Uses
A living list of the hardware, software, and services that run the lab and this site. It spans two sites — a colocation allocation at Equinix ME1 and home in Melbourne — and is the practical backing for most of what gets written here.
Things I sign up for and recommend are linked from the Referral Links page.
Topology
flowchart LR
subgraph COLO["Equinix ME1 — Colocation"]
P1["Proxmox VE — public-facing"]
PBS1["Proxmox Backup Server"]
end
subgraph HOME["Melbourne — Home"]
P2["Proxmox VE — storage / media"]
PBS2["PBS — offsite target"]
end
P1 <-->|IPSec site-to-site| P2
P1 -.->|Tailscale overlay| P2
PBS1 -->|cross-site offload| PBS2
The colo handles anything that needs to be externally reachable, on reliable power and internet. Home is for bulk storage, media, and acting as an offsite backup target. Nothing has to be exposed publicly just to be reachable from the other side.
Compute & Virtualisation
- Proxmox VE — hypervisor on both sites, running VMs and LXC containers.
- Self-hosted GitHub Actions runners — CI/CD workloads close to the lab.
Storage & Backup
- Proxmox Backup Server — scheduled VM and LXC backups with cross-site offloading, so a failure at one site is recoverable from the other.
- LVM — the disk and volume layer underneath most of the above.
Identity & Secrets
- HashiCorp Vault — centralised secrets for CI/CD pipelines and self-hosted services, including secret injection into Docker containers.
- Authentik — SSO across self-hosted services, managed in Terraform.
Automation & IaC
- Terraform — DNS, Vault policies, GitHub Actions roles, and Authentik configuration, all version-controlled.
- GitHub Actions — validate / plan on PRs, apply on merge to
main. - Cloudflare — DNS, managed as code.
Networking
- IPSec — site-to-site tunnel between colo and home.
- Tailscale — management access and node-to-node connectivity layered on top.