dontddos/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
118 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
DontDDoS 14ba997eb6 Update README.md
2026-01-09 17:51:57 +00:00
.obsidian
Removed minimal theme
2026-01-07 22:42:19 +00:00
docker
Fixed path
2026-01-09 11:32:49 +00:00
docs
Added documentation for mgmt-proxy and made misc tweaks
2026-01-08 16:32:00 +00:00
kubernetes
Update ingressroute.yaml
2026-01-09 14:54:28 +00:00
scripts/kubernetes
Create create-basic-auth.sh
2026-01-09 14:45:23 +00:00
.gitignore
Added kubernetes and .obsidian
2026-01-07 22:41:20 +00:00
README.md
Update README.md
2026-01-09 17:51:57 +00:00

README.md

Homelab

If you are viewing on GitHub, you can view this repo on my self-hosted instance of Gitea here.

📋 Table of Contents

👁️ Overview

  • Lab Started: 4th January 2026
  • Purpose: to learn more about networking, infrastructure management, git, CI/CD and other IT related topics
  • Contents: this git repo contains most, if not all, of my homelab infrastructure
  • Scale: I still consider this lab to be a relatively small one

📚 Skills Demonstrated

Networking:

  • Enterprise switching (Arista DCS-7010T)
  • VLAN configuration and inter-VLAN routing
  • Firewall management and security policies (pfSense)
  • Network segmentation (DMZ, management, isolated workload VLANs)
  • DNS management (AdGuard Home)
  • VPN configuration (Tailscale)

Infrastructure & Virtualisation:

  • Virtualisation platforms (Proxmox VE)
  • Container orchestration (Kubernetes/K3s)
  • High availability design (3-node control plane with keepalived VIP)
  • Hybrid ARM/x86 architecture
  • Distributed storage (Longhorn)

DevOps & Automation:

  • GitOps continuous delivery (ArgoCD)
  • Infrastructure as Code (Kubernetes manifests in Git)
  • Configuration management
  • Automated certificate management (Cert Manager)
  • CI/CD concepts

Security:

  • SIEM implementation (Wazuh)
  • Intrusion detection/prevention (CrowdSec)
  • Single sign-on (Authentik)
  • Network security architecture
  • Automated SSL/TLS management

Operations:

  • Service monitoring (Prometheus + Grafana)
  • Container management (Portainer)

🖥️ Hardware

Component Model / Specs Role
Firewall pfsense on pve-01 Edge firewall, DHCP
Switch Arista DCS-7010T Core / L3 switch
PVE-01 HPE ProLiant DL360 Gen 9
2x Intel Xeon E5-2673 v3
128GB RAM		 Virtualisation server
K3s-CP-01 Raspberry Pi 5
ARM Cortex-A76
8GB RAM		 Kubernetes control plane
K3s-CP-02 Raspberry Pi 5
ARM Cortex-A76
8GB RAM		 Kubernetes control plane
K3s-CP-03 Raspberry Pi 5
ARM Cortex-A76
8GB RAM		 Kubernetes control plane
K3s-Worker-01 HP EliteDesk G4 705
AMD Ryzen 5 PRO 2400GE
48GB RAM		 Kubernetes worker
K3s-Worker-02 HP EliteDesk G4 800
Intel i5 8600
16GB RAM		 Kubernetes worker
K3s-Worker-03 HP EliteDesk G4 800
Intel i5 8600
16GB RAM		 Kubernetes worker
TrueNAS AMD FX-6100
24GB RAM
8TB Storage		 Storage

🚀 Services, Applications & Deployments

Infrastructure

Networking

  • pfSense - Edge firewall, DHCP
  • AdGuard Home - DNS
  • Pangolin - Proxy for external HTTP traffic
  • Traefik - Proxy for internal HTTP traffic to Kubernetes
  • Nginx - Proxy for internal HTTP traffic
  • Tailscale - Remote access via VPN

Monitoring

Security

  • Vaultwarden - Password manager
  • Authentik - SSO and OIDC
  • CrowdSec - IPS monitoring for all incoming traffic
  • Wazuh - Security monitoring and SIEM
  • Cert Manager - Automated SSL/TLS certificate management

Git & CI/CD

  • Gitea - Self-hosted Git service
  • ArgoCD - Continuous delivery tool for Kubernetes deployments

Storage

  • Longhorn - Distributed block storage system for Kubernetes persistent volumes
  • CloudNative PG
  • TrueNAS - NAS solution

Media Stack

  • Jellyfin - Streaming
  • Jellyseer - Requests
  • Radarr - Movie index manager
  • Sonarr - Show index manager
  • Prowlarr - Torrent manager
  • qBittorrent - 😉

Communication

  • Mailcow - mail
  • Synapse - Self-hosted, decentralised communication

Games

  • Pelican - Game panel
  • Wings - Game servers

🌐 Network Architecture

Network Topology:

Internet
	↓
pfSense (10.77.0.1) - Edge Firewall/Router
	↓
Arista DCS-7010T - Core L3 Switch
	↓
	├─ VLAN 1 (10.77.0.0/16) - Default/LAN
	├─ VLAN 10 (10.20.10.0/24) - Management
	├─ VLAN 20 (10.20.20.0/24) - DMZ (Public Services)
	├─ VLAN 30 (10.20.30.0/24) - Games/Wings
	└─ VLAN 40 (10.20.40.0/24) - Kubernetes Cluster

Key Features:

  • Segmented VLANs for security and organisation
  • Arista DCS-7010T providing L3 switching
  • pfSense handling firewall rules and DHCP
  • AdGuard Home for DNS filtering across all VLANs Security Measures:
  • DMZ isolation for internet-facing services
  • Kubernetes workloads on isolated VLAN
  • Firewall rules controlling inter-VLAN traffic
  • CrowdSec IPS monitoring all incoming traffic
  • Wazuh SIEM for security event analysis

Detailed network documentation: docs/networking.md

🎯 Goals for the Future

Infrastructure Improvements:

  • Automated backups for all critical components (VMs, configurations, databases)
  • Off-site backups with Backblaze B2
  • Implement Ansible for configuration management automation
  • Deploy LibreNMS for SNMP-based network monitoring
  • Add Netbox for network documentation and IPAM

Learning & Certification:

  • Complete CCNA certification
  • Expand monitoring with custom Grafana dashboards
  • Learn Terraform for infrastructure provisioning
  • Implement full GitOps workflow for all services

🔗 Links

Reference in New Issue View Git Blame Copy Permalink
Description
Homelab in a git repo
dockerhomelabiackubernetes
Readme 267 KiB
Languages
Shell 100%