Skip to content

Infrastructure

Production-style infrastructure built on a single enterprise-class server running a full virtualization stack. The platform hosts continuous workloads across isolated virtual machines, a VLAN-segmented network, and tiered ZFS storage — operated as a production environment with monitoring, change management, and snapshot-based recovery.

Platform at a Glance

ComponentDetails
ComputeDell PowerEdge T620 — Dual Xeon E5-2670 v2, 128 GB ECC RAM
HypervisorKVM/libvirt — ~10 continuously operating VMs
StorageZFS — SAS SSD system pool, SSD RAIDZ1 VM pool, HDD RAIDZ1 data pool + L2ARC
NetworkpfSense firewall — 8 VLAN-segmented networks, 10GbE primary switching with 1GbE failover connectivity
AutomationHome Assistant coordinating a multi-room Zigbee mesh and custom ESP32-H2 firmware

Architecture Overview 

              ┌─────────────────────────────────────────────────────────────────────────────────┐
              │                               Dell PowerEdge T620                               │
              │                                                                                 │
  Internet    │  ┌────────────────┐     ┌──────────────────────────────────────────────┐        │
     │        │  │  pfSense VM    │     │         Virtual Machines                     │        │
     └─passthru──▶                │     │                                              │        │
       (WAN NIC) │  WAN │  LAN    │     │  Core Infrastructure                         │        │
              │  │                │     │  Application Services                        │        │
              │  └────────────────┘     │  Media Services                              │        │
              │                         └──────────────────────────────────────────────┘        │
              │    Primary Path 10GbE                                      Failover Path 1GbE   │
              └─┬─────────────────────┬──────────────────────────────────────┬────────────┬─────┘
                │                     │                                      │            │
             pfSense                Host                                  pfSense       Host
              10GbE                 10GbE                                  1GbE         1GbE
            (primary)             (primary)                             (failover)   (failover)
                │                     │                                      │            │
┌───────────────▼─────────────────────▼───────────────────────────────┐  ┌───▼────────────▼─────────────────────────────────┐
│     Netgear GS752TXS — 10GbE Core Switch                            ├──┤   Netgear GS752TP — 1GbE PoE Switch              │
│     (SFP+ uplinks, VLAN trunking)                                   ├──┤   (Access + Failover Path)                       │
└─────────────────────────────────────────────────────────────────────┘  └──────────────────────────────────────────────────┘
                                                                       ↑ dual uplinks

pfSense runs as a virtual machine with physical NICs passed directly through — one dedicated WAN interface, one dedicated LAN trunk — providing firewall behavior equivalent to a dedicated hardware appliance.

Storage Architecture 

┌─────────────────────────────────────────────────────────────────┐
│                        ZFS Storage Tiers                        │
├──────────────────┬──────────────────┬───────────────────────────┤
│   System Pool    │   VM Pool        │   Data Pool               │
│                  │                  │                           │
│   SAS SSD        │   Enterprise     │   NAS HDD (RAIDZ1)        │
│   (single disk)  │   SATA SSD       │   + SSD L2ARC cache       │
│                  │   (RAIDZ1)       │                           │
│   OS, hypervisor │   VM zvols,      │   Bulk data, media,       │
│   configuration  │   service data   │   replicated infra        │
└──────────────────┴──────────────────┴───────────────────────────┘

Pools are separated by workload class — isolating OS stability from VM I/O, and VM performance from bulk data operations.

Sections

Compute Platform
Dell PowerEdge T620, KVM/libvirt virtualization, VM workload isolation, PCI passthrough
Storage Architecture
Tiered ZFS pools, RAIDZ1 layouts, snapshot strategy, ZFS replication
Network Architecture
8-VLAN segmentation, pfSense with NIC passthrough, 10GbE/1GbE topology

Automation Platform

Home Assistant coordinates a multi-room Zigbee mesh network alongside custom ESP32-H2 firmware running on purpose-built presence sensors and LED controllers. Both firmware projects are released via automated GitHub Actions pipelines — pushing a version tag builds the firmware, packages it as a Zigbee OTA image, publishes a GitHub release, and updates the OTA index served to Zigbee2MQTT. Devices receive update notifications in Home Assistant automatically.

Monitoring and Observability

Service availability, hardware health, and storage status are monitored continuously. ZFS pool status and scrub results are tracked alongside SMART disk health data to detect pre-failure conditions before data loss occurs. Replication success and network connectivity are verified on a regular schedule. Monitoring services run within the same infrastructure environment they observe, ensuring operational visibility even during partial system failures.

Operational Practices

Changes to production VMs follow a validation process before permanent adoption, with ZFS snapshots providing a rollback point before significant changes. ZFS scrubs run on a scheduled basis to verify on-disk data integrity across all pools. GitHub Actions automates firmware release packaging and distribution, removing manual steps from the release process. Infrastructure management scripts emphasize transparency — short, readable, auditable operations rather than complex automation frameworks.