Back to Projects

Homelab Infrastructure

Ongoing

Enterprise-grade infrastructure at home, serving family across multiple locations

Proxmox Docker Traefik CrowdSec Authentik GitLab CI/CD
View on GitLab
Homelab Infrastructure - Three-node Proxmox cluster diagram

Overview

What started as a simple desire to self-host services evolved into a comprehensive three-node Proxmox cluster that now supports my immediate and extended family across multiple geographic locations.

The infrastructure handles everything from media streaming to identity management, all while maintaining high availability and security standards typically found in enterprise environments.

Challenge and Approach

The Challenge

My family needed reliable access to shared services (media, file storage, home automation) across multiple locations, but commercial solutions were expensive, privacy-concerning, and lacked the flexibility we needed. Each family member has different technical comfort levels, requiring a solution that's both powerful and user-friendly.

The Approach

I designed and built a three-node Proxmox cluster with automatic failover, comprehensive monitoring, and a security-first architecture. Services are containerized for isolation and easy management, with GitLab CI/CD pipelines automating deployments and updates.

Architecture & Tech Stack

The cluster runs on three physical nodes with shared storage, using a combination of Docker containers and LXC for workloads.

Proxmox VE Cluster

Three-node virtualization cluster with HA and live migration

ProxmoxCephZFS

Reverse Proxy & Security

Traefik handles routing with CrowdSec for threat detection

TraefikCrowdSecLet's Encrypt

Identity Management

Authentik provides SSO across all services

AuthentikLDAPOAuth2

Monitoring Stack

Full observability with metrics, logs, and alerting

PrometheusGrafanaLoki

Key Features

High Availability

Services automatically failover between nodes with zero downtime

Automated Deployments

GitLab CI/CD pipelines handle all deployments and configuration changes

Centralized Authentication

Single sign-on across all services with Authentik

Comprehensive Monitoring

Real-time dashboards and alerts for all services and infrastructure

Implementation Highlights

Zero-Downtime Updates

Implemented rolling updates across the cluster using Ansible playbooks, allowing system updates without service interruption.

Multi-Site VPN

Configured WireGuard mesh network connecting three locations with automatic failover routes.

Results & Impact

  • 99.9% uptime over the past year
  • Reduced manual maintenance time by 80% through automation
  • Successfully serving 10+ family members across 3 locations
  • Zero security incidents with proactive threat blocking via CrowdSec

Explore This Project

Interested in seeing more? Check out the live demo or browse the source code.

View on GitLab