← All writing
Infrastructure15 Jun 20261 min read

Building a low-overhead homelab that actually stays up

Most homelab guides optimise for how much you can run. I optimise for how little has to be running for the thing I care about to work. Every extra layer — an orchestrator I don’t need, a service mesh for three containers — is another thing that can wake me up at 2am.

The setup

The base is Rocky Linux 9 on bare metal. KVM/QEMU handles full VMs where I need kernel isolation; Docker handles everything else. No Kubernetes — at this scale it’s overhead I’d be maintaining for its own sake.

  • VMs get their own isolated virtual networks, so a compromised guest can’t see the rest of the LAN.
  • Every service is a real systemd unit, so health, restarts, and logs all go through one interface I already know.
  • Firewall rules are written by hand and version-controlled — no “allow all on the trusted interface” shortcuts.

What I’d tell my past self

If you can’t explain why a layer is there, it shouldn’t be there.

Uptime didn’t come from better hardware. It came from removing the things that were quietly failing in the background and pretending to be fine.

Reply by email →