Homelab Server

About the Build

Abstract & Motivation

Architected and deployed a highly efficient, multi-tiered homelab infrastructure designed to rigorously replicate enterprise-grade cloud environments while strictly mitigating the power consumption and thermal output of traditional bare-metal server racks. The core engineering challenge was solving the idle-compute penalty: running legacy x64 compute nodes (e.g., a 95W TDP AMD FX-6300) 24/7 generates excessive baseline electrical overhead. Conversely, leaving the hardware entirely offline breaks critical local infrastructure, including DNS resolution, VPN access, and continuous file storage availability.

The objective was to engineer a hybrid system that maintains 100% uptime for core network routing and edge services while allowing heavy compute resources to remain in an air-gapped power state until explicitly invoked by a custom-built hardware control plane.

Infrastructure Architecture & Physical Topology

The environment is physically and logically structured as a Tiered Micro-Datacenter, utilizing a distributed architecture of low-power ARM microcomputers for continuous logic, bridged to a high-performance x64 node via a custom hardware relay system.

Tier 1: The "Always-On" Network Edge (Raspberry Pi 4B) Operating as the 24/7 network gateway and routing backbone. Hardwired directly to the core Gigabit switch, this ultra-low-power node ensures localized network integrity independent of the main compute cluster. It manages local DNS resolution and ad-blocking (Pi-hole/AdGuard), reverse proxy routing (Traefik/Nginx), and serves as the primary VPN gateway (WireGuard/Tailscale). This establishes a secure, zero-trust cryptographic tunnel into the infrastructure from external networks, ensuring management access is maintained even when the primary host is powered down.
Tier 2: Out-of-Band (OOB) Control Plane (Raspberry Pi 3B) Operating as the secure physical bridge and hardware ignition controller. Rather than relying on unreliable Layer 2 Wake-on-LAN (Magic Packets), this node runs a custom-engineered X11 kiosk dashboard driving a physical touchscreen. Utilizing Python and the gpiozero library, it interfaces with a dedicated 3.3V hardware relay wired directly to the x64 motherboard’s ATX PWR_SW headers, ensuring complete electrical isolation between the Pi's logic circuits and the ATX power delivery. Upon triggering the boot sequence, the application establishes an asynchronous SSH bridge to continuously poll and parse live Docker daemon telemetry, CPU load vectors, and RAM allocation metrics directly to the display.
Tier 3: Bare-Metal Compute & Storage Node (x64 Ubuntu Server) Operating as the on-demand containerization host and mass storage array. This node remains physically powered off to conserve energy until explicitly invoked by the OOB Controller. Once the OS initializes, it mounts a high-capacity storage array for private cloud syncing (Seafile) and initializes the Docker engine for heavy, containerized development workloads, database hosting, and service testing.

Custom Software Engineering & Tooling

Beyond the physical hardware fabrication and network topology, the project required writing custom system-level utilities to orchestrate the infrastructure:

Hardware-Interfacing GUI (The Command Center): A Python/CustomTkinter application executing on the Pi 3B. This software handles cryptographic SSH key authentication, executes remote POSIX commands asynchronously to prevent UI blocking, parses standard output telemetry, and safely controls GPIO logic states. It provides tactile, physical control over the virtualization environment without requiring standard web interfaces.
Ephemeral Sandbox Engine (sandbox): Engineered a highly robust Bash command-line wrapper for the Ubuntu server to facilitate rapid CI/CD and development prototyping. Leveraging native Docker API calls, the tool provisions fully isolated, disposable environments (Base Ubuntu, Python 3.x, Node.js LTS) in milliseconds. The configuration automatically mounts a shared host volume for file exfiltration and utilizes the Docker --rm flag to guarantee the container and its filesystem are completely vaporized upon exit, ensuring zero state bloat or orphaned volumes on the host drive.
State Parsing & Regex Filtering: The sandbox engine utilizes custom metadata tagging (Docker labels) and awk processing to cleanly filter the command-line output, ensuring the developer only sees relevant test containers while masking persistent infrastructure containers (like Seafile) from the testing interface.

Security & Zero-Trust Implementation

Security is enforced at multiple layers of the OSI model. Edge access is entirely restricted; no open ports are forwarded through the ISP router. All external traffic must authenticate via the WireGuard/Tailscale cryptographic mesh before it can route to the internal Cudy Gigabit switch. The OOB management dashboard utilizes passwordless RSA key pairs to communicate with the compute node, ensuring that the control plane can orchestrate the environment without storing plaintext credentials in the application logic.

Project Impact & Demonstrated Competencies

This architecture successfully bridges the gap between high-performance computing requirements and strict energy efficiency constraints. It serves as a comprehensive demonstration of full-stack systems engineering—encompassing physical hardware fabrication, GPIO relay soldering, Linux systems administration, bash scripting, and container orchestration. It provides a highly secure, self-hosted alternative to traditional cloud providers (AWS EC2 / S3), complete with proprietary deployment tooling and dedicated out-of-band management.

Technical Specs

Processor AMD FX-6300 (6C/6T, 95W)
Platform AM3+ Socket
Memory DDR3 32GB (Max Capacity)
Boot Drive 500GB SSD
Storage Pool 2x 4TB HDD (ZFS Mirror)
Cooling Custom Aftermarket Active Air
Graphics Headless (Legacy GPU provisioned)

Private Project

This project files are private.
Contact me for more details.

Contact Me for Info