# Homelab
If you are viewing on GitHub, you can view this repo on my self-hosted instance of Gitea here.
## 📋 Table of Contents
- [Hardware](#-hardware)
- [Services, Applications & Deployments](#-services-applications--deployments)
- [Network Architecture](#-network-architecture)
- [Links](#-links)
## 🖥️ Hardware
| Component | Model / Specs | Role |
| ------------- | ----------------------------------------------------------------- | ------------------------ |
| Firewall | pfsense on pve-01 | Edge firewall, DHCP |
| Switch | Arista DCS-7010T | Core / L3 switch |
| PVE-01 | HPE ProLiant DL360 Gen 9
2x Intel Xeon E5-2673 v3
128GB RAM | Virtualisation server |
| K3s-CP-01 | Raspberry Pi 5
ARM Cortex-A76
8GB RAM | Kubernetes control plane |
| K3s-CP-02 | Raspberry Pi 5
ARM Cortex-A76
8GB RAM | Kubernetes control plane |
| K3s-CP-03 | Raspberry Pi 5
ARM Cortex-A76
8GB RAM | Kubernetes control plane |
| K3s-Worker-01 | HP EliteDesk G4 705
AMD Ryzen 5 PRO 2400GE
48GB RAM | Kubernetes worker |
| K3s-Worker-02 | HP EliteDesk G4 800
Intel i5 8600
16GB RAM | Kubernetes worker |
| K3s-Worker-03 | HP EliteDesk G4 800
Intel i5 8600
16GB RAM | Kubernetes worker |
| TrueNAS | AMD FX-6100
24GB RAM
8TB Storage | Storage |
## 🚀 Services, Applications & Deployments
### Infrastructure
- [**Proxmox VE**](docs/infrastructure/proxmox-ve.md) - Type 1 hypervisor
- [**Portainer**](kubernetes/portainer/portainer) - Kubernetes & Docker management GUI
- [**Kubernetes**](docs/infrastructure/kubernetes.md) - Container orchestration
- **Docker** - Containerisation
### Networking
- **pfSense** - Edge firewall, DHCP
- **AdGuard Home** - DNS
- **Pangolin** - Proxy for external HTTP traffic
- **Traefik** - Proxy for internal HTTP trafic to kubernetes
- **Nginx** - Proxy for internal HTTP traffic
- **Tailscale** - Remote access via VPN
### Monitoring
- [**Grafana**](kubernetes/monitoring/grafana/)
- [**Prometheus**](kubernetes/monitoring/prometheus/)
### Security
- **Vaultwarden** - Password manager
- Authentik - SSO and OIDC
- **CrowdSec** - Intrusion prevention
- **Wazuh** - Security monitoring and SIEM
- [**Cert Manager**](kubernetes/cert-manager/cert-manager/) - Automated SSL/TLS certificate management
### Git & CI/CD
- **Gitea** - Self-hosted Git service
- **ArgoCD** - Continuous delivery tool for Kubernetes deployments
### Storage
- [**Longhorn**](/kubernetes/longhorn-system/longhorn/) - Distributed block storage system for Kubernetes persistent volumes
- **TrueNAS** - NAS solution
### Media Stack
- **Jellyfin** - Streaming
- **Jellyseer** - Requests
- **Radarr** - Movie index manager
- **Sonarr** - Show index manager
- **Prowlarr** - Torrent manager
- **qBittorrent** - 😉
### Communication
- **Mailcow** - mail
- **Synapse** - Self-hosted, decentralised communication
### Games
- **Pelican** - Game panel
- **Wings** - Game servers
## 🌐 Network Architecture
**Network Topology:**
```
Internet
↓
pfSense (10.77.0.1) - Edge Firewall/Router
↓
Arista DCS-7010T - Core L3 Switch
↓
├─ VLAN 1 (10.77.0.0/16) - Default/LAN
├─ VLAN 10 (10.20.10.0/24) - Management
├─ VLAN 20 (10.20.20.0/24) - DMZ (Public Services)
├─ VLAN 30 (10.20.30.0/24) - Games/Wings
└─ VLAN 40 (10.20.40.0/24) - Kubernetes Cluster
```
**Key Features:**
- Segmented VLANs for security and organisation
- Arista DCS-7010T providing L3 switching
- pfSense handling firewall rules and DHCP
- AdGuard Home for DNS filtering across all VLANs
**Security Measures:**
- DMZ isolation for internet-facing services
- Kubernetes workloads on isolated VLAN
- Firewall rules controlling inter-VLAN traffic
- CrowdSec IPS monitoring all traffic incoming traffic
- Wazuh SIEM for security event analysis
**Detailed network documentation:** [docs/networking.md](docs/networking.md)
## 🔗 Links
- **Personal Website:** https://dontddos.me
- **GitHub:** https://github.com/ddosian
- **Self-hosted Gitea:** https://gitea.dontddos.me