THALES HOMELAB

Complete infrastructure documentation and interactive 3D visualization

3-Node Proxmox Cluster • Kubernetes • 24 Cores • 96GB RAM
Interactive Infrastructure Topology

Complete THALES infrastructure • 6 layers from physical hardware to edge services • Click nodes for details

Select a node

Nodes: 0 Connections: 0 FPS: 60
Layer 1
Physical Infrastructure

thales-01

Model Dell OptiPlex 7070 Micro
CPU i7-9700T
RAM 32GB
Host thales-01.thales.local
Role Proxmox Node 1

thales-02

Model Dell OptiPlex 7070 Micro
CPU i7-9700T
RAM 32GB
Host thales-02.thales.local
Role Proxmox Node 2

thales-03

Model Dell OptiPlex 7070 Micro
CPU i7-9700T
RAM 32GB
Host thales-03.thales.local
Role Proxmox Node 3

Network Switch — Cisco WS-C3560CX-12PC-S

Hostname cleisthenes.thales.local
Features Layer 3, PoE+, VLAN routing
24
Total CPU Cores
96GB
Total RAM
3
Cluster Nodes
Layer 2
Proxmox VE 9.0 Cluster — THALES

3-node Proxmox cluster running all virtual machines and containers. VMs and LXCs organized by host node.

thales-01

anaxagoras-01 Pi-hole Primary DNS
eratosthenes Nebula-sync
hippodamus Management Container
isocrates Domain Controller (Primary)
cleophon DHCP + AD CS
talos-cp1 K8s Control Plane

thales-02

anaxagoras-02 Pi-hole Replica DNS
homepage Homepage Dashboard
traefik Reverse Proxy / Ingress
zeno Docker Registry
netvisor Network Monitoring
patchmon Patch Monitoring
talos-w1 K8s Worker 1
ephialtes Domain Controller (Secondary)
anaximander macOS VM
pericles Tailscale Subnet Router

thales-03

homer Media Automation Stack
aristophanes Plex Media Server
anaxagoras-03 Pi-hole Replica DNS
netbox NetBox IPAM
pythagoras Development Management
talos-w2 K8s Worker 2
Layer 3
Talos Kubernetes Cluster

Control Plane

Hosttalos-cp1.thales.local
OSTalos Linux v1.11.0
K8sv1.34.0
RoleAPI Server, etcd, Scheduler
CNIFlannel

Worker 1

Hosttalos-w1.thales.local
OSTalos Linux v1.11.0
StatusReady
Storagelocal-path-provisioner

Worker 2

Hosttalos-w2.thales.local
OSTalos Linux v1.11.0
StatusReady
Storagelocal-path-provisioner

Deployed Namespaces

LEMP Stack

Namespacelemp
ComponentsNginx, PHP-FPM, MariaDB, Redis
URLjasonharker.com

Monitoring

Namespacemonitoring
ComponentsPrometheus, Grafana, AlertManager
URLInternal

Guacamole

Namespaceguacamole
ComponentsGuacamole
URLguacamole.jasonharker.com

Authentik SSO

Namespaceauthentik
ComponentsAuthentik
URLauthentik.jasonharker.com

Navidrome

Namespacemedia
ComponentsNavidrome
URLmusic.jasonharker.com

Jenkins

Namespacejenkins
ComponentsJenkins
URLjenkins.jasonharker.com

n8n

Namespacen8n
Componentsn8n
URLInternal
Layer 5
Services & Applications

DNS (Pi-hole HA Cluster)

anaxagoras-01
anaxagoras-01.thales.local — Pi-hole Primary DNS
anaxagoras-02
anaxagoras-02.thales.local — Pi-hole Replica DNS
anaxagoras-03
anaxagoras-03.thales.local — Pi-hole Replica DNS

Windows Enterprise Services

isocrates
Active Directory, DNS → Pi-hole
cleophon
DHCP Server, Certificate Authority
ephialtes
Active Directory replica, DNS → Pi-hole

Media & Streaming

*arr suite on homer (thales-03) • Plex on alcibiades • Navidrome on terpander

Media Suite
Movie, TV, and subtitle management — homer
Plex
Media server (iGPU transcoding) — aristophanes
Navidrome
Music streaming — K8s (media namespace)

Infrastructure Services

homepage
Homepage Dashboard
zeno
Docker Registry
netvisor
Network Monitoring
patchmon
Patch Monitoring
netbox
NetBox IPAM

Not Currently Deployed

Mail Server
Decommissioned — rebuild pending
Layer 6
External Access & Security

Cloudflare Tunnels

testing.jasonharker.comLEMP Dashboard (NodePort 30080)
thales.jasonharker.comProxmox Cluster
ArchitectureInternet → CF → Traefik → K8s

Security Posture

Exposed Ports0
DDoS ProtectionCloudflare
SSL/TLSAutomatic (CF)
Access ModelZero Trust
Experience
Disaster Recovery & Lessons Learned

Hard-won knowledge from building and maintaining enterprise-grade infrastructure at home.

💾 Proxmox HA Disaster

  • HA system destroyed K8s control plane VM (Sept 2025)
  • NEVER use ha-manager migrate with local storage
  • HA "stale service" cleanup is destructive without confirmation
  • Always maintain backups before HA operations
  • Future: Ceph distributed storage for safe HA

🌐 Windows Server + Tailscale

  • NEVER install Tailscale before DHCP role on Windows Server
  • VPN software creates competing network interfaces
  • Causes persistent DHCP binding failures (Event ID 1041)
  • Solution: Clean install, network services FIRST

🏗️ Architecture Mistakes

  • Docker-in-unprivileged-LXC: unreliable and flaky
  • AppArmor conflicts with nested containers
  • Single points of failure without distributed storage
  • Solution: Migrated to Kubernetes on Talos Linux

🛠️ Recovery Strategies

  • Complete service reconfiguration procedures documented
  • Backup gaps remain a critical risk
  • Systematic troubleshooting: logs first, then config, then code
  • Infrastructure as Code enables rapid rebuild
Infrastructure Principles
Enterprise Patterns
Production-grade practices over shortcuts
Infrastructure as Code
Terraform, Ansible, Kubernetes manifests
Immutable Infrastructure
Talos Linux, containerized deployments
GitOps Workflows
Flux CD, declarative state management
Zero Trust Security
No exposed ports, encrypted tunnels
Learning from Failures
Systematic troubleshooting, documented recovery