dontddos/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
85 Commits 1 Branch 0 Tags
61da379b12457417b024bfef05bd82966e3cfc7b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
DontDDoS 61da379b12 Update README.md
2026-01-08 21:23:34 +00:00
.obsidian
Removed minimal theme
2026-01-07 22:42:19 +00:00
docker
Added gitea runner
2026-01-08 20:33:50 +00:00
docs
Added documentation for mgmt-proxy and made misc tweaks
2026-01-08 16:32:00 +00:00
kubernetes
ServerSideApply
2026-01-08 21:12:24 +00:00
.gitignore
Added kubernetes and .obsidian
2026-01-07 22:41:20 +00:00
README.md
Update README.md
2026-01-08 21:23:34 +00:00

README.md

Homelab

If you are viewing on GitHub, you can view this repo on my self-hosted instance of Gitea here.

📋 Table of Contents

🖥️ Hardware

Component Model / Specs Role
Firewall pfsense on pve-01 Edge firewall, DHCP
Switch Arista DCS-7010T Core / L3 switch
PVE-01 HPE ProLiant DL360 Gen 9
2x Intel Xeon E5-2673 v3
128GB RAM		 Virtualisation server
K3s-CP-01 Raspberry Pi 5
ARM Cortex-A76
8GB RAM		 Kubernetes control plane
K3s-CP-02 Raspberry Pi 5
ARM Cortex-A76
8GB RAM		 Kubernetes control plane
K3s-CP-03 Raspberry Pi 5
ARM Cortex-A76
8GB RAM		 Kubernetes control plane
K3s-Worker-01 HP EliteDesk G4 705
AMD Ryzen 5 PRO 2400GE
48GB RAM		 Kubernetes worker
K3s-Worker-02 HP EliteDesk G4 800
Intel i5 8600
16GB RAM		 Kubernetes worker
K3s-Worker-03 HP EliteDesk G4 800
Intel i5 8600
16GB RAM		 Kubernetes worker
TrueNAS AMD FX-6100
24GB RAM
8TB Storage		 Storage

🚀 Services, Applications & Deployments

Infrastructure

Networking

  • pfSense - Edge firewall, DHCP
  • AdGuard Home - DNS
  • Pangolin - Proxy for external HTTP traffic
  • Traefik - Proxy for internal HTTP trafic to kubernetes
  • Nginx - Proxy for internal HTTP traffic
  • Tailscale - Remote access via VPN

Monitoring

Security

  • Vaultwarden - Password manager
  • Authentik - SSO and OIDC
  • CrowdSec - Intrusion prevention
  • Wazuh - Security monitoring and SIEM
  • Cert Manager - Automated SSL/TLS certificate management

Git & CI/CD

  • Gitea - Self-hosted Git service
  • ArgoCD - Continuous delivery tool for Kubernetes deployments

Storage

  • Longhorn - Distributed block storage system for Kubernetes persistent volumes
  • TrueNAS - NAS solution

Media Stack

  • Jellyfin - Streaming
  • Jellyseer - Requests
  • Radarr - Movie index manager
  • Sonarr - Show index manager
  • Prowlarr - Torrent manager
  • qBittorrent - 😉

Communication

  • Mailcow - mail
  • Synapse - Self-hosted, decentralised communication

Games

  • Pelican - Game panel
  • Wings - Game servers

🌐 Network Architecture

Network Topology:

Internet
	↓
pfSense (10.77.0.1) - Edge Firewall/Router
	↓
Arista DCS-7010T - Core L3 Switch
	↓
	├─ VLAN 1 (10.77.0.0/16) - Default/LAN
	├─ VLAN 10 (10.20.10.0/24) - Management
	├─ VLAN 20 (10.20.20.0/24) - DMZ (Public Services)
	├─ VLAN 30 (10.20.30.0/24) - Games/Wings
	└─ VLAN 40 (10.20.40.0/24) - Kubernetes Cluster

Key Features:

  • Segmented VLANs for security and organisation
  • Arista DCS-7010T providing L3 switching
  • pfSense handling firewall rules and DHCP
  • AdGuard Home for DNS filtering across all VLANs Security Measures:
  • DMZ isolation for internet-facing services
  • Kubernetes workloads on isolated VLAN
  • Firewall rules controlling inter-VLAN traffic
  • CrowdSec IPS monitoring all traffic incoming traffic
  • Wazuh SIEM for security event analysis

Detailed network documentation: docs/networking.md

🔗 Links

Reference in New Issue View Git Blame Copy Permalink
Description
Homelab in a git repo
dockerhomelabiackubernetes
Readme 310 KiB
Languages
Shell 100%