Update README.md
This commit is contained in:
parent
5dff719ba7
commit
a273335c97
1 changed files with 40 additions and 3 deletions
43
README.md
43
README.md
|
|
@ -9,19 +9,56 @@
|
|||
|
||||
# iac (wip)
|
||||
|
||||
Currently migrating [Auto-Homelab](https://git.mafyuh.dev/mafyuh/Auto-Homelab), [Iac-Homelab](https://git.mafyuh.dev/mafyuh/IaC-Homelab), [ansible-playbooks](https://git.mafyuh.dev/mafyuh/ansible-playbooks) and [kub](https://git.mafyuh.dev/mafyuh/kub) repos into this one.
|
||||
This is my homelab infrastructure, defined in code.
|
||||
|
||||
This is my homelab, defined in code.
|
||||
</div>
|
||||
|
||||
---
|
||||
|
||||
<div align="center">
|
||||
|
||||
| Hypervisor | OS | Tools | VPS (arm) | Firewall | Misc. Automations |
|
||||
|---|---|---|---|---|---|
|
||||
| [](https://www.proxmox.com) | [](https://releases.ubuntu.com/jammy/) [](https://releases.ubuntu.com/noble/) | [](https://forgejo.org/) [](https://www.docker.com/) [](https://github.com/renovatebot/renovate) [](https://opentofu.org/) [](https://www.packer.io/) [](https://www.ansible.com/) | [](https://www.oracle.com/cloud/) | [](https://www.pfsense.org/) | [](https://n8n.io/)
|
||||
| [](https://www.proxmox.com) | [](https://www.debian.org/) [](https://releases.ubuntu.com/noble/) | [](https://forgejo.org/) [](https://www.docker.com/) [](https://k3s.io/) [](https://github.com/renovatebot/renovate) [](https://opentofu.org/) [](https://www.packer.io/) [](https://www.ansible.com/) | [](https://www.oracle.com/cloud/) | [](https://www.pfsense.org/) | [](https://n8n.io/) [](https://forgejo.org/docs/latest/user/actions/)
|
||||
|
||||
</div>
|
||||
|
||||
## 📖 Overview
|
||||
This repository contains the IaC ([Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code)) configuration for my homelab.
|
||||
|
||||
Most of my homelab runs on **Proxmox**, with VMs managed and maintained using [OpenTofu](https://opentofu.org/). All VMs are cloned from templates I created with [Packer](https://www.packer.io/).
|
||||
|
||||
All services are **containerized**, either managed with **Docker Compose** or **orchestrated with Kubernetes ([K3s](https://k3s.io/))**. Over time, I’ve been migrating everything to Kubernetes using **[GitOps](https://en.wikipedia.org/wiki/DevOps) practices**, which is my long-term goal.
|
||||
|
||||
To automate infrastructure updates, I use **Forgejo Actions**, which trigger workflows upon changes to this repo. This ensures seamless deployment and maintenance across my homelab:
|
||||
|
||||
- **[Flux](https://fluxcd.io/)** manages Continuous Deployment (CD) for Kubernetes, bootstrapped via [OpenTofu](https://git.mafyuh.dev/mafyuh/iac/src/branch/main/terraform/flux/main.tf).
|
||||
- **[Docker CD Workflow](https://git.mafyuh.dev/mafyuh/iac/src/branch/main/.forgejo/workflows/CD.yml)** handles Continuous Deployment for Docker services.
|
||||
- **[Renovate](https://github.com/renovatebot/renovate)** keeps services updated by opening PRs for new versions.
|
||||
- **[Yamllint](https://github.com/adrienverge/yamllint)** ensures configuration files are properly structured.
|
||||
|
||||
For Secret management I use [Bitwarden Secrets](https://bitwarden.com/products/secrets-manager/) and their various integrations into the tools used.
|
||||
> Kubernetes is using SOPS with Age encryption until migration over to Bitwarden Secrets.
|
||||
|
||||
I use **Oracle Cloud** for their [Always-Free](https://www.oracle.com/cloud/free/) VM's and deploy Docker services that require uptime here (Uptime Kuma, this website). [Twingate](https://www.twingate.com/) is used to connect my home network to the various VPS's securely using [Zero Trust architecture](https://en.wikipedia.org/wiki/Zero_trust_architecture).
|
||||
|
||||
I use **Cloudflare** for my DNS provider with **Cloudflare Tunnels** to expose some of the services to the world. **Cloudflare Access** is used to restrict the access to some of the services, this is paired with **Fail2Ban** looking through all my reverse proxy logs for malicious actors who made it through Access and banning them via **Cloudflare WAF**.
|
||||
|
||||
## 🧑💻 Getting Started
|
||||
This repo is not structured like a project you can easily replicate. Although if you are new to any of the tools used I encourage you to read through the directories that make up each tool to see how I am using them.
|
||||
|
||||
Over time I will try to add more detailed instructions in each directories README.
|
||||
|
||||
|
||||
## 🖥️ Hardware
|
||||
|
||||
| Name | Device | CPU | RAM | Storage | Purpose |
|
||||
|------------|--------------|----------------|-------------|--------------------------------|--------------------------------|
|
||||
| Arc-Ripper | Optiplex 3050 | Intel i5-6500 | 32 GB DDR4 | 1TB NVMe | Jellyfin Server, Blu-ray Ripper |
|
||||
| PVE Node 1 | Custom | Intel i7-9700K | 64 GB DDR4 | NVMe for boot and VMs, 4x4TB HDD RaidZ10 | Main node with most VMs, NAS |
|
||||
| PVE Node 2 | Custom | Intel i7-8700K | 64 GB DDR4 | 1x2TB NVMe | More VMs |
|
||||
|
||||
|
||||
## To-Do
|
||||
See [Project Board](https://git.mafyuh.dev/mafyuh/iac/projects/2)
|
||||
|
||||
|
|
|
|||
Reference in a new issue