PH's HomeLab

Tech Stack • Directory Overview • Gallery • Road Map

A bare-metal Proxmox infrastructure provisioned using Terraform (IaC) and established with a complete GitOps automation pipeline with ArgoCD and Ansible, hosting a segregated Dev environment with an Ubuntu cluster for continuous experimentation with Cloud, DevOps, Networking, and Automation.

Alongside it has a Production environment consisting of lightweight LXC containers providing essential services, and a lightweight Talos Linux Kubernetes cluster for project and service deployment, focusing on high availability and disaster recovery.

The whole architecture enforces a security-first posture by managing all credentials through HashiCorp Vault, Ansible Vault, and SOPS encryption as necessary.

Tech Stack

Logo	Name	Description
	Proxmox VE	The backbone of this homelab is an open-source server virtualization platform. All LXC containers and VMs are running on this environment.
	Terraform	This is the Infrastructure As Code tool that provisions assets inside Proxmox VE and supporting assets in the Cloud. Here, these provisions create two separate environments, Dev and Prod. Read this doc to learn more about the implementation Here
	Ubuntu Server	Base OS for development VMs.
	Debian	Base OS for LXC Containers.
	Talos	Talos Linux is a Kubernetes-optimized Linux distro. This is the base OS for the main Kubernetes cluster in the Prod environment. Read this doc to learn more about the implemenation Here
	Ansible	Configuration management tool for VMs and Containers. Read this doc to learn more about the implemenation Here
	ArgoCD	GitOps tool built to deploy applications to Kubernetes. Read this doc to learn more about the implemenation Here
	Kubernetes	Container-orchestration system, the backbone of dev and prod environment
	Helm	Package Manager for Kubernetes
	Docker	Primary Containerization Platform
	Grafana	Kubernetes cluster observation and visualization tool.
	Prometheus	Kubernetes cluster log aggregation tool.
	Hashicorp Vault	Secret management system for the Homelab. Integrated with ArgoCD via ArgoCD Vault Plugin.
	Nginx	Kubernetes Ingress Controller.
	Pi-hole	Local DNS server for the HomeLab.
	Cloudflare	DNS Provider and Tunnel.
	Harbor	Self-hosted Image Registry Management Tool
	Gitea	Self-hosted Git Repository Hosting

Directory Overview

HomeLab/
├── .envrc                           # Direnv variables automation
├── .gitignore                       # Git ignore patterns
├── .sops.yaml                       # SOPS encryption configuration
├── LICENSE                          # AGPL open source license
├── README.md                        # Repository main documentation
├── ansible/                         # Ansible automation configurations
│   ├── ansible.cfg                  # Ansible common configuration
│   ├── inventories/                 # Inventory configurations
│   │   ├── dev/                     # Development inventory
│   │   └── prod/                    # Production inventory
│   ├── playbooks/                   # Ansible playbooks
│   │   ├── argocd-dev.yaml          # ArgoCD setup for dev server
│   │   ├── cluster_init.yaml        # Control plane initialization
│   │   ├── join_workers.yaml        # Worker nodes joining
│   │   ├── nfs_setup.yaml           # NFS Proxmox setup
│   │   ├── site.yaml                # Initial setup for all hosts
│   │   ├── support_tools.yaml       # Optional support tools
│   │   └── vault_setup.yaml         # Vault production LXC setup
│   ├── roles/                       # Ansible roles
│   │   ├── argocd/                  # ArgoCD role
│   │   ├── base_setup/              # Base setup role
│   │   ├── containerd/              # Containerd role
│   │   ├── control_plane/           # Control plane role
│   │   ├── kube_packages/           # Kubernetes packages role
│   │   ├── nfs_client/              # NFS client role
│   │   ├── node_join/               # Node joining role
│   │   └── support_tools/           # Support tools role
│   ├── secrets.yaml                 # Ansible Vault secrets
│   └── readme.md                    # Ansible documentation
├── argocd/                          # ArgoCD configurations
│   ├── apps/                        # Application manifests
│   │   ├── gitea/                   # Gitea application
│   │   ├── harbor/                  # Harbor application
│   │   ├── monitoring/              # Prometheus + Grafana app
│   │   └── nfs_provisioner/         # NFS storage provisioner
│   ├── base/                        # ArgoCD base project configuration
│   ├── environments/                # Environment-specific configurations
│   │   ├── dev/                     # Development environment
│   │   └── prod/                    # Production environment
│   └── readme.md                    # ArgoCD implementation documentation
├── docs/                            # Detailed feature-specific documentation
├── proxmox/                         # Terraform IaC for Proxmox
│   ├── environments/                # Infrastructure segments
│   │   ├── dev/                     # Development segment
│   │   └── prod/                    # Production segment
│   ├── modules/                     # Terraform modules
│   │   ├── lxc/                     # LXC container module
│   │   ├── talos-k8s/               # Talos dynamic K8s cluster module
│   │   ├── talos-vm/                # Talos VM module
│   │   ├── ubuntu-k8s/              # Ubuntu dynamic K8s cluster module
│   │   └── ubuntu-vm/               # Ubuntu VM module
│   └── readme.md                    # Proxmox Terraform infrastructure documentation
├── scripts/                         # Automation scripts
│   └── check_prometheus.sh          # K8s Prometheus log aggregation check
├── talos/                           # Talos K8s cluster configurations
│   ├── _out/                        # Generated configurations
│   │   ├── decrypt.sh               # Script to decrypt sensitive configurations
│   │   ├── encrypt.sh               # Script to encrypt sensitive configurations
│   │   └── ...                      # Other generated configuration files
│   ├── patches/                     # Patches for control plane and workers
│   ├── secrets.yaml                 # Ansible Vault secrets
│   └── readme.md                    # Talos documentation
└── vault/                           # HashiCorp Vault configurations
    └── secret.yaml.enc              # Vault encrypted configuration

Gallery

Proxmox Dashboard
Grafana Cluster Monitoring Dashboard
GitOps: ArgoCD
Secret Management: Hashicorp Vault
Local DNS Management: Pi-hole
Gitea Self-hosted Git Repository Management
Harbor Self-hosted Image Repository
TurnKey File Server
Gorgeous Bare-Metal Physical Server :-)

Road Map

• Setup ProxMox VE on baremetal environment
• Automated bare metal provisioning with Terraform
• Dev & Prod environment provisioning with Terraform
• Modular architecture, easy to add or remove features/components
• Automated Kubernetes Dev Cluster Setup with Ansible
• Automated Kubernetes Prod Cluster Setup with Talos config
• LXC Container Service provisioning with Terraform
• Installing and managing applications using GitOps ArgoCD
• HashiCorp Vault setup for secret management
• Pi-hole local DNS server and Turnkey file server setup
• NFS file system setup for Kubernetes distributed storage
• Grafana and Prometheus setup for observability
• Automated backup and restore with rsync
• Gitea and Harbor setup
• NGINX ingress setup
• Add Homepage Centralized Dashboard
• ELK Stack Setup in Dev cluster
• Automatic rolling upgrade for OS and Kubernetes
• Automated certificate management for full environment
• DNS failover to pilot-light AWS infra disaster management setup for Prod cluster
• Ensuring 99.9% availability for Prod cluster