LAB(8)home.arpaLAB(8)

Infrastructure

Proxmox VE 9
blackwall  •  ASUS PN51 (Ryzen 7 5700U)  •  pve.arpatek.dev
  • Single-node hypervisor running all VMs. No cluster, no HA — intentional.
k3s — 3-node cluster
erebus + sandevistan + kerenzikov  •  Debian 13
  • Lightweight Kubernetes for public workloads. Traefik ingress, cert-manager TLS.
  • Runs arpatek.dev and proxies git.arpatek.dev, gf.arpatek.dev, pm.arpatek.dev, pi.arpatek.dev, pve.arpatek.dev

Identity & Network

FreeIPA
mikoshi  •  Rocky Linux 9
  • Central identity, SSH auth, sudo policy, and DNS authority for home.arpa. Every VM is an IPA client.
Pi-hole
netrunner  •  Raspberry Pi  •  pi.arpatek.dev
  • Network-wide DNS resolver, DHCP server, and content filter. Upstream for FreeIPA queries.
WireGuard
netrunner  •  Raspberry Pi
  • VPN into the 10.33.111.0/24 network. Connected clients use Pi-hole for DNS, matching LAN behavior.

Dev & Observability

Gitea + act_runner
soulkiller  •  Debian 13  •  git.arpatek.dev
  • Self-hosted Git, container registry, and CI/CD. Pushes built images to k3s on every commit.
PLG Stack — Prometheus, Loki, Grafana
netwatch  •  Debian 13  •  gf.arpatek.dev  •  pm.arpatek.dev
  • Hub-and-spoke observability. node_exporter + cAdvisor + Alloy agents on every host.
LAB(8)home.arpaLAB(8)