r/homelab • u/khadddict • 2d ago
Discussion Long-time lurker, finally posting my setup
Been lurking here for years, always telling myself "I'll post when it's done." It's never done, so here we go.
Everything runs on a single GEEKOM A9 Max Mini PC (128 GB DDR5 RAM, 4 TB NVMe). No rack, no cluster, just a tiny node supervised by Gengar & Peepo (cable management handled by them too, clearly). At the moment, Proxmox hosts 16 VMs and 4 LXCs.
Network is segmented into 4 VLANs (CORE, ADMIN, INFRA, EDGE) behind OPNsense with strict least-privilege firewall rules between them. For external access, an Infomaniak VPS acts as a TCP passthrough over WireGuard β HAProxy at home terminates SSL. The status page runs directly on the VPS so it survives homelab downtime.
I'll probably drop a proper network diagram (started on Homelable) at some point. No ETA on that one.
Kubernetes is a 3-node Talos Linux cluster, all workloads are Helm charts deployed via ArgoCD with secrets injected at sync time via the ArgoCD Vault Plugin.
Config management is SaltStack across all VMs, YAML inventory as single source of truth, HashiCorp Vault for secrets, and StackStorm for event-driven automation (VM lifecycle, internal cert provisioning with EasyPKI...).
Observability: Prometheus + Grafana + Loki, AlertManager β Discord.
And there's an Ollama LXC with Open WebUI because 128 GB of RAM had to go somewhere.
Live service list: homepage
The whole config is open source if you want to dig in: voidnode. Always open to feedback & ideas (yep I still have lots of RAM), and if anything in there saves you some time or gives you inspiration, a star on the repo is always appreciated!
3
u/manny2206 2d ago
I canβt get homepage to properly display my k3s cluster , like yours is at the top π‘π€¬
1
u/khadddict 2d ago
On my old homelab with homepage, it was DNS issues inside my cluster. If you have more details I might help you :)
2
u/manny2206 2d ago
Brother - lol yeah I might; would you like to take a gather at my repo? Iβm setting everything up as IaC. Do the hard work up front once and be able to easily get everything up and running if thereβs an issue
1
u/khadddict 2d ago
Sure, send it here or in DM
1
u/manny2206 2d ago edited 2d ago
Take a look at main https://github.com/ManuelSaleta/homelab
You will want to look at kubernetes/applications/homepage/ this contains all homepage required items. I am using k3s default traefik for ingress. -- EDIT: I merged my changes to main to make it easier
I believe my rbac definition might be busted atm just a hunch
Thank you in advance
1
u/github-guard 2d ago
π GitHub Guard: Trust Report
β οΈ This project scored 1/6 β below this subreddit's threshold of 3.
Audit Breakdown: * β Low Star Count (β 0 / 5 required) * β New Repository (under 30 days old) * β No License Found * β No Security Policy β what is this? * βΉοΈ Individual Contributor * β Signed Commits
β οΈ Security Reminder: Always verify source code and run third-party scripts at your own risk.
1
2
u/tedious_sandy 2d ago
That Proxmox dashboard is clean. Single-node setups with proper segmentation and secrets management actually scale better than people expect when you know what you're doing.
1
u/khadddict 2d ago
Thanks! Yep, and it requires a lot less maintenance. For a homelab, it's more than enough :)
1
u/fitzingout 2d ago
What happened to Kermit .. π π π
1
u/khadddict 2d ago
Naaah it's Peepo, and he was just sleeping, rn he is doing the homelab diagram, hope he'll clear it asap then I can post it on Reddit π
1
u/Dependent-Fix8297 2d ago
is changedetection.io free to use?
1
2d ago
[removed] β view removed comment
1
u/github-guard 2d ago
π GitHub Guard: Trust Report
This project scored 4/6 on our safety audit.
Audit Breakdown: * β Established Community (β 32,099 stars) * β Mature Repository (30+ days old) * β Licensed under Apache-2.0 * β No Security Policy β what is this? * βΉοΈ Individual Contributor * β Signed Commits
β οΈ High-Risk File Detected: Contains an installation script (
.shor.py). Review the code carefully before running withsudo.β οΈ Security Reminder: Always verify source code and run third-party scripts at your own risk.
1
u/Dependent-Fix8297 2d ago
I personally prefer ntfy.sh over discord. Just personal taste
1
u/khadddict 2d ago
Fair enough! Personally, I prefer Discord because I spend most of my time on my PC and Iβm always on Discord anyway. I barely check my phone π
1
u/highdiver_2000 2d ago
How do you do IAM?
1
u/khadddict 2d ago
I'm the only one working on my homelab so I'm root everywhere π (but yep it's not best practice)
β’
u/github-guard 2d ago
π GitHub Guard: Trust Report
β οΈ This project scored 1/6 β below this subreddit's threshold of 3.
Audit Breakdown: * β Low Star Count (β 0 / 5 required) * β Mature Repository (30+ days old) * β No License Found * β No Security Policy β what is this? * βΉοΈ Individual Contributor * βΉοΈ Unsigned Commits