HomelabNJ

The Lab

The Lab

A running description of the homelab this blog documents. Names, addresses, and exact topology are deliberately generalized — the point is the architecture and the reasoning behind it, not a network map.

Operating principles

Three rules shape almost every decision here:

  1. If it isn’t reproducible from a file, it doesn’t belong in the lab. Infrastructure lives in Git, not in someone’s memory.
  2. Immutable beats hand-tuned. Rebuild, don’t repair. A node you can’t stamp out from config is a liability.
  3. A backup is only real once you’ve isolated its failure domains. More copies on the same disk is not redundancy.

Compute

A Proxmox VE cluster is the foundation — a mix of lightweight LXC containers for most services and full VMs where stronger isolation or a custom kernel is needed. Every guest is documented and reproducible; a lost guest gets re-stamped, not nursed back to health.

Kubernetes

A Talos Linux cluster runs on Proxmox VMs. Talos is an immutable, API-managed OS with no SSH and no shell — each node is fully described by a single machine-config file, which makes the cluster cattle rather than pets. (There’s a whole series on this build.)

Storage

NAS appliances provide bulk storage over NFS, tiered into a primary pool (hot — active data and guest disks) and an archive pool (cold — long-term retention). Capacity and layout assume that any single appliance can fail.

Backups

Proxmox Backup Server handles deduplicated, incremental backups. The design goal isn’t “more copies” — it’s failure isolation: the backup server, the daily copy, and the archive copy each live on separate appliances, so no single storage loss can take out both the data and the means to restore it.

Edge & networking

The network is segmented into VLANs by trust level. Public services are exposed through a Cloudflare Tunnel — no inbound ports open to the internet — with Cloudflare Access gating every administrative surface. Internally, a reverse proxy fronts services with TLS.

What runs here

Photo and media libraries, document management, self-hosted AI, workflow automation, a personal knowledge base, browser-based dev environments, and this blog — all containerized, all behind the same edge and backup discipline.

How it’s documented

Every guest gets an auto-generated note, infrastructure-as-code lives in version control, and this blog is the public, sanitized slice of a much larger internal runbook set.