Homelab backup strategy visualization

Backup Strategy for Your Homelab: The 3-2-1 Rule in Practice

Picture your homelab disk dying tonight. Not corrupting, not throwing SMART warnings for a week first, just gone. The GitLab that holds every repo you care about, the password vault, fifteen years of family photos, the home automation that runs your house. All of it on a drive that has decided it’s done. Can you answer what happens next without your stomach dropping? If not, you don’t have backups. You have hope, and hope is not a strategy you want to discover the limits of at 2am. ...

May 18, 2026 · 12 min read · Tom Meurs
Tailscale mesh network connecting devices

Tailscale for Homelab: Secure Remote Access Without Port Forwarding

My homelab cluster runs in a closet at home. I do not. I work from coffee shops, from a client office, sometimes from a hotel with WiFi that feels actively hostile. And I still want to reach my own machines while I’m out there. For years the standard answer to that was to poke holes in your own front door. Forward a port on the router, wire up dynamic DNS so the changing home IP doesn’t break everything, write firewall rules, and then sit with the quiet hope that nobody scanning the internet stumbles onto the SSH daemon you just exposed. It works, in the sense that you can reach your stuff. It also means a part of your private network is now answering questions from strangers, all day, forever. ...

May 10, 2026 · 11 min read · Tom Meurs
K3s cluster running on mini-PCs

K3s Cluster Setup on Refurbished Mini-PCs

Three mini-PCs sit on a shelf in my house. Together they run my GitLab, my monitoring stack, home automation, file sync, password manager, and a pile of other things I refuse to hand to someone else’s computer. The whole setup cost less than a single month of the equivalent managed Kubernetes bill, and I understand every layer of it because I built it myself. You can have the same thing. No cloud account, no rack, no five-figure budget. You need three second-hand machines and an afternoon where nobody bothers you. This is the cluster I keep coming back to when I talk about sovereign infrastructure, and here is exactly how it goes together. ...

April 24, 2026 · 11 min read · Tom Meurs
NixOS as hypervisor with KVM and QEMU

NixOS as a Hypervisor: KVM and QEMU Can Do Everything

Ask most people how to run a “real” hypervisor at home and you get the same shortlist: VMware, Hyper-V, or at minimum Proxmox. Something with a web UI, a clustering tab, a marketing page full of enterprise features. That mental model is so common that running virtual machines without one of those products feels like cutting corners. We’ve quietly accepted that serious virtualization comes with a vendor attached. Now flip it. The thing doing the actual work in all of those products is a Linux kernel module that has been production-grade for over a decade. KVM with libvirt gives you live migration, memory ballooning, CPU pinning, GPU passthrough, SR-IOV, nested virtualization. The features the glossy hypervisors advertise are kernel features. The web UI is a wrapper around them. ...

March 19, 2026 · 10 min read · Tom Meurs
CTF and forensics skills for DevOps engineers

CTF and Forensics Skills That Make You a Better DevOps Engineer

A production server is misbehaving at 3 AM. You SSH in. Now what? The engineers who stay calm here are the ones who already know the next ten commands by heart, because they have run this exact loop a hundred times before, just with the word “flag” instead of “incident.” I spend my evenings doing Hack The Box challenges and CTF competitions. I have no plans to become a pentester. I like platform engineering. The reason I keep at it is that the skills carry straight into my day job, and the carryover is bigger than it sounds. ...

February 27, 2026 · 10 min read · Tom Meurs