This is the first entry in an open build log. The plan: a family homelab spread across multiple sites, built as if it were enterprise infrastructure — then documented in public, decisions and all.
Why over-engineer a home lab?#
Because the goal isn’t just “self-host a few services.” It’s to learn and apply the patterns that make real infrastructure dependable: redundancy, automation, observability, and security — at a scale where the stakes are low but the lessons are real.
Guiding principles#
- Enterprise-grade, deliberately over-opinionated. Strong defaults beat endless choice.
- Resilient & scalable — no single points of failure.
- Local-first for critical services — DNS, time, home automation, internet, and the VPN must keep working at each site even if everything else is down.
- Standardize on Debian, with a small set of sanctioned appliance exceptions.
- Privacy & sovereignty — know exactly what data leaves the house, and prefer European, open-source building blocks.
The stack, at a glance#
- Automation: Ansible (config) with infrastructure-as-code in Git.
- Networking: a self-hosted mesh overlay across sites, dual-stack with IPv6 preferred.
- Edge & ingress: an HA reverse proxy, with portless tunnels for anything public.
- Secrets & PKI: a self-hosted vault that doubles as the internal certificate authority.
- Workloads: home automation, a Kubernetes cluster, and event streaming.
- Observability: metrics, dashboards, and alerting — including a watchdog that watches the monitoring itself.
What’s next#
Upcoming posts will walk through the first building blocks: the cloud edge node, the automation baseline, and the secrets foundation — one decision at a time.
Follow along.