dontddos/homelab

Go to file

DontDDoS 729bee45a4 Added documentation for mgmt-proxy and made misc tweaks

2026-01-08 16:32:00 +00:00

Removed minimal theme

2026-01-07 22:42:19 +00:00

Added documentation for mgmt-proxy and made misc tweaks

2026-01-08 16:32:00 +00:00

Upgraded to 1.10.1 and set the preUpgradeChecker's job to disabled

2026-01-08 12:37:32 +00:00

.gitignore

Added kubernetes and .obsidian

2026-01-07 22:41:20 +00:00

README.md

Update README.md

2026-01-08 12:53:09 +00:00

README.md

Homelab

If you are viewing on GitHub, you can view this repo on my self-hosted instance of Gitea here.

📋 Table of Contents

Hardware
Services, Applications & Deployments
Network Architecture

🖥️ Hardware

Component	Model / Specs	Role
Firewall	pfsense on pve-01	Edge firewall, DHCP
Switch	Arista DCS-7010T	Core / L3 switch
PVE-01	HPE ProLiant DL360 Gen 9 2x Intel Xeon E5-2673 v3 128GB RAM	Virtualisation server
K3s-CP-01	Raspberry Pi 5 ARM Cortex-A76 8GB RAM	Kubernetes control plane
K3s-CP-02	Raspberry Pi 5 ARM Cortex-A76 8GB RAM	Kubernetes control plane
K3s-CP-03	Raspberry Pi 5 ARM Cortex-A76 8GB RAM	Kubernetes control plane
K3s-Worker-01	HP EliteDesk G4 705 AMD Ryzen 5 PRO 2400GE 48GB RAM	Kubernetes worker
K3s-Worker-02	HP EliteDesk G4 800 Intel i5 8600 16GB RAM	Kubernetes worker
K3s-Worker-03	HP EliteDesk G4 800 Intel i5 8600 16GB RAM	Kubernetes worker
TrueNAS	AMD FX-6100 24GB RAM 8TB Storage	Storage

🚀 Services, Applications & Deployments

Infrastructure

Proxmox VE - Type 1 hypervisor
Kubernetes - Container orchestration
Docker - Containerisation

Networking

pfSense - Edge firewall, DHCP
AdGuard Home - DNS
Pangolin - Proxy for external HTTP traffic
Traefik - Proxy for internal HTTP trafic to kubernetes
Nginx - Proxy for internal HTTP traffic
Tailscale - Remote access via VPN

Security

Vaultwarden - Password manager
Authentik - SSO and OIDC
CrowdSec - Intrusion prevention
Wazuh - Security monitoring and SIEM
Cert Manager - Automated SSL/TLS certificate management

Git & CI/CD

Gitea - Self-hosted Git service
ArgoCD - Continuous delivery tool for Kubernetes deployments

Storage

Longhorn - Distributed block storage system for Kubernetes persistent volumes
TrueNAS - NAS solution

Media Stack

Jellyfin - Streaming
Jellyseer - Requests
Radarr - Movie index manager
Sonarr - Show index manager
Prowlarr - Torrent manager
qBittorrent - 😉

Communication

Mailcow - mail
Synapse - Self-hosted, decentralised communication

Games

Pelican - Game panel
Wings - Game servers

🌐 Network Architecture

Key Features:

Segmented VLANs for security and organization
Arista DCS-7010T providing L3 switching
pfSense handling firewall rules and DHCP
AdGuard Home for DNS filtering across all VLANs

Detailed network documentation: docs/networking.md