Homelab
What runs in my living room,survives production.
My homelab is not a toy — it is the test environment for everything I build professionally. Self-hosted, self-monitored, in daily use.
- Hosts
- 11
- Storage
- 12.7 TB ZFS
- Cluster
- 3-node k3s
- Containers
- 50+
Stack
What runs here.
01
Virtualisation
Proxmox plus a 3-node k3s cluster — highly available with embedded etcd, deployments via ArgoCD
02
Storage
TrueNAS on ZFS — 12.7 TB, snapshots, all data and media in one place
03
Network
OPNsense as the firewall, Tailscale as the overlay network, my own domain behind Traefik v3
04
Automation
n8n for recurring workflows — notifications, sync jobs, maintenance
05
Monitoring
Prometheus, Grafana, Loki and Gatus — metrics, logs and uptime in one place
How I work
My own agent setup.
I don't sell AI I don't run myself. My daily work goes through an orchestrated system of several agents — with clear roles, budgets and handovers. These are exactly the patterns I bring into projects.
01
Paperclip
Governance · Experiment
The control plane: assigns goals and budgets to the agents, keeps an audit trail and approval gates. Currently a paused experiment — the concept stands, operations are on hold.
02
Hermes
Orchestrator
My central agent with persistent memory — a second brain for homelab, business and personal life. Takes requests via chat, calls tools, controls my own infrastructure.
03
OpenClaw
Gateway
The executing worker at the gate: receives commands from Slack and Telegram and triggers approved actions. The reliable employee that gets its hands dirty.
04
Claude · OpenCode
Engines
The actual reasoning and coding engines underneath it all. Claude for complex, multi-step work; OpenCode for fast, cheap routine — every task on the right model.
The chain
- Chat — Slack / Telegram
- Paperclip — goals, budgets, approvals
- Hermes — orchestration + memory
- OpenClaw — execute actions
- Claude / OpenCode — reasoning + code
- My own infrastructure
The same principles — roles, guardrails, review steps, small diffs — are what I bring into client projects.
Architecture
The path of a request.
One entrance, clear paths: commands run through the gateway to the engines and — only via approved scripts — onto my own infrastructure. Hermes orchestrates alongside with its own memory.
OpenClaw
The gateway in detail.
OpenClaw is the worker at the gate of my infrastructure. It is one of two orchestrators: Hermes runs alongside it as an independent system — with its own channel and persistent memory on its own database.
01
One entrance for everything
Commands arrive via Slack, with Telegram as the fallback. Behind it sits a gateway that starts coding agents, runs approved action scripts over SSH and brings its own skills.
02
Self-healing
A heartbeat checks its own state. If something fails, the service restarts — alerts only fire on state changes, not on every heartbeat.
03
Persistent memory
The agent forgets nothing between sessions: notes, states and open items are reloaded on every start.
04
Multi-provider fallback
If one model provider goes down, the next one takes over. Four providers sit in the chain — operations depend on none of them alone.
05
Scheduled maintenance
CLI updates, connectivity checks and self-restarts run on a schedule. The agent maintains a good part of itself.
Security
The security model.
- Network isolation
- All hosts are only reachable through the Tailscale network — none of it is exposed to the open internet.
- Service account
- The agent runs under its own user and may only execute approved scripts.
- SSH keys
- One dedicated key per host — no master key for everything.
- Secrets
- API keys and tokens live in the password manager and the environment, not in code.
Operations
Small solutions that hold.
- Laptops as nodes
- Two cluster nodes are retired laptops — lid closed, headless, the battery is the built-in UPS.
- Power on demand
- Storage wakes via Wake-on-LAN when needed; the media stack shuts down automatically at night.
- Maintenance windows
- Updates and checks run at fixed times — planned, not when something is already on fire.
I don't sell AI I don't run myself.
What comes out of it lives under Work and in the Journal (German). For everything else — [email protected].