RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-05 20:04:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

update readme

Browse source
This commit is contained in:
Rasmus Wejlgaard 2026-03-30 19:42:47 +01:00
parent 94d7f20c9b
commit 5b98ea4e6a
1 changed files with 24 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
README.md
View file

@ -1,6 +1,13 @@
# pez-infra
Infrastructure-as-code monorepo for Pez's homelab and cloud fleet. Everything needed to rebuild, configure, and maintain the server infrastructure from scratch.
Infrastructure-as-code monorepo for managing my homelab and cloud server fleet. It contains everything needed to rebuild, configure, and maintain the entire infrastructure from scratch — including server provisioning, service deployment, DNS, monitoring, and secrets management.
## What's in this repo
- **Ansible** — Playbooks, roles, and inventory for configuring servers, deploying Docker-based services, and managing dotfiles
- **Terraform** — OpenTofu/Terraform configs for cloud resources (Cloudflare DNS, Hetzner servers)
- **Services** — Docker Compose definitions and config files for each self-hosted service
- **Documentation** — Architecture decisions, networking topology, and operational guides
## Architecture Overview
@ -15,34 +22,29 @@ graph TD
TS --> CC[copenhagen-c<br/>idle]
```
Traffic enters via Cloudflare DNS, hits a Caddy reverse proxy on a Hetzner cloud instance, and is forwarded to backend services running on various hosts connected over a Tailscale mesh network. Authentication is handled by Authelia with an LLDAP backend.
### Hosts
| Host | Location | OS | Tailscale IP | Role |
|------|----------|-----|-------------|------|
| helsinki-a | Hetzner Cloud | Linux | 100.67.6.27 | Reverse proxy (Caddy), main traffic gateway |
| london-b | London | Linux | 100.84.65.101 | Primary storage (ZFS), Docker services |
| london-a | London | FreeBSD | 100.122.219.41 | Monitoring (Prometheus, Grafana) |
| nuremberg-a | Hetzner Cloud | Alpine Linux | 100.117.235.28 | Mail server (poste.io) |
| copenhagen-a | Copenhagen | Linux | 100.89.206.60 | Gaming servers (Minecraft, WoW/MaNGOS) |
| copenhagen-c | Copenhagen | Linux | 100.115.45.53 | Idle/available |
### Traffic Flow
1. DNS managed by Cloudflare (Terraform)
2. Traffic routes to helsinki-a (Caddy reverse proxy)
3. Caddy forwards to backend services over Tailscale mesh
4. Auth handled by Authelia with LLDAP backend (on london-b)
| Host | Location | OS | Role |
|------|----------|-----|------|
| helsinki-a | Hetzner Cloud | Linux | Reverse proxy (Caddy), main traffic gateway |
| london-b | London | Linux | Primary storage (ZFS), Docker services |
| london-a | London | FreeBSD | Monitoring (Prometheus, Grafana) |
| nuremberg-a | Hetzner Cloud | Alpine Linux | Mail server (poste.io) |
| copenhagen-a | Copenhagen | Linux | Gaming servers (Minecraft, WoW/MaNGOS) |
| copenhagen-c | Copenhagen | Linux | Idle/available |
## Directory Structure
```
pez-infra/
├── ansible/ # Ansible playbooks, roles, inventory, and all managed files
│ ├── roles/ # Ansible roles (caddy, docker, dotfiles, etc.)
│ ├── services/ # Docker Compose definitions and service configs
│ ├── dotfiles/ # Shell config (fish, nvim, tmux, git, etc.)
│ └── scripts/ # Utility and maintenance scripts
└── terraform/ # Terraform/OpenTofu for Cloudflare, DNS, etc.
├── terraform/ # Terraform/OpenTofu for Cloudflare DNS, Hetzner servers
└── docs/ # Architecture, networking, services, and monitoring docs
```
## Getting Started
@ -52,38 +54,24 @@ pez-infra/
- SSH access to hosts via Tailscale
- `ansible` for configuration management
- `tofu` (OpenTofu) or `terraform` for infrastructure provisioning
- `gh` CLI for GitHub operations
### Working with this repo
### Usage
1. **Clone:** `git clone git@github.com:RWejlgaard/pez-infra.git`
2. **Services:** Each service has its own directory under `ansible/services/` with a `docker-compose.yml` and config files
4. **Deploy:** Ansible playbooks in `ansible/` handle deployment (see individual playbook docs)
5. **Infrastructure:** Terraform configs in `terraform/` manage DNS, tunnels, and access policies
3. **Deploy:** Ansible playbooks in `ansible/` handle deployment (see individual playbook docs)
4. **Infrastructure:** Terraform configs in `terraform/` manage DNS and cloud resources
### Secrets
Secrets are encrypted in-repo using [SOPS](https://github.com/getsops/sops) + [age](https://github.com/FiloSottile/age). Encrypted files use `.enc.` in their extension (e.g. `secrets.enc.yml`). See **[Secrets Management](docs/secrets.md)** for full setup and usage instructions.
Quick start: `./ansible/scripts/sops-setup.sh`
## Documentation
Comprehensive documentation lives in [`docs/`](docs/):
Detailed documentation lives in [`docs/`](docs/):
- **[Architecture](docs/architecture.md)** — Network topology, traffic flow, design principles
- **[Networking](docs/networking.md)** — Tailscale mesh, DNS flow, physical networking
- **[Services](docs/services.md)** — Complete service map with ports, auth, and deployment info
- **[Monitoring](docs/monitoring.md)** — Prometheus, Grafana, exporters, status page
- **[Getting Started](docs/getting-started.md)** — How to work with this repo
## Consolidated Repos
This monorepo replaces several standalone repos:
- `pez-ansible``ansible/`
- `pez-terraform``terraform/`
- `pez-grafana``services/grafana/`
- `pez-proxy``services/caddy/`
- `pez-docs``docs/` and per-host documentation
- `server-scripts``scripts/` and `ansible/`