Homelab AI Dev Platform: OpenCode + GitOps for Safer Container Updates

One homelab operator built an AI development platform around OpenCode's webserver mode, gating AI-generated code behind PR reviews and deploying via GitOps. The goal: reduce the manual overhead of maintaining a dozen Docker Compose stacks while keeping unreviewed code off production.
Setup
The platform runs on a simple VM on TrueNAS with basic dev tooling. OpenCode is installed as a systemd unit, exposing a web UI with a built-in terminal, file browser, Git diffs, and Git worktree support for parallel coding sessions. The server gets its own user on the Git server with dedicated SSH keys — it can clone projects and push branches, but cannot push directly to the deploy branch.
The VM has internet access and Git server connectivity, but no network access to the actual services. This minimizes blast radius, allowing the author to grant root access to OpenCode when it needs to install build tools or test dependencies.
Workflow
- Plan the feature or improvement in OpenCode: spec, implementation plan, self-reviews.
- Test or verify changes when possible.
- Iterate with OpenCode on things that need adjustment.
- OpenCode pushes changes to a feature branch.
- Owner opens and merges a PR after review.
- GitOps takes over: Arcane for Docker service changes, GitOps plugin for Home Assistant config, Cloudflare Pages workers for blog updates.
Concrete Wins
The most impactful use case so far: container updates. Previously, the author spent hours per update cycle reading release notes for each service, checking for breaking changes, running updates, and manually verifying services. Now OpenCode produces a summary of release notes in minutes, making version upgrades faster and safer. The AI has also added healthchecks to most containers, speeding up issue detection.
Missing Piece: CI Feedback
The setup lacks CI integration. On GitHub, the author would point a coding agent at Actions logs to diagnose failing tests, linter errors, stack traces, and IaC plan changes. Forgejo (the self-hosted Git server) does not expose job logs through the public API, though undocumented APIs exist. The author considers this the main gap.
Bottom Line
This is a pragmatic, security-conscious homelab AI platform. It lets the owner make infrastructure changes from any device (including phone) without giving AI direct access to production services. The friction of PR review and the sandboxed VM make it safe enough for personal use while highlighting the gap in CI feedback for self-hosted Git servers.
📖 Read the full source: HN AI Agents
👀 See Also

Claude Cowork Scheduled Task Automates Browser-Based Admin Work: A Real Use Case
Claude Cowork's scheduled tasks + Chrome extension automate affiliate network publisher approvals, saving hours weekly. Manual step: log in once per session.

Developer Reports AI Coding Challenges: Design Decisions and Real-User Debugging
A developer building an iOS app with Claude Code for 5 months reports that while the AI can generate functional code easily, making design decisions and debugging issues that only appear with real users are the most difficult parts. The app has 220k lines and real users are testing it.

Using Claude Code/Codex with OpenClaw for structured Steam Deck game optimization
A Reddit user shares a workflow using Claude Code/Codex as optimization copilots and OpenClaw as an orchestration layer to transform Steam Deck game tuning from random tweaking into a repeatable, structured process.

Non-developer builds healthcare SaaS in 3 weeks using Claude and Gemini: lessons learned
A medical device sales rep with no coding background built FastCredentials.com, a healthcare compliance credentialing platform, in three weeks using AI coding assistants. The project used Python/Django, Gunicorn, Nginx, Stripe, WeasyPrint, SQLite, and the Claude API for automated blog content.