- HCL 100%
|
|
||
|---|---|---|
| apps | ||
| clusters/vps | ||
| IaC | ||
| infrastructure/controllers | ||
| k8s | ||
| .gitignore | ||
| README.md | ||
| renovate.json | ||
Public Lab
Welcome on my official public repository where I commit my different work on all the techno I can touch. It is mainly use in my homelab for testing, but you can also find some production things, still applicable in my homelab.
This is more a kind of journal of my tech watch and my experimentations than an open source project. You are of course welcome to fork it and do whatever you want with it but don't ask for PR as it is not a collaborative project.
As this repo is my journal, it will evolve with me and the structure and content might change a lot in the upcoming months/years.
Introduction
This repo is home of most of my personal experimentations around IT subjects I want to learn, test along my technology watch.
Here you will find some Infrastructure as Code (Ansible & OpenTofu), Kubernetes stuff (a lot), GitOps, Docker & Podman, CI/CD, Networking, Virtualization etc...
I know that's a lot, but when you are building, maintaining, fixing, improving a whole IT infrastructure from scratch to production, you have to touch a wide range of topics and master them at some point.
Hardware & Low Level Infrastructure
My lab consists of hybrid set of on prem and cloud resources.
On premise :
- Sophos XGS 3300 as firewall appliance & L3 router
- Aruba 2920 24 ports switch
- HPE Proliant DL360 Gen 11 as main compute unit
- HPE Proliant DL180 Gen 9 as SAN
- Lenovo x3550M5 as one production RKE2 master node
On cloud :
- VPS as production K3S master node
For the moment my whole infrastructure rest on a virtualization layer. On premise I use Proxmox as hypervisor and manage it through IaC (Packer OpenTofu Ansible).
All production VMs are running on Rocky 9 or OpenSuse Leap 15. In order to improve the security and performances, I'm slowly migrating the container workload to Alpine hosts or lightweight immutable OSes like OpenSuse Leap Micro.
Hosted Apps & Tools
Public facing apps
| Logo | Name | Description | Host | Host Type |
|---|---|---|---|---|
| Ghost | Blazing fast blog engine | Proxmox Home | Docker | |
| Forgejo | Git repo, fork of Gitea | Proxmox Home | Docker | |
| Linkding | Lightweight bookmark manager | VPS | K3S | |
| Rallly | Lightweight Doodle like app | VPS | K3S |
Personal apps
| Logo | Name | Description | Host | Host Type |
|---|---|---|---|---|
| Plex server | Local streaming service | Proxmox Home | VM | |
| *arr stack | Linux ISOs torrent management stack | Proxmox Home | Docker | |
| MeTube | Web interface for YT-DLP | Proxmox Home | Docker | |
| Unifi controller | Web management console for my Unifi AP | Proxmox Home | VM | |
| PiHole | DNS relay & add blocker | Proxmox Home | VM | |
| Paperless NGX | Documents management | Proxmox Home | Docker |
Kubernetes
As a DevOps engineer, it is my duty to constantly learn and master Kubernetes. So even if I do not need it particularly, I have a single node K3S.
This is a simple setup and yet controlled through GitOps. From Git repo to deployments everything is self hosted.
Whenever Renovate finds a tag to update in the manifests, it creates a PR then after I merge it Flux by reconciliating the cluster state to the manifests will roll out the updated containers in new pods automatically.
Networking
Network engineering always was my main weakness, but with my infrastructure growing and becoming more complex with time, I had to improve my network and learn how to properly set it up.
First improvement was to use VLAN and design a proper network infrastructure to support production and public hosting without compromising my LAN area.
In order to learn advanced I wanted to do a 3 layers network but as it is costly in terms of hardware and especially in configuration/maintainance hours I limited the network to 2 layers and all the L3 routing is done at router/firewall level (I wouldn't gain much performance by doing it at switch level compared to the config time I would spend).
[WIP network schema to come]
Storage
Storage is handled by TrueNAS on the DL180 G9 hardware. It was originally on Core and updated to Scale recently. Data is shared through iSCSI, SMB and NFS shares.