~ kubectl get nodes # the fun part

#Homelab

A production-grade lab where I prototype the patterns I run at work – networking, clustering, GitOps and self-hosted AI.

## topology

# workloads scheduled on the cluster

Forgejo

self-hosted Git · dotfiles & IaC

n8n

automation / workflows

Ollama

local LLM inference (dedicated GPU box)

Milvus

vector DB + RAG pipeline

Homarr

dashboard (LAN / VPN only)

bare-metal: Dell R820 · storage: Synology NAS · edge: mini PCs

## the cluster

A hybrid physical/virtual K3s cluster that separates control plane from workers to make the most of the hardware. The control plane runs bare-metal on an HP Mini PC; two worker nodes run as VMs on the Synology NAS under Virtual Machine Manager. All nodes run Ubuntu Server (minimal) and K3s.

# hard-won lesson: never clone worker VMs after install – duplicate machine-ids cause severe K8s networking conflicts. Each node is built from the ISO.

## networking

The lab is stitched together with Headscale, a self-hosted WireGuard coordination layer running in Synology Container Manager as the always-on control plane, with Tailscale clients on every node. That gives me a private mesh I can reach from anywhere without exposing services to the public internet.

## self-hosted AI stack

• Ollama – local LLM inference on a dedicated GPU machine.
• Milvus – vector database backing a token-chunking RAG pipeline.
• n8n – automation and glue between services.
• Forgejo – self-hosted Git for dotfiles and Infrastructure as Code.

## services dashboard

Everything is fronted by a Homarr dashboard, reachable only on the home LAN or over the WireGuard VPN – nothing here is exposed publicly. Security defaults beat convenience.

# philosophy: self-hosted first when the operational overhead is worth the control.