Hardware: M70q + 60-Month Plan

The physical hardware basecamp runs on. ThinkCentre M70q Gen 5 mini PC. Three upgrades across 60 months. Total cost over the program: ~$700-1000.

This doc is the hardware spec sheet for the entire 5-year program. It lands pre-Phase-1 — the box has to exist before Phase 1 (OS Foundations) can begin — and it sets the budget envelope every year planner builds against.

The thesis is small-but-real: a 1-litre mini PC is enough to run basecamp through Year 3, with two RAM upgrades (16→32 at Month 10, 32→64 at Month 25) tracking the curriculum’s growth. The Master Plan hardware section summarises the spend curve; this page is the SKU-level detail you actually buy from.

---

Initial spec (Month 1)

Lenovo ThinkCentre M70q Gen 5
  CPU:         Intel Core i5-13500T (14C/20T)
  RAM:         16GB DDR5 (1× 16GB SODIMM, 1 free slot)
  Storage:     256GB NVMe (M.2 2280)
  GPU:         integrated UHD 770 (no discrete GPU)
  Network:     1× RJ45, WiFi 6, Bluetooth 5.2
  Form factor: 1L (small footprint)
  Power:       65W TDP / typical 25-40W

Network:
  TP-Link Archer AX3000
    LAN side:   gigabit, WiFi 6
    WAN side:   DITO 5G (cellular)

Cost (Month 1):  ~$450 (M70q used) + ~$80 (router) = ~$530

The M70q sits on a desk. Proxmox runs on the bare metal. All ROOT phases (Y1-Y3) work on this exact box.

Buy used, leave a slot free

The M70q ships with one SODIMM slot occupied and one empty — that’s the upgrade path. Buying used (off-lease corporate stock) is how the $450 number works; new retail is closer to $700-900. Confirm the second SODIMM slot is empty and the M.2 2280 slot supports NVMe before you commit. Skimping here means re-buying RAM at Month 10 instead of just adding to it.

---

IP plan

192.168.0.1     TP-Link router
192.168.0.10    bastion VM (ubuntu user)
192.168.0.50    M70q Proxmox host (root user)
192.168.0.51-59 reserved for K3s nodes
192.168.0.60-79 reserved for app VMs (Postgres, MinIO, etc.)
192.168.0.80-99 reserved for ephemeral VMs (test, debug, exam scenarios)

Static IPs via DHCP reservations on the router. Reserve everything up front — by the time Phase 7 lands K3s, you don’t want to be re-numbering. The 80-99 range exists specifically for root-exam scenarios and Phase 7 incident-response practice — VMs that come and go without polluting the permanent address space.

---

Upgrades by month

The hardware grows with the program. Three upgrade points:

MONTH 10 — Kubernetes phase prep
  + 1× 16GB DDR5 SODIMM    →  32GB total
  + 1TB external NVMe SSD  (USB-C; for Iceberg + container images)
  Cost: ~$120-140

  Why now: Phase 7 (K8s) won't fit in 16GB. K3s + ArgoCD + Postgres + Redis + Prometheus stack
  consumes ~12GB. Adding 16GB gives you headroom for triage + first basecamp services.

MONTH 25 — Year 3 prep (data layer)
  + 1× 32GB DDR5 SODIMM    →  64GB total
  - sell the 16GB kit on Marketplace for ~$40
  Cost: ~$150-200 net

  Why now: Year 3 lands MinIO + Iceberg + Spark + Airflow + Trino + Loki + JupyterHub.
  None of that fits in 32GB.

MONTH 49 — Year 5 optional (multi-node)
  + second M70q (used; same spec)        ~$200-300
  + 8-port unmanaged switch              ~$25
  Cost: ~$225-325

  Why optional: lets you test multi-node K8s realism. Year 5 capstone runs fine on one node;
  the second node makes the platform-as-product story stronger (real multi-node basecamp,
  not "K3s with one host"). Skip if budget is tight.

Cumulative hardware spend, end of Y5: ~$700-1000.

Don’t pre-buy the upgrades

It’s tempting to buy 64GB on Day 1 and skip the upgrade dance. Don’t. The Month-10 and Month-25 upgrades are gates — they force you to feel the resource pressure that motivates Kubernetes’ scheduling, eviction, and resource-request patterns. Operating a 16GB box through Phases 1-6 teaches you what “constrained” means in a way 64GB-from-Day-1 will not. The upgrades are part of the curriculum.

---

Storage layout

M70q internal NVMe (256GB):
  / (Proxmox)         100GB
  vm-disks            150GB  (bastion, postgres, k3s nodes — small)
  swap                  6GB

External SSD (1TB, added Month 10):
  /mnt/data           used for Iceberg / MinIO / container images / large VM disks
                      — anything that grows quickly

Backup: weekly snapshot of bastion + Postgres VMs to the external SSD (zfs send via cron). The Proxmox doc covers the actual vzdump script and retention policy — see proxmox.md.

The 256GB NVMe fills faster than you expect

Container image layers, K3s ephemeral storage, and Postgres WAL all eat the internal disk. Put anything that grows on the external SSD from Month 10 onward — Iceberg datasets, MinIO buckets, Loki chunks, Helm chart caches. Run df -h and zfs list weekly during Phase 7; a Proxmox host that hits 90% disk usage starts misbehaving in non-obvious ways (snapshot creation fails, VM start hangs).

---

Network notes

WAN: DITO 5G cellular (consumer plan, dynamic IP, NAT'd)

Implication: no inbound port-forwarding works reliably.
  → Tailscale (or WireGuard equivalent) for remote access
  → Cloudflare Tunnel for any public-facing services
  → All Cloudflare Access / Pages flows tunnel through Cloudflare's network

Internal: gigabit + WiFi 6
  → DHCP reservations for static IPs (see IP plan above)
  → No VLANs (homelab; not worth it)
  → nftables on bastion for default-deny posture from Phase 2

The cellular WAN is a constraint, not a defect — it forces the Tailscale + Cloudflare Tunnel pattern that’s how real platforms expose services without trusting the network. By the time Phase 7 lands, the same pattern (zero inbound, tunneled egress) is how triage reaches the internet.

---

Power + heat

Idle:           ~10W
Typical (Y1):   ~25-30W (light VMs running)
Heavy (Y4-Y5):  ~40-55W (Spark + Flink + agents)

Daily kWh:      ~0.6-1.3 kWh
Monthly cost:   ~$3-7 at PHP rates

Heat: M70q runs warm under sustained load. Keep on a hard surface, not blocking the vent.
      Year 4 GPU work is cloud-only — no heat headache at home.

If you live in a hot climate without aircon, expect the M70q to throttle under sustained Spark/Flink load in Year 3 onward. Monitor sensors output during long jobs; if package temps stay above 90°C, raise the box on a stand for airflow.

---

What’s NOT in the homelab (deliberately)

• No GPU. ROOT’s GPU work (Y4 P25) is cloud spot only. Buying a GPU for “real LLM training” is a $1,000-3,000 mistake when cloud spot gives you the patterns for $50/year.
• No NAS box. External SSD for now. If basecamp’s storage tier outgrows 1TB, then consider — but that’s a Year 4-5 decision, not pre-planned.
• No rack. A desk-side mini PC is the whole infrastructure. Rack-mount is a budget + space sink with no learning value.

---

Cross-references

• proxmox.md — what’s installed on the M70q
• Phase 1 prerequisites: Year 1 Phase 1
• Phase 7 hardware gate: Year 1 Phase 7 (32GB upgrade required)
• Phase 14 hardware gate: Year 3 Phase 14 (64GB upgrade required)