The goal of this project is to experiment and practice on a daily basis with technologies used as a Site Reliability Engineer (SRE), to set up personal projects, and, of course, to have my own little data center at home (because that's cool, right?).
[x3] GEEKOM Mini IT13 Mini-PC Intel Core i9 upgraded to 64GB➞ Link[x1] TP-Link TL-SG108E 8-Port Gigabit Ethernet Switch➞ Link
Issues are written in both English and French for convenience.
I use them to write down ideas and things to do, and it's often easier to do this in my native language.
For now, I'll summarize my setup with a screenshot of my homepage.
A proper system and network architecture diagram will be added later (when I have time to make it clean and organized).
My environment consists of a three-node Proxmox VE cluster for virtual machines. The majority of VMs run Debian 13 (Trixie), provisioned via StackStorm and managed with SaltStack. High availability is provided by Proxmox VE HA with Ceph. The stack includes:
-
🔐
main.homelab.lan➞ The main entry point to my infrastructure.- All SSH access to other machines is blocked by default.
- This machine can access all others and is actively monitored.
- Any connection from a non-whitelisted IP triggers a Discord notification.
- It is also responsible for pushing changes to GitHub and pulling updates for
/srv/salttosaltmaster.homelab.lanupon receiving push events.
-
🧂
saltmaster.homelab.lan➞ SaltStack- The Salt master manages all my minions (other VMs).
- Whenever something is pushed to GitHub,
main.homelab.lanpulls/srv/saltfrom this machine to apply state configurations.
-
🤖
stackstorm.homelab.lan➞ StackStorm- Automates various actions, including VM creation, SSL certificate generation, resource provisioning in NetBox, PowerDNS automation, and more.
-
📦
netbox.homelab.lan➞ NetBox- Inventory of all homelab resources: IP addresses, VMs, network interfaces, etc.
-
🔑
vault.homelab.lan➞ Vault- A key-value secrets management vault.
- Secrets can be accessed by various tools through plugins and integrations.
-
📂
ldap.homelab.lan➞ LDAP authentication server.- Currently used by Proxmox nodes and Grafana.
-
🔥
prometheus.homelab.lan➞ Prometheus- A monitoring and alerting system.
- Uses Prometheus and Alertmanager.
-
✅
easypki.homelab.lan➞ Internal Certificate Authority (CA).stackstorm.homelab.lanmanages certificate issuance through automated workflows.
-
⏰
ntp.homelab.lan➞ Chrony NTP Server- Provides time synchronization for all VMs without relying on external sources.
-
📊
grafana.homelab.lan➞ Grafana- Visualization for monitoring dashboards: ELK status, VM performance, and more.
-
📜
elk.homelab.lan➞ Elastic Stack- A centralized logging system using Elasticsearch, Logstash, and Kibana.
- Collects logs via rsyslog, processes them, and presents dashboards.
-
🚀
api.homelab.lan➞ FastAPI- An API server for practice and development.
-
📚
pdns.homelab.lan➞ PowerDNS Authoritative Server- Authoritative DNS server.
-
📗
recursor.homelab.lan➞ PowerDNS Recursor- Recursive DNS resolver.
-
🐳
docker.homelab.lan➞ Docker- Dedicated machine for building and deploying containerized applications.
-
👷🏻♂️
build.homelab.lan➞ Machine for building Debian packages. -
🐧
aptly.homelab.lan➞ Aptly- Manages Debian package repositories.
-
🔀
revproxy.homelab.lan➞ Reverse proxy server.- Handles outbound traffic for services like
khaddict.com.
- Handles outbound traffic for services like
-
💻
kcli.homelab.lan➞ Kubernetes CLI for managing the cluster. -
🔩
kworker0[1-3].homelab.lan➞ Kubernetes worker nodes. -
🔧
kcontrol0[1-3].homelab.lan➞ Kubernetes control plane nodes. -
🧠
ai.homelab.lan➞ Artificial Intelligence experimentations. -
🟢
uptimekuma.homelab.lan➞ Uptime Kuma to monitore services. -
💾
pbs.homelab.lan➞ Proxmox Backup Server- Proxmox Backup Server for backing up & restoring VMs.
- Local NFS storage to handle Proxmox backups.
- Synchronization to Shadow Drive :
This documentation provides an overview of my homelab and the various technologies I am working with. More details will be added over time as I refine and expand my setup.