This is a bookkeeping for setup of my infrastucture and services. It features kube-vip for HA control-plane, MetalLB for LoadBalancer services, Pi-hole for DNS/ad-blocking along with unbound, and Caddy for reverse proxy and etc.
A concise overview of the hardware powering this homelab:
-
๐ป GMTec Mini PC Intel N150, 16GB DDR4 RAM, 256GB NVMe SSD
-
๐ป Beelink S13 Mini PC Intel N150, 16GB DDR4 RAM, 500GB M.2 SSD
-
๐ Raspberry Pi 4B 8GB RAM, 256GB microSD card
-
๐ถ GL.inet Flint 3e - OpenWRT Wifi-7 Router, with 2.5gigabit ports
I use Proxmox VE to manage bare-metal virtualization and Terraform to automate VM provisioning:
๐ฅ๏ธ VMs are provisioned on multiple nodes using Proxmox's API.
๐ฆ Each VM is bootstrapped with cloud-init templates.
โ๏ธ Terraform handles:
VM creation
Resource allocation (CPU, memory, disk)
SSH key injection
Network config
Directory: terraform
K3s HA setup is designed for simplicity, resilience, and a rich self-hosted ecosystem:
- ๐ข๏ธ External MariaDB: Runs on the Proxmox host to serve as K3s datastore.
- ๐ง kube-vip: Provides a virtual IP (VIP) for easy access to the K3s API.
- ๐พ Longhorn: Distributed block storage providing persistent, replicated volumes across the cluster.
- ๐งฒ MetalLB: Manages service-level LoadBalancer IPs for internal cluster services.
- ๐ Caddy Ingress: Handles clean, domain-based routing and automatic SSL for all web services.
- ๐ฎ CrowdSec: Integrates directly with Caddy to detect and block known malicious IPs and brute-force attacks.
- ๐ง Pi-hole + Unbound: Runs bare metal rpi4 to serve fast local DNS resolution and network-wide ad blocking.
- ๐ Cloudflare DDNS: Automatically updates my public Cloudflare DNS entries by cron run.
- ๐ Tailscale VPN: Deployed on a bare-metal Raspberry Pi 4 node for secure, zero-trust remote network access.
- ๐ Forgejo Git Server: Self-hosted Git repository complete with local actions runners to automatically deploy configuration changes.
- ๐ป Termix: Provides a web-based terminal for easy remote access to nodes (accessible securely via Tailscale).
- ๐ Homer: A clean, static dashboard for quick access to all homelab services.
- ๐ฟ Media Stack: The full Arr suite paired with Jellyfin for internal media management and streaming.
Directory: /k3s-ha-cluster/
This project draws inspiration and practical ideas from the following excellent resources. Many thanks to their authors for sharing their knowledge with the community: