You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+14-6
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ This is my homelab infrastructure, defined in code.
23
23
24
24
</div>
25
25
26
-
## π Overview
26
+
## π **Overview**
27
27
This repository contains the IaC ([Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code)) configuration for my homelab.
28
28
29
29
Most of my homelab runs on **Proxmox**, with VMs managed and maintained using [OpenTofu](https://opentofu.org/). All VMs are cloned from templates I created with [Packer](https://www.packer.io/).
@@ -38,17 +38,25 @@ To automate infrastructure updates, I use **Forgejo Actions**, which trigger wor
38
38
-**[Yamllint](https://github.com/adrienverge/yamllint)** ensures configuration files are properly structured.
39
39
-**[Ansible](https://github.com/ansible/ansible)** is used to execute playbooks on all of my VMs, automating management and configurations
40
40
41
-
### Security & Networking
41
+
### π **Security & Networking**
42
42
For Secret management I use [Bitwarden Secrets](https://bitwarden.com/products/secrets-manager/) and their various [integrations](https://bitwarden.com/help/ansible-integration/) into the tools used.
43
43
> Kubernetes is using SOPS with Age encryption until migration over to Bitwarden Secrets.
44
44
45
45
I use **Oracle Cloud** for their [Always-Free](https://www.oracle.com/cloud/free/) VM's and deploy Docker services that require uptime here (Uptime Kuma, this website). [Twingate](https://www.twingate.com/) is used to connect my home network to the various VPS's securely using [Zero Trust architecture](https://en.wikipedia.org/wiki/Zero_trust_architecture).
46
46
47
-
I use **Cloudflare** for my DNS provider with **Cloudflare Tunnels** to expose some of the services to the world. **Cloudflare Access** is used to restrict the access to some of the services, this is paired with **Fail2Ban** looking through all my reverse proxy logs for malicious actors who made it through Access and banning them via **Cloudflare WAF**.
47
+
I use **Cloudflare** for my DNS provider with **Cloudflare Tunnels** to expose some of the services to the world. **Cloudflare Access** is used to restrict the access to some of the services, this is paired with **Fail2Ban** looking through all my reverse proxy logs for malicious actors who made it through **Access** and banning them via **Cloudflare WAF**.
48
48
49
49
For my home network I use **PfSense** with VLAN segmentation and strict firewall rules to isolate public-facing machines, ensuring they can only communicate with the necessary services and nothing else.
50
50
51
-
## π§βπ» Getting Started
51
+
### **π Monitoring & Observability**
52
+
I use a combination of **Grafana, Loki, and Prometheus** with various exporters to collect and visualize system metrics, logs, and alerts. This helps maintain visibility into my infrastructure and detect issues proactively.
53
+
54
+
-**Prometheus** β Metrics collection and alerting
55
+
-**Loki** β Centralized logging for containers and VMs
56
+
-**Grafana** β Dashboarding and visualization
57
+
-**Exporters** β Node Exporter, cAdvisor, Blackbox Exporter, etc.
58
+
59
+
## π§βπ» **Getting Started**
52
60
This repo is not structured like a project you can easily replicate. Although if you are new to any of the tools used I encourage you to read through the directories that make up each tool to see how I am using them.
53
61
54
62
Over time I will try to add more detailed instructions in each directories README.
@@ -62,7 +70,7 @@ Some good references for how I learned this stuff (other than RTM)
0 commit comments