Skip to content
EK

Search Posts

/ or to open to navigate to select ESC to close

Homelab

Production-grade homelab infrastructure powering this website. 4-node Proxmox cluster with 34 services, enterprise-level high availability, and automated failover.

Homelab Infrastructure

📋 Note: The Cost Analysis and Build Your Own tabs are currently being updated with enhanced interactive content. Check back soon!

Homelab Infrastructure — Hildreth

Single-node Proxmox server running ~35 LXC containers and VMs across two VLANs, with GPU compute contributed by a dedicated Windows 11 workstation over LAN. All hosted apps reach the internet via Cloudflare Tunnel — the WordPress container itself has no outbound internet access by design.

Server Overview

1
Proxmox Node
Dell PowerEdge R630
~35
Running Guests
LXCs + VMs
40
CPU Cores
2× Xeon E5-2660 v3
128 GB
RAM
Enterprise ECC

Node Status

Host Type CPU Usage Memory Guests Status
node1 Bare Metal (R630)
18%
89 / 128 GB
~35 LXCs + VMs Online
HIL-WS-01 Windows 11 PC
5%
GPU: RTX 3060
Ollama API (LAN) Online

Key Services

Services running across two VLANs. VLAN 20 handles management and internal services; VLAN 152 hosts public-facing apps behind Cloudflare Tunnel.

🌐
WordPress (LXC 300)
VLAN 152 · 10.10.152.10
Running
🔐
Cloudflare Tunnel (LXC 301)
VLAN 152 · hildreth-hosting-152
Running
🛡️
AdGuard Primary (LXC 105)
VLAN 20 · DNS filtering
Running
Redis Stack (LXC 118)
VLAN 20 · Agent memory / queue
Running
🤖
Pote Agent (LXC 119)
VLAN 20 · AI automation
Running
🔁
n8n (LXC 645)
VLAN 152 · Workflow automation
Running

Network Architecture

Three-VLAN design — management, hosted apps, and physical infrastructure — with Sophos XGS firewall for inter-VLAN routing.

VLAN 20 — Management & Services

Subnet: 10.10.20.0/24
Purpose: Internal services, agent infrastructure, Proxmox management
  • node1 (Proxmox): 10.10.20.?
  • HIL-WS-01 (GPU workstation): 10.10.20.100
  • AdGuard, Redis, Pote, Ansible
  • Portainer, n8n controller

VLAN 152 — Hosted Apps

Subnet: 10.10.152.0/24
Purpose: Public-facing services routed via Cloudflare Tunnel
  • WordPress: 10.10.152.10 (no internet gateway)
  • CF Tunnel: 10.10.152.177
  • Firecrawl, n8n, Dify

VLAN mgmt — Infrastructure

Subnet: 172.16.15.0/24
Purpose: Proxmox host, iDRAC, TrueNAS, Zabbix, Tailscale
  • node1 (host): 172.16.15.10
  • TrueNAS: 172.16.15.5
  • iDRAC (R630): 172.16.15.210
  • Zabbix: 172.16.15.4

Storage Layer

TrueNAS Scale (VM 111)

Location: VM on node1 (Dell R630)
Address: 172.16.15.5
Pool: TOSHIBA-750 (647 GiB ZFS)
Export: NFS share mounted by Proxmox for templates, ISOs, backups
Version: TrueNAS Scale 25.10.1 Goldeye

Physical Hardware

Dell PowerEdge R630 (node1)

  • CPU: 2× Intel Xeon E5-2660 v3 @ 2.60 GHz (40 logical cores)
  • RAM: 128 GB ECC
  • Management: iDRAC 8 @ 172.16.15.210
  • Role: Single Proxmox VE host — runs all ~35 guests

HIL-WS-01 — GPU Workstation

  • GPU: NVIDIA GeForce RTX 3060 12 GB
  • OS: Windows 11
  • Role: GPU compute for local AI inference via Ollama API
  • Network: 10.10.20.100 (VLAN 20, LAN-accessible)

Note: This page displays static data. Live metrics from the Proxmox API will be integrated in a future update.

Architecture Deep Dive

Explore the five layers that make up this production homelab infrastructure, from physical hardware through to running applications.

Layer 1: Physical Hardware

Two physical hosts provide the foundation for the entire infrastructure.

🖥️
Dell PowerEdge R630
2× Xeon Processors
Enterprise ECC RAM
RAID Storage
💻
Windows 11 PC
Consumer Hardware
Hyper-V Hypervisor
Local Storage

1Gbps LAN Connection

Dell R630 (Primary)
  • Bare metal Proxmox VE host
  • Nested virtualization capable
  • Hardware RAID controller
  • IPMI remote management
Windows 11 PC (Secondary)
  • Hyper-V hypervisor
  • Hosts 2 Proxmox VE VMs
  • Multi-purpose workstation
  • Local storage for VMs

Layer 2: Hypervisor Layer

Multi-hypervisor architecture combining Proxmox VE and Microsoft Hyper-V.

🔷
Proxmox VE
node1 (Bare Metal)
172.16.15.10
🔷
Proxmox VE
node0 (Nested)
172.16.15.2
🔶
Hyper-V
node2
172.16.15.11
🔶
Hyper-V
node3
172.16.15.12

Proxmox HA Cluster “Hildreth”

qDevice (quorum arbitrator): 172.16.15.16

Proxmox VE 9.0.10
  • 4-node high availability cluster
  • Automatic VM/LXC migration on failure
  • Shared storage via NFS
  • Live migration support
Hyper-V Integration
  • Proxmox VMs run on Hyper-V
  • Full cluster participation
  • Shares NFS storage from TrueNAS
  • Multi-hypervisor architecture

Layer 3: Network Architecture

Dual-VLAN design provides network segmentation and security.

🌐
Internet

🔒
UniFi Gateway
Routing • Firewall

↓ Splits into 2 VLANs ↓

VLAN 1: Management

Subnet: 172.16.15.0/24

Purpose: Cluster communication, storage, management

  • node0: 172.16.15.2
  • node1: 172.16.15.10
  • node2: 172.16.15.11
  • node3: 172.16.15.12
  • TrueNAS: 172.16.15.21
  • qDevice: 172.16.15.16
VLAN 2: Application

Subnet: 10.10.152.0/24

Purpose: User services, containers, app traffic

  • WordPress: 10.10.152.10
  • Cloudflare Tunnel: 10.10.152.11
  • Grafana: 10.10.152.20
  • 20+ additional services

Layer 4: Storage Layer

TrueNAS provides shared ZFS storage to all cluster nodes via NFS.

💾
TrueNAS VM
172.16.15.21
Proxmox VM on node1

NFS Export: /mnt/WD-USB/WD-ZFS

node0
node1
node2
node3

All nodes mount NFS storage

ZFS Features
  • Data integrity verification
  • Snapshot support
  • Compression enabled
  • Self-healing on read
Usage
  • LXC/VM templates
  • ISO images
  • Backups
  • Shared volumes

Layer 5: Application Layer

34 services running across the cluster with high availability protection.

HA Protected (6 services)
🌐 WordPress
🔐 Cloudflare Tunnel
🛡️ AdGuard DNS
🔒 Twingate
🔗 Tailscale
📡 Unbound DNS
Standard Services (28 services)

17 additional LXC containers + 11 VMs running across all nodes

  • Development environments
  • Testing infrastructure
  • Network services
  • Monitoring tools
  • Personal applications

End-to-End Request Flow

How a request reaches this website through the infrastructure layers.

1
Internet Request

Visitor accesses eddykawira.com

2
Cloudflare

DNS resolution, CDN caching, DDoS protection

3
Cloudflare Tunnel (LXC 301)

Secure ingress – no exposed ports

4
WordPress LXC (300)

10.10.152.10 on node2 – Apache + PHP + MariaDB

5
Response

HTML rendered and returned to visitor

Homelab Topology — Hildreth

Single-node Proxmox server running ~35 LXC containers and VMs across two VLANs. All hosted apps route through Cloudflare Tunnel — the WordPress container has no internet access by design.

🖥️ node1 — Dell PowerEdge R630
Online
CPU
2× Xeon E5-2660 v3 · 40 cores · 18%
RAM
📦
⏱️
📡 VLAN 20 + VLAN 152

Public Ingress Path

WordPress (LXC 300) has no default gateway — it cannot initiate outbound internet connections. Cloudflare Tunnel (LXC 301) handles all inbound traffic via outbound-only tunnel.

LIVE
CPU:
MEM: