AORXI Homelab
Architecture

Site Roles & Inventory

Per-site roles and complete node inventory: compute nodes, networking devices, and planned service VMs at Site A and Site B.

Each site carries a distinct role. Site A (10.10.0.0/16) runs management, ZFS storage, Proxmox Backup Server (PBS), DNS, and monitoring. Site B (10.20.0.0/16) runs Ceph block storage, Kubernetes/OpenShift, and distributed compute. This page details the physical nodes, networking devices, and planned service VMs at each site.

Site A — Management & Storage

Site A is the management hub, hosting primary PBS, ZFS-backed storage, DNS, and monitoring infrastructure. Proxmox cluster name: sa-pve.

Compute Nodes

HostHardwarePrimary WorkloadsProxmox Mgmt (VLAN 20)
sa-edge-01Supermicro SYS-E200-8DProxmox + OPNsense VM (sa-fw-01)10.10.20.10
sa-cmp-01ThinkPad P51Proxmox worker, CI (Intel X550-T2)10.10.20.11
sa-cmp-02ThinkPad P52Proxmox worker, GPU / AI (Intel X550-T2)10.10.20.12
sa-stor-01Supermicro 5049A-TZFS mirror, PBS, DNS, monitoring, databases10.10.20.20

Networking Devices

DeviceModelRoleVLAN 10 IP
sa-sw-01Netgear XS716T10 Gb L2 core switch10.10.10.2
sa-sw-02Access / IPMI switch10.10.10.3
sa-sw-03Access / IPMI / AP switch10.10.10.4
sa-ap-01UniFi U7 Pro XGSWi-Fi 7 AP (PoE++ on sa-sw-03 port 3)10.10.10.6
UniFi Gateway MaxBootstrap / fallback only10.10.10.5

sa-sw-01 carries Proxmox, Corosync, VM, Kubernetes, storage, and backup VLANs. Proxmox Management (VLAN 20) and IPMI (VLAN 10) for sa-edge-01 and sa-stor-01 are offloaded to sa-sw-02 and sa-sw-03 to free core-switch ports for dedicated Corosync links. See Site A Port Map for the full assignment.

Planned Service VMs

VMRoleVLAN 30 Mgmt IPVLAN 90 Backup IP
sa-dns-01Primary Technitium DNS (authoritative)10.10.30.10
sa-dns-02DNS replica (AXFR from sa-dns-01)10.10.30.11
PBS-AProxmox Backup Server (primary site)10.10.30.2010.10.90.40

Site B — Ceph, Kubernetes & Compute

Site B is the distributed compute hub, running Ceph across five nodes and hosting Kubernetes/OpenShift workloads. Proxmox cluster name: sb-pve.

Compute Nodes

HostHardwarePrimary WorkloadsProxmox Mgmt (VLAN 20)
sb-edge-01Supermicro SYS-E200-8DProxmox + OPNsense VM (sb-fw-01)10.20.20.10
sb-cmp-01Supermicro SYS-5019D-4C-FN8TPCeph MON/MGR, Kubernetes control-plane10.20.20.20
sb-cmp-02Supermicro SYS-5019D-4C-FN8TPCeph MON/MGR, Kubernetes control-plane10.20.20.21
sb-cmp-03Supermicro SYS-5018D-FN4TCeph OSD, Kubernetes worker10.20.20.30
sb-cmp-04Supermicro SYS-5018D-FN4TCeph OSD, Kubernetes worker10.20.20.31
sb-cmp-05Supermicro SYS-5018D-FN4TCeph OSD, Kubernetes worker10.20.20.32

Networking Devices

DeviceModelRoleVLAN 10 IP
sb-sw-01Netgear XS748T10 Gb L2 core switch10.20.10.2
sb-sw-02UniFi USW 24 PoEAccess / IPMI / AP switch10.20.10.3
USG ProBootstrap / fallback only10.20.10.4

Planned Service VMs

VMRoleVLAN 30 Mgmt IPVLAN 90 Backup IP
sb-dns-01DNS replica (AXFR from sa-dns-01)10.20.30.10
sb-dns-02DNS replica (AXFR from sa-dns-01)10.20.30.11
PBS-BProxmox Backup Server (DR replica)10.20.30.2010.20.90.40

E200 Workload Guidance

Both edge nodes (sa-edge-01, sb-edge-01) use the Supermicro SYS-E200-8D, a compact platform whose primary responsibility is running the site OPNsense VM. The OPNsense VM must remain pinned to its local E200 and must not be migrated by the Proxmox HA subsystem.

OPNsense VM is pinned — no HA migration

sa-fw-01 stays on sa-edge-01; sb-fw-01 stays on sb-edge-01. Never enable HA migration for the OPNsense VM. Migrating the firewall VM takes down the site.

Suitable E200 workloads

OPNsense VM, DNS helper, UniFi controller, WireGuard helper, small reverse proxy, monitoring agent.

Avoid on E200

Heavy databases, Ceph OSDs, storage-heavy VMs, heavy Kubernetes workers, or any workload that competes with OPNsense for CPU or memory.

On this page