The current state of the Homelab.


Machine Role
Lenovo ThinkCentre M900 Tiny, Intel Core i5 6500T 2.5 GHz, 32GB RAM, 480GB SSD, Gigabit Ethernet Proxmox 1
Lenovo ThinkCentre M900 Tiny, Intel Core i5 6500T 2.5 GHz, 32GB RAM, 960GB SSD, Gigabit Ethernet Proxmox 2
TLSense 2980U, Intel Celeron 2980U 1.60 GHz, 4GB RAM, 16GB SSD, 2x Gigabit Ethernet, 4x SFP OPNsense
TP-Link TL-SG108E Switch



graph TB
  subgraph switch[Switch]
    port_1["Port 1 - Uplink"]
    port_2["Port 2  - Trunk"]
    port_3["Port 3  - Trunk"]

  port_2-->proxmox_1[Proxmox 1]
  port_3-->proxmox_2[Proxmox 2]


Usage Tag IP range Gateway
Proxmox management network 2
K3s/MetalLB 3



Proxmox is the OS used for all virtualization hosts, I’ve used it since the start of 2023 (post). Combined with Terraform, cloud-init and VM templates I can define VMs using IaC and configure them using Ansible without any manual steps required.


OPNsense for routing, firewall, VLANs. Introduced in July 2023. Transitioning to OPNsense allowed me to clean up my network architecture significantly (post).


step-ca is the Certificate Authority (CA) I run internally for certificate provisioning (post).

Combined with cert-manager and step-issuer it provides automatic provisioning of TLS certificates for all ingresses in the K3s cluster.

Proxmox hosts receive their TLS certificates by using the standalone step-ca service with the ACME protocol.


K3s is a lightweight Kubernetes distribution with batteries included. I originally started using it because my Homelab once ran on a cluster of Raspberry Pis. After transitioning to VMs I kept it.


MetalLB is a bare metal Load Balancer implementation for Kubernetes. Used for things like Traefik and step-ca.


Traefik is the ingress-controller which ships with K3s by default. I haven’t yet found a reason to swap it out for something else.


ArgoCD is used for GitOps for all things in the K3s cluster. It just works and replaced all of my various initial deployment-scripts.


Longhorn is used for replicated storage. I’ve used it since 2022. Backups are automated and stored offsite in S3-compatible Object Storage.


cert-manager is used in conjunction with step-ca to automatically provision certificates for Ingresses in K3s.


Grafana is used for visualizing data from various sources, such as Loki, and Prometheus.


Loki is used for aggregating and storing logs from sources such as the K3s cluster.


Prometheus is used for gathering metrics from various sources, including the K3s cluster and Proxmox hosts.

Sealed Secrets

Sealed Secrets is used for encrypting secrets and storing them in Git.


step-issuer is compatible with cert-manager and issues step-ca certificates for ingresses in Kubernetes.


Velero is used for backing up all the cluster resources offsite in S3-compatible Object Storage.