Homelab

Self-hosted AI platform running on Kubernetes (K3s) with an NVIDIA RTX 3060. Powers a RAG chatbot for my portfolio website and serves as an AI experimentation playground.

Stack — vLLM serves Gemma 3 4B with OpenAI-compatible API. LangGraph orchestrates the chat flow (intent classification → retrieval → generation → validation). Qdrant stores vector embeddings, TEI generates them at inference time. Langflow handles automated content indexing via webhook.

Observability & Security — Prometheus + Grafana for GPU stats and request metrics, LangSmith for LLM tracing, DCGM Exporter for GPU telemetry. Keycloak provides SSO/OIDC for all AI services. The chatbot implements OWASP-aligned security: prompt injection detection, rate limiting, CSRF protection.

The backbone of the homelab runs on Proxmox VE with QEMU/KVM as the virtualization backend, providing robust virtualization for all workloads. Ubuntu cloud images serve as the base for most VMs, ensuring consistent and reproducible deployments.

ZFS provides enterprise-grade storage with built-in data integrity, snapshots, and compression. Proxmox Backup Server handles automated snapshots and backups. TrueNAS serves as dedicated NAS storage, with NFS and Samba providing network shares for various clients. Docker containers and LXC handle application isolation for various services.

A lightweight k3s cluster handles container workloads for various services. Helm manages application deployments with templated configurations. Traefik and Nginx serve as ingress controllers, with cert-manager handling automatic TLS certificate provisioning via ClusterIssuer.

Experience with OpenShift includes both single-node and 3-node cluster deployments. This environment mirrors enterprise Kubernetes patterns on a smaller scale, enabling experimentation with cloud-native architectures and deployment strategies.

Home Assistant serves as the central hub for smart home automation, integrating multiple protocols and standards. KNX provides reliable wired automation for lighting and blinds, while EnOcean enables energy-harvesting wireless sensors.

LoRaWAN extends connectivity to outdoor sensors and long-range applications. All devices communicate through MQTT for seamless integration and custom automations.

Security-first approach with TLS encryption via ACME/Let’s Encrypt for all services. Cloudflare provides DDoS protection and secure tunneling for external access.

OPNsense serves as the firewall and router with DHCP and traffic monitoring. Unifi Controller manages network infrastructure, while Unbound provides local DNS resolution. Network segmentation through VLANs isolates different workloads. WireGuard enables secure remote access. Vaultwarden handles password management, and Postfix provides local mail relay for system notifications.

Comprehensive monitoring stack with Prometheus and Telegraf for metrics collection, InfluxDB as time-series database, and Grafana for visualization. Checkmk provides infrastructure monitoring with auto-discovery.

ntfy handles push notifications for critical events, while NUT (Network UPS Tools) monitors UPS status to ensure graceful shutdowns during power outages.