My Homelab AI Dev Platform

Published June 14, 2026 • 4 min read

I have engineered a custom AI-driven development environment within my homelab to streamline the management of my infrastructure. By integrating OpenCode Web UI with a strict Git-based workflow, I've shifted to a model where AI proposes changes, I audit them via Pull Requests (PRs), and GitOps handles the actual deployment.

The standout feature is that OpenCode operates as a persistent server, ensuring my coding sessions remain synced regardless of which device I am using.

The Evolution of Service Management

I manage roughly a dozen docker compose stacks. To modernize my deployment strategy, I migrated these to Arcane, enabling a full GitOps pipeline. The natural progression was to integrate AI to reduce the operational overhead of maintaining these services.

From Manual to Automated

Previously, my update process was tedious: ~~Manually scouring release notes $\rightarrow$ Checking for breaking changes $\rightarrow$ Updating versions $\rightarrow$ Manual verification.~~

Now, the process is optimized:

Summarization: AI condenses release notes into a quick read, making upgrades safer.
Observability: I used AI to implement health checks across most containers, drastically reducing the time it takes to identify failures.

Feature	Old Manual Process	New AI-Enhanced Process
Updates	Hours of reading docs	Minutes of AI summaries
Monitoring	Manual checks	Automated health checks
Deployment	Manual `docker compose pull`	GitOps via Arcane

The Tooling: Why OpenCode?

While I initially relied on Claude Code, the increasing constraints on token limits from AI vendors pushed me toward a more vendor-agnostic solution that integrates well with major plugins. After testing several environments, OpenCode became my top choice, specifically because it includes a built-in web server and UI.

Technical Implementation

I deployed a dedicated VM on my TrueNAS host, equipped with standard development tools. I configured the OpenCode webserver as a systemd unit to ensure it runs reliably in the background.

# Example systemd unit snippet for OpenCode
[Unit]
Description=OpenCode Web Server
After=network.target

[Service]
ExecStart=/usr/bin/opencode-server --port 8080
Restart=always
User=opencode

[Install]
WantedBy=multi-user.target

The environment is robust, featuring:

An integrated terminal and file explorer.
Native git diff visualization.
Git worktree support for simultaneous coding sessions.
An exceptionally intuitive mobile web UI for Q&A popups.

Security & Guardrails

To maintain security, I've implemented a "least privilege" model for the AI:

Identity: OpenCode has its own Git user and dedicated SSH keys.
Permissions: It can clone and push to feature branches, but it is forbidden from pushing directly to the production/deploy branch.
Isolation: The VM can access the internet and the Git server, but it has zero network access to the actual services it manages.

Because the "blast radius" is so contained, I am comfortable granting OpenCode root access within the VM for installing dependencies or build tools.

$\text{Risk} = \text{Privilege} \times \text{Connectivity}$ $\text{Since Connectivity} \approx 0, \text{ Risk is minimized.}$

"I could see this evolving into a professional developer platform: providing ephemeral containers with pre-installed tools, strict guardrails, and full audit logs. For my needs, however, this simple setup is perfect."

The Workflow

My operational loop follows a strict sequence:

Plan: Use OpenCode to draft specs, implementation plans, and self-reviews.
Verify: Test changes within the isolated VM where possible.
Iterate: Refine the code based on AI feedback.
Push: OpenCode pushes the final code to a feature branch.
Review: I open and audit the PR.
Merge: Once satisfied, I merge the PR.

The Deployment Pipeline

Once the merge occurs, GitOps takes over based on the target:

Final Reflections

The synergy between Arcane and OpenCode has been surprising. For instance, updating networking across all containers—a task that used to take hours of tracing compose files—can now be done from my phone. I simply give OpenCode a goal, review the resulting PR, and merge.

I've noted a difference between platforms: on GitHub, I can point an agent at Actions logs to diagnose linter errors or stack traces, creating a tight feedback loop. Forgejo Actions, however, doesn't expose job logs via a public API. While undocumented APIs exist, I prefer not to rely on them.

Ultimately, this architecture allows me to manage my entire home infrastructure from any device without ever granting an AI direct access to my live services.