The current state of the Homelab.

Hardware

Machine Role
Lenovo ThinkCentre M900 Tiny, Intel Core i5 6500T 2.5 GHz, 32GB RAM, 480GB SSD, Gigabit Ethernet Proxmox 1
Lenovo ThinkCentre M900 Tiny, Intel Core i5 6500T 2.5 GHz, 32GB RAM, 960GB SSD, Gigabit Ethernet Proxmox 2
TLSense 2980U, Intel Celeron 2980U 1.60 GHz, 4GB RAM, 16GB SSD, 2x Gigabit Ethernet, 4x SFP OPNsense
TP-Link TL-SG108E Switch

Networking

Physical

graph TB
  subgraph switch[Switch]
    port_1["Port 1 - Uplink"]
    port_2["Port 2  - Trunk"]
    port_3["Port 3  - Trunk"]
  end

  router[OPNsense]-->port_1
  port_2-->proxmox_1[Proxmox 1]
  port_3-->proxmox_2[Proxmox 2]

VLAN

Usage Tag IP range Gateway
Proxmox management network 2 10.0.2.0/24 10.0.2.1
K3s/MetalLB 3 10.0.3.0/24 10.0.3.1

Software

Proxmox

Proxmox is the OS used for all virtualization hosts, I’ve used it since the start of 2023 (post). Combined with Terraform, cloud-init and VM templates I can define VMs using IaC and configure them using Ansible without any manual steps required.

OPNsense

OPNsense for routing, firewall, VLANs. Introduced in July 2023. Transitioning to OPNsense allowed me to clean up my network architecture significantly (post).

step-ca

step-ca is the Certificate Authority (CA) I run internally for certificate provisioning (post).

Combined with cert-manager and step-issuer it provides automatic provisioning of TLS certificates for all ingresses in the K3s cluster.

Proxmox hosts receive their TLS certificates by using the standalone step-ca service with the ACME protocol.

K3s

K3s is a lightweight Kubernetes distribution with batteries included. I originally started using it because my Homelab once ran on a cluster of Raspberry Pis. After transitioning to VMs I kept it.

MetalLB

MetalLB is a bare metal Load Balancer implementation for Kubernetes. Used for things like Traefik and step-ca.

Traefik

Traefik is the ingress-controller which ships with K3s by default. I haven’t yet found a reason to swap it out for something else.

ArgoCD

ArgoCD is used for GitOps for all things in the K3s cluster. It just works and replaced all of my various initial deployment-scripts.

Longhorn

Longhorn is used for replicated storage. I’ve used it since 2022. Backups are automated and stored offsite in S3-compatible Object Storage.

cert-manager

cert-manager is used in conjunction with step-ca to automatically provision certificates for Ingresses in K3s.

Grafana

Grafana is used for visualizing data from various sources, such as Loki, and Prometheus.

Loki

Loki is used for aggregating and storing logs from sources such as the K3s cluster.

Prometheus

Prometheus is used for gathering metrics from various sources, including the K3s cluster and Proxmox hosts.

Sealed Secrets

Sealed Secrets is used for encrypting secrets and storing them in Git.

step-issuer

step-issuer is compatible with cert-manager and issues step-ca certificates for ingresses in Kubernetes.

Velero

Velero is used for backing up all the cluster resources offsite in S3-compatible Object Storage.