Homelab

This homelab exists for one reason: learning. It runs a production-grade Kubernetes cluster on commodity hardware at home — intentionally overengineered for the sake of understanding how the pieces fit together. Everything from bare-metal provisioning to GitOps, secrets management, and DNS automation is real infrastructure running real workloads. Not because it needs to be this complex, but because that's where the learning happens.

Hardware

Hosts

Host Hardware RAM Role
pve1 HP Microserver G8 16 GB Proxmox hypervisor
pve2 HP Microserver G8 8 GB Proxmox hypervisor
pve3 Intel NUC i7 64 GB Proxmox hypervisor
bare-metal1 Dell Optiplex 3080 16 GB Bare-metal Talos worker
bare-metal2 Dell Optiplex 3080 16 GB Bare-metal Talos worker
NAS Synology DS2415+ NFS storage

Nodes

Name Host RAM Function
plex pve1 6 GB Plex Media Server (GPU passthrough)
homeassistant pve1 4 GB Home Assistant (Zigbee passthrough)
talos-control-plane-1 pve2 4 GB Kubernetes control-plane
talos-control-plane-2 pve1 2 GB Kubernetes control-plane
talos-control-plane-3 pve3 4 GB Kubernetes control-plane
talos-worker-1 pve3 16 GB Kubernetes worker
talos-worker-2 pve3 16 GB Kubernetes worker
talos-worker-3 pve3 16 GB Kubernetes worker (media workloads)
talos-worker-4 bare-metal1 16 GB Kubernetes worker (bare-metal)
talos-worker-5 bare-metal2 16 GB Kubernetes worker (bare-metal)

Network (VLANs)

VLAN Name Subnet
10 Home 10.0.10.0/24
60 Servers / Proxmox 10.0.60.0/24
70 IoT 10.0.70.0/24
80 Kubernetes / Talos 10.0.80.0/24
99 Management native untagged

Kubernetes Cluster RAM

90 GB
Total cluster RAM
8
Nodes
80 GB
Worker capacity
10 GB
Control-plane capacity
Control-plane Worker (VM) Worker (bare-metal)
talos-control-plane-1
4 GB
talos-control-plane-2
2 GB
talos-control-plane-3
4 GB
talos-worker-1
16 GB
talos-worker-2
16 GB
talos-worker-3
16 GB
talos-worker-4
16 GB
talos-worker-5
16 GB

Physical host allocation

Allocated Available
pve1 16 GB
12 GB
pve2 8 GB
4 GB
pve3 64 GB
52 GB
bare-metal1 16 GB
16 GB
bare-metal2 16 GB
16 GB

Kubernetes Cluster

Distribution

Talos Linux v1.12.6

Kubernetes

v1.35.2

CNI

Cilium 1.19.2
kube-proxy replacement, Ingress, L2 announcements

GitOps

FluxCD

Secrets

SOPS + Age

Storage

democratic-csi with NFS
Synology DS2415+

GitOps flow

Git push
GitHub
FluxCDpolls every 10m
SOPS decryptAge key
Kubernetes API
Deployed

Architecture

External traffic

Internet
CloudflareDNS + proxy
Cloudflaredencrypted tunnel
Cilium Ingress10.0.80.101
App

Internal DNS resolution

Device
AdGuard DNSvia DHCP
*.hoite.nlExternalDNS record
Cilium Ingress10.0.80.101
App

Installed Stack

Infrastructure

Component Details
Cilium v1.19.2 — CNI, Ingress controller, L2 load balancer announcements
MetalLB LoadBalancer pool on VLAN 80
cert-manager Automatic TLS via Cloudflare DNS-01 challenge, Let's Encrypt production
democratic-csi Dynamic NFS PVC provisioning from Synology NAS
ExternalDNS Automatic DNS record creation in Adguard via webhook provider
kube-prometheus-stack Prometheus + Grafana for cluster monitoring
Reloader Automatic pod restarts on ConfigMap/Secret changes

Networking

App Description
Adguard Home Network-wide DNS filtering and ad blocking
Cloudflared Cloudflare Tunnel for secure external access without port forwarding

Media

App Description
qBittorrent Download client
Prowlarr Indexer manager for the *arr stack
Radarr (1080p) Movie collection management — 1080p
Radarr (4K) Movie collection management — 4K
Sonarr TV series collection management
Recyclarr Syncs TRaSH Guides quality profiles to Radarr and Sonarr — runs nightly as a CronJob
Profilarr Imports and syncs custom formats and quality profiles from TRaSH Guides to Radarr and Sonarr
Calibre Web Automated E-book library management with automatic imports

Dashboard & Observability

App Description
Homepage Unified dashboard for all services
Grafana Metrics visualisation and cluster monitoring dashboards