In January I published a short rundown of the major changes since 2020 (see Reflecting on Progress: My Homelab Journey Since 2020). This post is the follow-up.

The architecture started with a Fujitsu PRIMERGY TX120 S3 and matured when the Fujitsu PRIMERGY RX2530 M2 (1U, dual CPU) became the primary hypervisor. After that, everything accelerated: Talos nodes, GPU passthrough, a new hypervisor class, and a deployment model that finally scales.

Phase 1: Core Infrastructure and Virtualization

With the Fujitsu server anchoring the rack, the fleet expanded with two HP EliteDesk 600 G3 units. Talos Linux was installed on them to establish a programmable infrastructure fabric. One was commissioned as a Windows 11 Pro VM, a project that forced a deep dive into GPU passthrough on Proxmox. Mastering this was a critical success: GPU acceleration became available inside the virtualized perimeter.

This is also where the baseline architecture locked in: DNS, TLS, and identity.

  • DNS: ExternalDNS automates record management, but the zone is only resolvable from inside. Names look public. Reach is not.
  • Edge + TLS: Traefik is configured for Let’s Encrypt using the Cloudflare DNS-01 challenge (API token-based). If it has a hostname, it has HTTPS.
  • SSO: Authentik sits in front of everything that matters. Once it’s set up, it turns access control from a scattered set of configs into a single system.
  • Selective Exposure: A Cloudflare Tunnel Operator exposes only what should be public. This blog is served from the homelab through this tunnel.

Phase 2: The Industrialization of Compute

The EliteDesk experiment revealed the operational limitations of small-form-factor systems under sustained load. The next logical step was to architect a resilient, standardized solution. The design brief was clear: maximize the price-to-performance-to-wattage ratio.

The result is a pair of custom-built 4U servers, the new backbone of the lab.

  • Chassis: Inter-Tech 4408 4U. A raw, functional enclosure.
  • Processing: 11th Gen Intel Core i5 and i7 CPUs.
  • Motherboard: Standard ATX boards for maximum compatibility and cost-effectiveness.
  • Storage: Dedicated RAID controllers for data redundancy and performance.

These machines are the primary hypervisors, both running Proxmox VE. They represent a fundamental shift from ad-hoc expansion to a replicable server architecture.

Phase 3: A New Deployment Doctrine

The deployment model has undergone a significant strategic shift, moving away from inefficient and rigid structures.

  • Initial State: 1 VM per container. Simple, but resource-intensive and unscalable.
  • Interim State: 1 VM for multiple containers, grouped by role. This improved density but introduced scalability bottlenecks and single points of failure.
  • Current Doctrine: A cluster of three purpose-built VMs, deployed and configured via a single, unified Ansible role. This provides a balance of isolation, resource management, and automated scalability.

Phase 4: The Automation Singularity

The inflection point was the total adoption of Infrastructure as Code (IaC). Manual configuration was deprecated.

The lab now has a single planning surface: a GitLab-hosted repository containing the Ansible and Terraform code. It has crossed the 3000-commit mark. That number matters because it signals intent: iteration, review, rollback, history. The homelab stopped being “machines I own” and became “a system I can recreate.”

The workflow is codified and automated.

  • Proxmox VM Provisioning: VMs are no longer created; they are stamped out from standardized templates. Consistency and speed are enforced through automation.
  • Talos Deployment via Terraform: The entire Talos Linux environment is defined in Terraform and managed via GitLab CI/CD. A git push to the repository triggers a pipeline that configures the entire cluster. This is GitOps executed.
  • Automated Dependency Management: RenovateBot is integrated into the workflow, automatically scanning for updates, creating merge requests, and keeping the entire software stack current.
  • Secrets Handling: HashiCorp Vault is the secrets backbone. Credentials are no longer scattered across shell histories and ad-hoc files; they are stored, accessed, and rotated intentionally.

This trifecta of templating, Terraform, and automated updates was the catalyst. The lab transformed from a manually curated system into a self-provisioning, self-updating organism. The velocity of experimentation and deployment increased by an order of magnitude.

The Kubernetes Question: Storage as the Final Frontier

While the infrastructure is robust, mass adoption of Kubernetes is pending. The critical dependency is a resilient, distributed storage solution. Without it, stateful workloads in Kubernetes are a liability. The current focus is on architecting a storage backend that meets the required performance and reliability specifications.

However, a lean Kubernetes control plane is operational, serving critical ingress and service discovery functions.

  • CNI: Cilium provides networking, observability, and security.

Ingress, DNS automation, TLS issuance, and SSO are part of the baseline architecture (see Phase 1). Kubernetes plugs into that foundation; it doesn’t reinvent it.

Up Next: Media, Models, and Acceleration

The next steps are pragmatic. They target consolidation, capability, and GPU acceleration.

  • Photos: Consolidate the photo estate into Immich. One system of record.
  • GPU Node: Build a dedicated GPU-enabled node. The exact model is secondary; 16GB VRAM is not. Candidates are an RTX 4060 Ti (16GB) or a future 50-series equivalent with the same memory tier.
  • Local Inference: Use that node to host smaller local LLMs for the workloads that benefit from proximity, privacy, and low latency.
  • Accelerated Workflows: Run audio tooling (“audiomuse”) and use the GPU for Immich’s accelerated tagging.

The homelab is no longer a collection of hardware. It is an engineered system. The next iteration will solve the storage challenge and unlock the full potential of the Kubernetes ecosystem. The blueprint is drawn. Execution is in progress.