Server

Your homelab runs your GitLab, your passwords, your photos, your home automation. What happens when the disk fails? If you can’t answer that question confidently, you don’t have backups. You have hope. The 3-2-1 rule has been around for decades because it works. Three copies, two different media, one offsite. Here’s how to actually implement it. The 3-2-1 Rule Explained flowchart TD subgraph rule["3-2-1 Backup Rule"] Data["Original Data"] subgraph three["3 Copies"] C1["Copy 1<br/>(Original)"] C2["Copy 2<br/>(Local Backup)"] C3["Copy 3<br/>(Offsite)"] end subgraph two["2 Media Types"] M1["NVMe/SSD"] M2["HDD/NAS"] end subgraph one["1 Offsite"] Off["Cloud/Remote"] end end Data --> C1 Data --> C2 Data --> C3 C1 --> M1 C2 --> M2 C3 --> Off Why Three Copies? Copy 1: Your live data (original) Copy 2: Local backup (fast restore) Copy 3: Offsite backup (disaster recovery) One copy is not a backup. Two copies can both fail in the same disaster (fire, flood, ransomware). Three copies with separation gives you real resilience. ...

Your homelab cluster runs at home. You’re not always at home. You need access. The traditional approach: forward ports, set up dynamic DNS, configure firewall rules, pray nobody finds your exposed services. The better approach: Tailscale. Zero exposed ports. Secure WireGuard encryption. Your devices find each other, wherever they are. What Is Tailscale? Tailscale is a mesh VPN built on WireGuard. Every device gets a stable IP. Every device can reach every other device. No central server routing your traffic. ...

You don’t need a cloud provider to run Kubernetes. You don’t need expensive servers. You need three mini-PCs and an afternoon. This is how I built my homelab cluster — the same cluster that runs my GitLab, monitoring, home automation, and everything else I refuse to trust to someone else’s computer. Why K3s? K3s is Kubernetes, simplified: Single binary — ~70MB, includes everything Low resource — Runs on Raspberry Pi, runs great on mini-PCs Production ready — Same API, same workloads, less overhead Batteries included — Built-in ingress, load balancer, storage It’s not “Kubernetes lite.” It’s Kubernetes without the enterprise cruft. ...

People often think you need VMware, Hyper-V, or at minimum Proxmox to run a “real” hypervisor. Something with a web UI, enterprise features, the whole package. But here’s the thing: KVM with libvirt can do virtually everything those commercial hypervisors do. Live migration, memory ballooning, CPU pinning, GPU passthrough, SR-IOV, nested virtualization — it’s all there. The Linux kernel has been a production-grade hypervisor for over a decade. I run NixOS as my hypervisor. No Proxmox, no web UI, just declarative Nix configs and virsh. Let me show you what’s possible. ...

I spend my evenings doing Hack The Box challenges and CTF competitions. Not because I want to become a pentester — I’m happy in platform engineering. But because the skills I learn there make me significantly better at my day job. This isn’t obvious at first. What does pwning a vulnerable web app have to do with running Kubernetes clusters? More than you’d think. Forensics and offensive security train you to think about systems differently. You learn to investigate, to trace, to understand what’s actually happening rather than what should be happening. And that mindset — plus the tooling — is exactly what you need when debugging production issues at 3 AM. ...