diff --git a/README.md b/README.md index c71a796..7c69af7 100644 --- a/README.md +++ b/README.md @@ -17,9 +17,9 @@ This is my homelab infrastructure, defined in code. <div align="center"> -| Hypervisor | OS | Tools | VPS (arm) | Firewall | Misc. Automations | -|---|---|---|---|---|---| -| [](https://www.proxmox.com) | [](https://www.debian.org/) [](https://releases.ubuntu.com/noble/) | [](https://forgejo.org/) [](https://www.docker.com/) [](https://k3s.io/) [](https://github.com/renovatebot/renovate) [](https://opentofu.org/) [](https://www.packer.io/) [](https://www.ansible.com/) | [](https://www.oracle.com/cloud/) | [](https://www.pfsense.org/) | [](https://n8n.io/) [](https://forgejo.org/docs/latest/user/actions/) +| Hypervisor | OS | Tools | Firewall | Misc. Automations | +|---|---|---|---|---| +| [](https://www.proxmox.com) | [](https://www.debian.org/) [](https://releases.ubuntu.com/noble/) | [](https://forgejo.org/) [](https://www.docker.com/) [](https://k3s.io/) [](https://github.com/renovatebot/renovate) [](https://opentofu.org/) [](https://www.packer.io/) [](https://www.ansible.com/) | [](https://www.pfsense.org/) | [](https://n8n.io/) [](https://forgejo.org/docs/latest/user/actions/) </div> @@ -38,18 +38,29 @@ To automate infrastructure updates, I use **Forgejo Actions**, which trigger wor - **[Yamllint](https://github.com/adrienverge/yamllint)** ensures configuration files are properly structured. - **[Ansible](https://github.com/ansible/ansible)** is used to execute playbooks on all of my VMs, automating management and configurations -For Secret management I use [Bitwarden Secrets](https://bitwarden.com/products/secrets-manager/) and their various integrations into the tools used. +### Security & Networking +For Secret management I use [Bitwarden Secrets](https://bitwarden.com/products/secrets-manager/) and their various [integrations](https://bitwarden.com/help/ansible-integration/) into the tools used. > Kubernetes is using SOPS with Age encryption until migration over to Bitwarden Secrets. I use **Oracle Cloud** for their [Always-Free](https://www.oracle.com/cloud/free/) VM's and deploy Docker services that require uptime here (Uptime Kuma, this website). [Twingate](https://www.twingate.com/) is used to connect my home network to the various VPS's securely using [Zero Trust architecture](https://en.wikipedia.org/wiki/Zero_trust_architecture). I use **Cloudflare** for my DNS provider with **Cloudflare Tunnels** to expose some of the services to the world. **Cloudflare Access** is used to restrict the access to some of the services, this is paired with **Fail2Ban** looking through all my reverse proxy logs for malicious actors who made it through Access and banning them via **Cloudflare WAF**. +For my home network I use **PfSense** with VLAN segmentation and strict firewall rules to isolate public-facing machines, ensuring they can only communicate with the necessary services and nothing else. + ## 🧑💻 Getting Started This repo is not structured like a project you can easily replicate. Although if you are new to any of the tools used I encourage you to read through the directories that make up each tool to see how I am using them. Over time I will try to add more detailed instructions in each directories README. +Some good references for how I learned this stuff (other than RTM) +- [Kubernetes Cluster Setup](https://technotim.live/posts/k3s-etcd-ansible/) +- [Kubernetes + Flux](https://technotim.live/posts/flux-devops-gitops/) +- [Kubernetes Secrets with SOPS](https://technotim.live/posts/secret-encryption-sops/) +- [Packer with Proxmox](https://www.youtube.com/watch?v=1nf3WOEFq1Y) +- [Terraform with Proxmox](https://www.youtube.com/watch?v=dvyeoDBUtsU) +- [Docker](https://www.youtube.com/watch?v=eGz9DS-aIeY) +- [Ansible](https://www.youtube.com/watch?v=goclfp6a2IQ) ## 🖥️ Hardware