pez-infra/docs
Rasmus "Pez" Wejlgaard 0a357fc69a
Some checks failed
Terraform / Plan (push) Has been cancelled
Terraform / Apply (push) Has been cancelled
docs: catch up with the Cloudflare to Hetzner DNS move, fix secrets/terraform drift (#130)
The docs still described Cloudflare as DNS + CDN in front of helsinki-a,
but that was dropped in #90 - pez.sh lives on Hetzner DNS via Terraform
now and records point straight at the origin. Updated README,
architecture, networking, getting-started and the nuremberg-a host doc
to match, and noted that pez.solutions still resolves via Cloudflare
outside Terraform.

Also fixed while I was in there:
- terraform/README: PagerDuty provider is ~> 3.32 (table said ~> 2.2),
  and the B2 secret keys are backblaze_keyID/backblaze_applicationKey
- secrets docs: group_vars secrets file is .enc.yaml, dropped the
  FreeBSD install steps, the long-gone .sops.yaml placeholder note and
  the ANSIBLE_VAULT_PASS migration note, swapped the cloudflare_record
  example for hcloud
- getting-started referenced ansible/scripts/sops-setup.sh which
  doesn't exist
- added naveen.pez.sh to the subdomain tables and a note about the
  DNS-only records (mail, minecraft, wow, public)
2026-06-10 20:59:23 +01:00
..
hosts docs: catch up with the Cloudflare to Hetzner DNS move, fix secrets/terraform drift (#130) 2026-06-10 20:59:23 +01:00
architecture.md docs: catch up with the Cloudflare to Hetzner DNS move, fix secrets/terraform drift (#130) 2026-06-10 20:59:23 +01:00
getting-started.md docs: catch up with the Cloudflare to Hetzner DNS move, fix secrets/terraform drift (#130) 2026-06-10 20:59:23 +01:00
monitoring.md Make Alloy resilient to transient failures; remove leftover Grafana (PESO-149) (#126) 2026-06-07 14:30:08 +01:00
networking.md docs: catch up with the Cloudflare to Hetzner DNS move, fix secrets/terraform drift (#130) 2026-06-10 20:59:23 +01:00
README.md fix: Documentation overhaul (#112) 2026-05-19 18:49:21 +01:00
secrets.md docs: catch up with the Cloudflare to Hetzner DNS move, fix secrets/terraform drift (#130) 2026-06-10 20:59:23 +01:00
services.md docs: remove decommissioned Miniflux refs; fix status-page + minor drift (#129) 2026-06-09 19:49:16 +01:00

Documentation

Everything you need to understand how this infrastructure works.

Contents

  • Architecture — High-level overview, network topology, traffic flow diagrams
  • Networking — Tailscale mesh, physical networking, DNS and proxy flow
  • Services — Complete service map: what runs where, ports, auth
  • Monitoring — Grafana Cloud, Alloy, synthetic checks, alerting via PagerDuty
  • Secrets — SOPS + age encryption: setup, usage, CI integration
  • Getting Started — How to work with this repo, deploy changes, add services
  • Hosts — Per-host detail (hardware, services, quirks)

Quick Reference

Host Tailscale IP Location Role
helsinki-a 100.67.6.27 Hetzner Cloud (Helsinki) Reverse proxy, SSO, Bitwarden, Forgejo
london-a 100.122.180.98 London Proxmox VE hypervisor
london-b 100.84.65.101 London Storage, media, Docker services
london-c 100.123.72.87 London Raspberry Pi, Octopus Energy exporter
nuremberg-a 100.70.180.24 Hetzner Cloud (Nuremberg) Mail (poste.io)
copenhagen-a 100.89.206.60 Copenhagen Minecraft, WoW/MaNGOS
copenhagen-c 100.115.45.53 Copenhagen Raspberry Pi, cloudflared, idle