This is the IaC configuration for my homelab. It's mainly powered by Kubernetes and I do my best to adhere to GitOps practices.
To organise all the configuration I've opted for an approach using a combination of yaml manifests & Helm with Argo CD for streamlined deployment.
I plan to journal my adventures and exploits on my GitHub.
If you're new to Kubernetes I've written a shell script for Bootstrapping k3s with Cilium.
Starting of on this repository, I've implemented a DevSecOps pipeline for secrets and IaC scanning using Trufflehog and Checkov respectively. This ensures the security and reliability of my homelab infrastructure.
- Argo CD: Declarative, GitOps continuous delivery tool for Kubernetes.
- Cilium: eBPF-based Networking, Observability, Security.
- Teleport: Identity aware proxy to manage access for Servers, DBs, K8S clusters etc.
- OpenTofu: The open source infrastructure as code tool.
- Sealed-secrets: Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository.
- Proxmox: A powerful type-1 hypervisor orchestrating the virtual landscape.
- Adguard: Local DNS and adblocking for enhanced privacy and security.
- Traefik: This is a reliable cloud-native reverse proxy to safeguard access to homelab services.
- Cert-manager: Managing certificates to ensure secure communications within & Outside the cluster.
- Kube-prometheus-stack: Stack consisting of Prometheus, Grafana and NodeExporter for monitoring metrics and performance comprehensively.
- Loki & Promtail: Log aggregation stack for getting deeper insights into the state of various resources.
- Tetragon: eBPF based runtime security tool with comprehensive protection features.
- Homarr: Homelab dashboard offering insightful metrics and analytics through a user friendly UI.
- DIUN: Ensuring timely patch management and updates across the homelab environment.
- Tailscale: IPSec Wireguard VPN that powers the connection between my On-prem resources and Oracle Cloud.
- Wazuh: Feature rich opensource SIEM and XDR solution.
infrastructure: Configuration for core infrastructure componentsInfrastructure/OracleCloud: OpenTofu/Terraform configuration for my Oracle cloud infrastructure.K8s: Holds my Helm/yaml manifests.
| Name | Device | CPU | RAM | Storage | Location |
|---|---|---|---|---|---|
| my-promox-host | HP Mini G3-800 | Intel Core i5 | 32 GB DDR4 | 1 TiB SSD | 127.0.0.1 |
| Docker-host | VM | Arm | 16 GB DDR4 | 50GB | Oracle Cloud |
- Deploy Wazuh for my SIEM solution.
- Deploy Teleport for Access Management.
- Deploy Vault, Vaultwarden & Kyverno.
- Setup Infra Node(Terraform,Ansible&Packer) on proxmox via LXC.
- Keycloak for auth
- Replace nfs storage with block storage.
- Add Pi Hole as a backup DNS server
- Setup Cilium mTLS & SPIFFE/SPIRE