The goal of this project is to experiment and practice on a daily basis with technologies used as a Site Reliability Engineer (SRE), to set up personal projects, and, of course, to have my own little data center at home (because that's cool, right?).
[x3] GEEKOM Mini IT13 Mini-PC Intel Core i9 upgraded to 64GBβ Link[x1] TP-Link TL-SG108E 8-Port Gigabit Ethernet Switchβ Link
Issues are written in both English and French for convenience.
I use them to write down ideas and things to do, and it's often easier to do this in my native language.
π Homelab issues
For now, I'll summarize my setup with a screenshot of my homepage.
A proper system and network architecture diagram will be added later (when I have time to make it clean and organized).
My environment consists of a three-node Proxmox VE cluster for virtual machines. The majority of VMs run Debian 13 (Trixie), provisioned via StackStorm and managed with SaltStack. High availability is provided by Proxmox VE HA with Ceph. The stack includes:
-
π
main.homelab.lanβ The main entry point to my infrastructure.- All SSH access to other machines is blocked by default.
- This machine can access all others and is actively monitored.
- Any connection from a non-whitelisted IP triggers a Discord notification.
- It is also responsible for pushing changes to GitHub and pulling updates for
/srv/salttosaltmaster.homelab.lanupon receiving push events.
-
π§
saltmaster.homelab.lanβ SaltStack- The Salt master manages all my minions (other VMs).
- Whenever something is pushed to GitHub,
main.homelab.lanpulls/srv/saltfrom this machine to apply state configurations.
-
π€
stackstorm.homelab.lanβ StackStorm- Automates various actions, including VM creation, SSL certificate generation, resource provisioning in NetBox, PowerDNS automation, and more.
-
π¦
netbox.homelab.lanβ NetBox- Inventory of all homelab resources: IP addresses, VMs, network interfaces, etc.
-
π
vault.homelab.lanβ Vault- A key-value secrets management vault.
- Secrets can be accessed by various tools through plugins and integrations.
-
π
ldap.homelab.lanβ LDAP authentication server.- Currently used by Proxmox nodes and Grafana.
-
π₯
prometheus.homelab.lanβ Prometheus- A monitoring and alerting system.
- Uses Prometheus and Alertmanager.
-
β
easypki.homelab.lanβ Internal Certificate Authority (CA).stackstorm.homelab.lanmanages certificate issuance through automated workflows.
-
β°
ntp.homelab.lanβ Chrony NTP Server- Provides time synchronization for all VMs without relying on external sources.
-
π
grafana.homelab.lanβ Grafana- Visualization for monitoring dashboards: ELK status, VM performance, and more.
-
π
elk.homelab.lanβ Elastic Stack- A centralized logging system using Elasticsearch, Logstash, and Kibana.
- Collects logs via rsyslog, processes them, and presents dashboards.
-
π
api.homelab.lanβ FastAPI- An API server for practice and development.
-
π
pdns.homelab.lanβ PowerDNS Authoritative Server- Authoritative DNS server.
-
π
recursor.homelab.lanβ PowerDNS Recursor- Recursive DNS resolver.
-
π³
docker.homelab.lanβ Docker- Dedicated machine for building and deploying containerized applications.
-
π·π»ββοΈ
build.homelab.lanβ Machine for building Debian packages. -
π§
aptly.homelab.lanβ Aptly- Manages Debian package repositories.
-
π
revproxy.homelab.lanβ Reverse proxy server.- Handles outbound traffic for services like
khaddict.com.
- Handles outbound traffic for services like
-
π»
kcli.homelab.lanβ Kubernetes CLI for managing the cluster. -
π©
kworker0[1-3].homelab.lanβ Kubernetes worker nodes. -
π§
kcontrol0[1-3].homelab.lanβ Kubernetes control plane nodes. -
π§
ai.homelab.lanβ Artificial Intelligence experimentations. -
π’
uptimekuma.homelab.lanβ Uptime Kuma to monitore services. -
πΎ
pbs.homelab.lanβ Proxmox Backup Server- Proxmox Backup Server for backing up & restoring VMs.
- Local NFS storage to handle Proxmox backups.
- Synchronization to Shadow Drive :
This documentation provides an overview of my homelab and the various technologies I am working with. More details will be added over time as I refine and expand my setup.