mafyuh/iac
Archived
1
0
Fork 0
Code Issues6 Pull requests9 Projects1 Wiki Activity Actions
IaC for my homelab
iac
This repository has been archived on 2025-03-03. You can view files and clone it, but cannot push or open issues or pull requests.
1578 commits 11 branches 0 tags 4.4 MiB
HCL 100%
Find a file
mafyuh a273335c97 Update README.md
2025-02-22 02:46:27 -05:00
.forgejo/workflows test fix cd multiple hosts 2025-02-14 02:40:09 -05:00
.github fix renovate 2025-02-19 00:48:31 -05:00
ansible test fix cd multiple hosts 2025-02-14 02:40:09 -05:00
docker ⬆️ Update ghcr.io/linuxserver/kasm Docker digest to 64da6db 2025-02-20 22:15:19 -05:00
kubernetes Update kubernetes/apps/production/arr/sabnzbd/helmrelease.yaml 2025-02-21 18:14:57 -05:00
packer update for kubernetes 2025-02-08 13:43:47 -05:00
terraform ⬆️ Update Terraform proxmox to v0.71.0 2025-02-14 02:24:33 -05:00
.gitignore init add kubernetes 2025-02-07 23:11:48 -05:00
README.md Update README.md 2025-02-22 02:46:27 -05:00

README.md

Yamllint CD Ansible Tofu Renovate Pulls Header Image

iac (wip)

This is my homelab infrastructure, defined in code.

Hypervisor OS Tools VPS (arm) Firewall Misc. Automations
Proxmox Debian Ubuntu Forgejo Docker Kubernetes Renovate OpenTofu Packer Ansible Oracle pfSense n8n Actions

📖 Overview

This repository contains the IaC (Infrastructure as Code) configuration for my homelab.

Most of my homelab runs on Proxmox, with VMs managed and maintained using OpenTofu. All VMs are cloned from templates I created with Packer.

All services are containerized, either managed with Docker Compose or orchestrated with Kubernetes (K3s). Over time, Ive been migrating everything to Kubernetes using GitOps practices, which is my long-term goal.

To automate infrastructure updates, I use Forgejo Actions, which trigger workflows upon changes to this repo. This ensures seamless deployment and maintenance across my homelab:

  • Flux manages Continuous Deployment (CD) for Kubernetes, bootstrapped via OpenTofu.
  • Docker CD Workflow handles Continuous Deployment for Docker services.
  • Renovate keeps services updated by opening PRs for new versions.
  • Yamllint ensures configuration files are properly structured.

For Secret management I use Bitwarden Secrets and their various integrations into the tools used.

Kubernetes is using SOPS with Age encryption until migration over to Bitwarden Secrets.

I use Oracle Cloud for their Always-Free VM's and deploy Docker services that require uptime here (Uptime Kuma, this website). Twingate is used to connect my home network to the various VPS's securely using Zero Trust architecture.

I use Cloudflare for my DNS provider with Cloudflare Tunnels to expose some of the services to the world. Cloudflare Access is used to restrict the access to some of the services, this is paired with Fail2Ban looking through all my reverse proxy logs for malicious actors who made it through Access and banning them via Cloudflare WAF.

🧑‍💻 Getting Started

This repo is not structured like a project you can easily replicate. Although if you are new to any of the tools used I encourage you to read through the directories that make up each tool to see how I am using them.

Over time I will try to add more detailed instructions in each directories README.

🖥️ Hardware

Name Device CPU RAM Storage Purpose
Arc-Ripper Optiplex 3050 Intel i5-6500 32 GB DDR4 1TB NVMe Jellyfin Server, Blu-ray Ripper
PVE Node 1 Custom Intel i7-9700K 64 GB DDR4 NVMe for boot and VMs, 4x4TB HDD RaidZ10 Main node with most VMs, NAS
PVE Node 2 Custom Intel i7-8700K 64 GB DDR4 1x2TB NVMe More VMs

To-Do

See Project Board