Skip to main content

Philosophy

v3.0 is a clean-slate rebuild with institutional knowledge from v2. Every decision is deliberate, documented, and built toward future goals (Kubernetes, GitOps, HA). Where v2 evolved organically, v3 is designed intentionally.

Design Principles

PrincipleApplied In v2?v3 Commitment
Bare-metal NAS separationNo (TrueNAS as VM)Dedicated NAS host
Proxmox OS redundancyNo (single NVMe)Mirrored NVMe boot
Proper VLAN segmentation with rulesPartial (no FW rules)Full inter-VLAN firewall
UPS protectionNoRequired before power-on
Kubernetes-ready architectureNoDesigned for future k3s

Phased Build Approach

Phases are sequential. Each phase has clear entry criteria (what must be true before starting) and exit criteria (what must be true to consider the phase done). Do not skip phases.

Phase 0 — Procurement

Hardware acquisition and physical rack build

Phase 1 — Network

VLANs, firewall rules, and network foundation

Phase 2 — NAS

Unraid build and storage commissioning

Phase 3 — Proxmox

Proxmox cluster and core VM infrastructure

Phase 4 — Services

Service migration from v2 to v3

Phase 5 — Hardening

Operational hardening and validation

Phase 6 — Kubernetes

Future k3s deployment (sandbox first)

Phase Status

PhaseStatusNotes
Phase 0✅ Procurement completePhysical build in progress
Phase 1🔄 PlannedNetwork foundation
Phase 2🔄 PlannedNAS commissioning
Phase 3🔄 PlannedProxmox cluster setup
Phase 4🔄 PlannedService migration
Phase 5🔄 PlannedOperational hardening
Phase 6📋 FutureKubernetes learning environment

Entry and Exit Criteria

Every phase follows this structure:
1

Entry Criteria

Prerequisites that must be met before starting the phase
2

Tasks

Specific actions to complete during the phase
3

Exit Criteria

Validation checkpoints that confirm phase completion

Migration Strategy

v2 services stay untouched while v3 is built on new infrastructure. During Phase 4, services are migrated gradually per-service by flipping AdGuard DNS rewrites. No big-bang cutover.
  • v2 services currently live on 192.168.20.0 (Trusted VLAN)
  • v3 services are built on 192.168.30.0 (Services VLAN)
  • Services run in parallel until v3 is validated
  • DNS rewrites flip from v2 IPs to v3 IPs per-service
  • Instant rollback by reversing the DNS rewrite

Critical Requirements

UPS Required Before Power-OnThe UPS must be purchased and installed before the NAS is powered on with spinning rust drives. Power loss during a write on HDDs is a data corruption risk. This is non-negotiable.
Hardlink Rule — Downloads and MediaDownloads and media shares must always be on the same Unraid pool/filesystem. Never route downloads through cache while media lives on the array — this breaks hardlinks and causes silent duplication.

Build docs developers (and LLMs) love

Get started for freeTalk to us