My "homelab" is a bit of a misnomer now — the hardware lives in a colocation cabinet with upstream BGP to a /27 of public IPv4 and a /64 of IPv6 delegated to me. It is the production backbone for Piedmont Hosting and runs everything on this page.
Role: Customer VPS, game server host, CloudPanel web hosting VM, mailcow, reverse-proxy / Cloudflare Tunnel VM
Custom tooling: mkvm (KVM + cloud-init provisioning), piedmont-firewall (per-VM nftables), piedmont-snapshot, piedmont-backup + nightly virtnbdbackup cron. A libvirt qemu hook applies QoS and firewall rules on VM start.
Role: Internal services — portal app, monitoring, docs, push notifications, Pterodactyl panel
Intentionally separated from customer workloads so an R730 reboot or migration doesn't affect the portal, monitoring, or docs.
2607:1740:2000:9::/64 customer pool130.250.176.32/27 blockcloudflared daemon on the reverse-proxy VMX-Forwarded-Proto: httpscloudflared tunnel daemonstatus.piedmonthosting.com — lives off-network so it can still alert when the cabinet is the problemntfy.piedmonthosting.commkvm — full VPS provisioning: parses specs (e.g. VR4x2x40), builds a qcow2 from a distro cloud image, generates a cloud-init NoCloud seed with SSH keys and network config, creates the domain, waits for cloud-init completion, and applies bandwidth QoS. Supports Ubuntu 22/24, Debian 12, Rocky 9, Alma 9, CentOS 9, Fedora 42, openSUSE 15.6, Arch.piedmont-firewall — per-VM nftables rule generation from JSON policy files in /etc/piedmont/firewall/, applied via libvirt qemu hook on VM startpiedmont-snapshot — standalone full-copy VM snapshots, restore, deletepiedmont-backup + piedmont-backup-cron — nightly virtnbdbackup with retention policiesapply-bandwidth — traffic control (tc) QoS enforcement based on VM RAM tier10.10.50.1:5000