port 1 - Uplink"]
port_2["Port 2 - Trunk"]
port_3["Port 3 - Trunk"]
port_7["Port 7 - Trunk"]
end
router[OPNsense]-->port_1
port_2-->proxmox_1[Proxmox host 1]
port_3-->proxmox_2[Proxmox host 2]
port_7-->proxmox_3[Proxmox host 3]
VLAN
| Usage | Tag | IP range | Gateway |
|---|---|---|---|
| Proxmox management network | 2 |
10.0.2.0/24 |
10.0.2.1 |
| K3s/MetalLB | 3 |
10.0.3.0/24 |
10.0.3.1 |
| GitHub Actions Runners | 7 |
10.0.7.0/24 |
10.0.7.1 |
Software
Proxmox
Proxmox is the OS used for all virtualization hosts, I’ve used it since the start of 2023 (post). Combined with Terraform, cloud-init and VM templates I can define VMs using IaC and configure them using Ansible without any manual steps required.
The setup is clustered so VMs can be migrated between hosts:
graph LR
subgraph cluster[Datacenter: pve-cluster-1]
pve2
pve3
pve4
end
subgraph pve2[Node: pve2]
vm1[VM 1]
vm2[VM 2]
end
subgraph pve3[Node: pve3]
vm3[VM 3]
vm4[VM 4]
end
subgraph pve4[Node: pve4]
vm5[VM 5]
end
OPNsense
OPNsense for routing, firewall, VLANs. Introduced in July 2023. Transitioning to OPNsense allowed me to clean up my network architecture significantly (post).
step-ca
step-ca is the Certificate Authority (CA) I run internally for certificate provisioning (post).
Combined with cert-manager and step-issuer it provides automatic provisioning of TLS certificates for all ingresses in the K3s cluster.
Proxmox hosts receive their TLS certificates by using the standalone step-ca service with the ACME protocol.
K3s
K3s is a lightweight Kubernetes distribution with batteries included. I originally started using it because my Homelab once ran on a cluster of Raspberry Pis. After transitioning to VMs I kept it.
MetalLB
MetalLB is a bare metal Load Balancer implementation for Kubernetes. Used for things like Traefik and step-ca.
Traefik
Traefik is the ingress-controller which ships with K3s by default. I haven’t yet found a reason to swap it out for something else.
ArgoCD
ArgoCD is used for GitOps for all things in the K3s cluster. It just works and replaced all of my various initial deployment-scripts.
Longhorn
Longhorn is used for replicated storage. I’ve used it since 2022. Backups are automated and stored offsite in S3-compatible Object Storage.
cert-manager
cert-manager is used in conjunction with step-ca to automatically provision certificates for Ingresses in K3s.
Grafana
Grafana is used for visualizing data from various sources, such as Loki, and Prometheus.
Loki
Loki is used for aggregating and storing logs from sources such as the K3s cluster.
Prometheus
Prometheus is used for gathering metrics from various sources, including the K3s cluster and Proxmox hosts.
Sealed Secrets
Sealed Secrets is used for encrypting secrets and storing them in Git.
step-issuer
step-issuer is compatible with cert-manager and issues step-ca certificates for ingresses in Kubernetes.
Velero
Velero is used for backing up all the cluster resources offsite in S3-compatible Object Storage.