RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
Mono-repo for my server stack
31 commits 1 branch 0 tags 604 KiB
Find a file
Rasmus "Pez" Wejlgaard 353c2ad790
Capture london-b media stack and systemd services (#19) 
Add the full media automation stack (sonarr, radarr, prowlarr, lidarr,
readarr, whisparr), media servers (jellyfin, plex), and supporting
services (transmission, samba, ollama, promtail, cloudflared, vsftpd)
to the repo as a media_stack Ansible role.

Includes:
- Custom systemd unit files for non-package-managed services
- Config files for promtail, samba, transmission, vsftpd
- Cron jobs for movie-rename-fix, sonarr/radarr midnight restarts
- Updated deploy.yml to wire the role into london-b's stage
- Updated london-b docs with full service inventory

Backup script (backup.sh) already covered by the existing backup role.
Node/systemd exporters already covered by existing monitoring roles.

Closes PESO-92
2026-03-29 19:13:48 +01:00
.github/workflows initial commit 2026-03-28 12:39:41 +00:00
ansible Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
docs Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
terraform Remove stale DNS records: chimera, gopher, ecp-dev, and old verification TXT (#14) 2026-03-29 14:08:45 +01:00
.gitignore update readme 2026-03-28 21:06:14 +00:00
.sops.yaml initial commit 2026-03-28 12:39:41 +00:00
Makefile initial commit 2026-03-28 12:39:41 +00:00
README.md update readme 2026-03-28 21:06:14 +00:00

README.md

pez-infra

Infrastructure-as-code monorepo for Pez's homelab and cloud fleet. Everything needed to rebuild, configure, and maintain the server infrastructure from scratch.

Architecture Overview

graph TD
    CF[Cloudflare<br/>DNS + CDN] --> HEL[helsinki-a<br/>Caddy proxy<br/><i>Hetzner Cloud</i>]
    HEL --> TS{Tailscale mesh}
    TS --> LB[london-b<br/>Storage, Docker services]
    TS --> LA[london-a<br/>Monitoring<br/>Prometheus, Grafana]
    TS --> CA[copenhagen-a<br/>Gaming<br/>Minecraft, WoW MaNGOS]
    TS --> NUR[nuremberg-a<br/>Mail, poste.io]
    TS --> CC[copenhagen-c<br/>idle]

Hosts

Host Location OS Tailscale IP Role
helsinki-a Hetzner Cloud Linux 100.67.6.27 Reverse proxy (Caddy), main traffic gateway
london-b London Linux 100.84.65.101 Primary storage (ZFS), Docker services
london-a London FreeBSD 100.122.219.41 Monitoring (Prometheus, Grafana)
nuremberg-a Hetzner Cloud Alpine Linux 100.117.235.28 Mail server (poste.io)
copenhagen-a Copenhagen Linux 100.89.206.60 Gaming servers (Minecraft, WoW/MaNGOS)
copenhagen-c Copenhagen Linux 100.115.45.53 Idle/available

Traffic Flow

  1. DNS managed by Cloudflare (Terraform)
  2. Traffic routes to helsinki-a (Caddy reverse proxy)
  3. Caddy forwards to backend services over Tailscale mesh
  4. Auth handled by Authelia with LLDAP backend (on london-b)

Directory Structure

pez-infra/
├── ansible/        # Ansible playbooks, roles, inventory, and all managed files
│   ├── roles/      # Ansible roles (caddy, docker, dotfiles, etc.)
│   ├── services/   # Docker Compose definitions and service configs
│   ├── dotfiles/   # Shell config (fish, nvim, tmux, git, etc.)
│   └── scripts/    # Utility and maintenance scripts
└── terraform/      # Terraform/OpenTofu for Cloudflare, DNS, etc.

Getting Started

Prerequisites

  • SSH access to hosts via Tailscale
  • ansible for configuration management
  • tofu (OpenTofu) or terraform for infrastructure provisioning
  • gh CLI for GitHub operations

Working with this repo

  1. Clone: git clone git@github.com:RWejlgaard/pez-infra.git
  2. Services: Each service has its own directory under ansible/services/ with a docker-compose.yml and config files
  3. Deploy: Ansible playbooks in ansible/ handle deployment (see individual playbook docs)
  4. Infrastructure: Terraform configs in terraform/ manage DNS, tunnels, and access policies

Secrets

Secrets are encrypted in-repo using SOPS + age. Encrypted files use .enc. in their extension (e.g. secrets.enc.yml). See Secrets Management for full setup and usage instructions.

Quick start: ./ansible/scripts/sops-setup.sh

Documentation

Comprehensive documentation lives in docs/:

  • Architecture — Network topology, traffic flow, design principles
  • Networking — Tailscale mesh, DNS flow, physical networking
  • Services — Complete service map with ports, auth, and deployment info
  • Monitoring — Prometheus, Grafana, exporters, status page
  • Getting Started — How to work with this repo

Consolidated Repos

This monorepo replaces several standalone repos:

  • pez-ansibleansible/
  • pez-terraformterraform/
  • pez-grafanaservices/grafana/
  • pez-proxyservices/caddy/
  • pez-docsdocs/ and per-host documentation
  • server-scriptsscripts/ and ansible/