| Hypervisor | OS | Tools | Networking | Misc. Automations |
|---|---|---|---|---|
 |
   |
       |
 |
  |
This repository contains the IaC (Infrastructure as Code) configuration for my homelab.
Most of my homelab runs on Proxmox, with VMs managed and maintained using OpenTofu. All VMs are cloned from templates I created with Packer.
All services are containerized, either managed with Docker Compose or orchestrated with Kubernetes (K3s). Over time, I’ve been migrating everything to Kubernetes using GitOps practices, which is my long-term goal.
To automate infrastructure updates, I use Github Actions, which trigger workflows upon changes to this repo. This ensures seamless deployment and maintenance across my homelab:
- Flux manages Continuous Deployment (CD) for Kubernetes, bootstrapped via OpenTofu.
- Docker CD Workflow handles Continuous Deployment for Docker services.
- Renovate keeps services updated by opening PRs for new versions.
- super-linter ensures configuration files are properly structured.
- Ansible is used to execute playbooks on all of my VMs, automating management and configurations
For Secret management I use Bitwarden Secrets and their various integrations into the tools used.
Kubernetes is using SOPS with Age encryption until migration over to Bitwarden Secrets.
I use Oracle Cloud for their Always-Free VM's and deploy Docker services that require uptime here. Twingate is used to connect my home network to the various VPS's securely using Zero Trust architecture.
I use Cloudflare for my DNS provider with Cloudflare Tunnels to expose some of the services to the world. Cloudflare Access is used as Zero Trust for public websites, this is paired with Fail2Ban looking through all my reverse proxy logs for malicious actors who made it through Access and banning them via Cloudflare WAF.
I use a combination of Grafana, Loki, and Prometheus with various exporters to collect and visualize system metrics, logs, and alerts. This helps maintain visibility into my infrastructure and detect issues proactively.
- Prometheus – Metrics collection and alerting
- Loki – Centralized logging for containers and VMs
- Grafana – Dashboarding and visualization
- Exporters – Node Exporter, cAdvisor, Blackbox Exporter, etc.
This repo is not structured like a project you can easily replicate. Although if you are new to any of the tools used I encourage you to read through the directories that make up each tool to see how I am using them.
Over time I will try to add more detailed instructions in each directories README.
Some good references for how I learned this stuff (other than RTM)
- Kubernetes Cluster Setup
- Kubernetes + Flux
- Kubernetes Secrets with SOPS
- Packer with Proxmox
- Terraform with Proxmox
- Docker
- Ansible
Servers
| Name | Device | CPU | RAM | Storage | GPU | Purpose |
|---|---|---|---|---|---|---|
| Arc-Ripper | Optiplex 3050 | Intel i5-6500 | 32 GB DDR4 | 1TB NVMe | Arc A310 | Jellyfin Server, Blu-ray Ripper |
| PVE Node 1 | Custom | Intel i7-9700K | 64 GB DDR4 | NVMe for boot and VMs, 4×4TB HDD (RaidZ10) | Nvidia 1660 6GB | Main node with most VMs, NAS |
| PVE Node 2 | Custom | Intel i7-8700K | 64 GB DDR4 | 1×2TB NVMe | Nvidia 1060 6GB | More VMs |
Personal
| Name | Device | CPU | RAM | Storage | GPU | Purpose |
|---|---|---|---|---|---|---|
| Gaming PC | Custom | Intel i7-13700k | 64GB DDR5 | 10TB NVMe | Nvidia RTX 3080 | Main Machine |
| Laptop | HP 15-eh1097nr | AMD Ryzen 7 5700U | 32GB DDR4 | 1TB NVMe | Integrated | On the go/bed machine |
Networking
| Name | Device | Purpose |
|---|---|---|
| Switch | Unifi Flex 2.5Gb PoE | Switch with PoE |
| Router | Unifi Dream Router 7 | Router/Firewall |
| AP | U7 Pro XG | AP |
See Project Board