Back to home
Private Infrastructure

Tinkertown

Formally: Tinmachi — 錬町
Machi (町, town) + Tinkā (ティンカー, tinker). My technical village.

A privately operated, production-disciplined private cloud and homelab — built from the ground up with dual segregated network zones, enterprise-grade tooling, and the same documentation standards I apply in production environments. Not a hobby project. A second job that doesn't page me at 3am.

~25
Active infrastructure nodes
3
Proxmox hypervisors
2
Segregated network zones
12+
Self-hosted services
Architecture

Dual-zone, firewall-enforced

Two physically separated network zones with explicit inter-zone policy. No implicit trust. Every service placed deliberately. A Tailscale mesh overlay provides secure management access across zones without punching holes in the firewall.

INTERNET / WAN OPNsense Firewall HAProxy · Unbound DNS · ACME · Starlink Failover APEX DMZ Hypervisors ×2 Docker Host Nextcloud · Outline · ONLYOFFICE · draw.io Ansible · PDM Backrest / Restic Netdata · Monitoring across all nodes MONARCH LAN Hypervisor + Lab Workstation (AI) Ollama · ComfyUI · ROCm (AMD GPU) UniFi · Docker Local AI inference Nightly vzdump → B2 offsite (restic) ── TAILSCALE OVERLAY MESH ──
Design Philosophy

"Boring, observable, reversible."

Stability over novelty. Every architectural decision earns its place by solving a real problem. Prefer native tooling, explicit configuration, and documented deployments over clever or opaque solutions. If something breaks, it should fail safely — not creatively.

Boring

Stable, proven tooling over bleeding-edge novelty. No added complexity without clear operational benefit. The goal is still running five years from now with minimal intervention.

Observable

Monitoring agents across both zones feed centralized dashboards. Alerting tuned by severity and context. Nothing fails silently — and alert fatigue is treated as seriously as the alerts themselves.

Reversible

Changes are snapshotted before execution. A nightly backup chain writes to offsite object storage. Recovery procedures are documented, scheduled for testing, and written for a stressed operator — not a rested one.

Technology

What it runs on

Coverage across network, compute, storage, operations, and AI — with deliberate choices at every layer and a preference for tools that will still be maintained in five years.

Network & Security
OPNsense HAProxy Unbound DNS Let's Encrypt / ACME Tailscale Cloudflare UniFi Suricata IDS Dual-WAN Failover
Compute & Virtualization
Proxmox VE KVM / QEMU LXC Containers Docker Docker Compose ZFS Bazzite Linux Debian
Self-Hosted Services
Nextcloud ONLYOFFICE Outline Wiki draw.io Netdata Proxmox Datacenter Mgr Semaphore UI Backrest
Automation & Operations
Ansible Restic Backblaze B2 Cloudflare DNS-01 GitHub PostgreSQL Redis SMTP Alerting
AI & Inference
Ollama ComfyUI ROCm (AMD GPU) Local LLM Inference GPU Passthrough Nextcloud AI Integration
On the Horizon
Intel Arc Pro GPU Proxmox Backup Server GLPI (ITSM) n8n Orchestration MCP Servers Linux EDR
Documentation

Enterprise standards, personally enforced

Every component has a wiki page. Every procedure has an SOP. The same documentation discipline I've spent a career applying to production environments — applied here, because documentation saves lives and I learned that before I ever worked in IT.

Project KMS — Knowledge Management System

The environment runs a self-hosted wiki documented to a three-tier SSOT standard. Tier 3 owns facts. Tier 2 owns relationships. Tier 1 owns narrative. A single infrastructure change should require updating exactly one tier. If it touches more than that, something structural needs fixing — not patching.

Tier 1
Executive Overview
What exists, why it exists, how it's organized. Written for orientation, not implementation.
Tier 2
Engineering Overview
Architecture decisions, topology, protocol choices, service relationships.
Tier 3
Component Detail
Exact configs, file paths, CLI commands, recovery scenarios. Authoritative source of truth.
SOPs
Procedures
Step-by-step operations with validation steps. Written for a stressed operator at 2am.