"Move fast and break things" β Mark Zuckerberg
"I moved fast. Things are broken." β Me, at 3 AM
"Have you tried turning it off and on again?" β My mom, who has heard enough
Welcome to dev-oops β my personal laboratory where I cosplay as a DevOps engineer, ARP-spoof my children's tablets, and treat terraform destroy as a form of meditation.
This is what happens when you have more CPU cores than friends.
This repository contains enterprise-grade infrastructure for a hobbyist-grade homelab. It's over-engineered, over-documented, and occasionally over-heated.
I treat my homelab like a Fortune 500 company's infrastructure, except:
- My SLA is "probably up"
- My incident response is "wake up and panic"
- My disaster recovery plan is "cry, then restore from
backupMinIO" - My change management process is
git push --forceand pray - My parental controls involve literal ARP poisoning (see: The Sentry Project)
| Component | Spec | Notes |
|---|---|---|
| CPU | 56 x Intel Xeon E5-2680 v4 @ 2.40GHz | Two sockets of raw, slightly-aged power |
| RAM | 62GB | Enough to run Kubernetes. Barely. |
| Boot Mode | Legacy BIOS | "I don't do UEFI here" |
| Hypervisor | Proxmox VE 9.0.3 | The backbone of my chaos |
| Kernel | Linux 6.14.8-2-pve | Latest and greatest (until tomorrow) |
| Electricity Bill | Yes | I don't talk about this |
βββββββββββββββ¬ββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββ
β Device β Size β Purpose β
βββββββββββββββΌββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββ€
β sda β 465.8G β Spinning rust from 2014 (the "OG") β
β sdb β 931.5G β More spinning rust (the "backup OG") β
β nvme0n1 β 1.8T β The fast boi (VMs live here, briefly) β
βββββββββββββββ΄ββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββ¬βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β Host β IP β What It Does β
βββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββ€
β pve-master β 192.168.1.120 β Proxmox Hypervisor (the boss) β
β ubuntu-server β 192.168.1.121 β Docker + Traefik (the workhorse) β
β teleport β 192.168.1.122 β Zero-trust access (fancy SSH) β
β vpn-server β 192.168.1.123 β OpenVPN (for remote chaos) β
β hephaestus β 192.168.1.124 β CI/CD runners (Greek god vibes) β
β sonarqube β 192.168.1.125 β Code quality (yes, I lint my code) β
β core-dns β 192.168.1.126 β Internal DNS (Alpine, 128MB RAM) β
β crowdsec β 192.168.1.127 β WAF / Security engine (the bouncer) β
βββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββ€
β β PRIVATE NET β 192.168.99.0/24 β
βββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββ€
β lxc-postgresql-16 β 192.168.99.2 β PostgreSQL in LXC (the elephant) β
β lxc-kafka β 192.168.99.2 β Kafka (enterprise cosplay) β
βββββββββββββββββββββββ΄βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β THE INTERNET β
β (where the danger lives) β
βββββββββββββββββββββββββ¬βββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLOUDFLARE β
β DNS, Firewall, "Please don't DDoS me" layer β
β Domain: datrollout.dev (nice) β
β (Managed by Terraform) β
βββββββββββββββββββββββββ¬βββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β UPTIMEROBOT β
β "Is it down? Let me text you at 3 AM" β
β (Also Terraform'd) β
βββββββββββββββββββββββββ¬βββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PROXMOX VE (pve-master) β
β (The hypervisor that runs everything) β
β 192.168.1.120 β
β β
β βββββββββββββββββββββββββββ π PRODUCTION βββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π³ UBUNTU-SERVER VM (192.168.1.121) β β
β β "The Docker Workhorse" β β
β β (Managed by ansible/core) β β
β β β β
β β ββββββββββββββ TRAEFIK v3.6.7 (The Gateway) ββββββββββββββ β β
β β β :80/:443 β CrowdSec middleware β Services β β β
β β β Let's Encrypt SSL via Cloudflare DNS challenge β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β β
β β βΌ β β
β β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β GitLab β βVaultwardenβ β Jellyfin β βNextcloud β β β
β β β CI/CD β β Passwords β β "Linux β β Files β β β
β β β + Repos β β β β ISOs" β β β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β βqBittorrentβ βAgent DVR β β useless- β β β
β β β "Linux β β Cameras β β app.yamlβ β β
β β β ISOs" β β π₯ β β ??? β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β π OBSERVABILITY STACK β β β
β β β Prometheus β Grafana β Loki β Alloy β InfluxDB β cAdvisor β β
β β β "Watching containers die in 4K" β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β πΎ Backups: restic β rclone β cloud (I learned the hard way) β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π¬ SONARQUBE VM (192.168.1.125) β β
β β Code Quality Analysis β β
β β "Yes, I run static analysis on my homelab code" β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π¦ LXC CONTAINERS β β
β β (Because VMs are too mainstream) β β
β β β β
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β β
β β β PostgreSQL 16 β β Kafka β β CoreDNS β β β
β β β 192.168.99.2 β β 192.168.99.x β β 192.168.1.126 β β β
β β β 4GB RAM β β 8GB RAM β β 128MB RAM π β β β
β β β (Private Net) β β (Private Net) β β Alpine Linux β β β
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β β
β β β β
β β βββββββββββββββββββ β β
β β β CrowdSec WAF β β β
β β β 192.168.1.127 β β "You shall not pass" β β
β β β LAPI + AppSec β β β
β β βββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π‘οΈ SECURITY LAYER (The Actually Serious Part) β β
β β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β TRAEFIK v3.6.7 (192.168.30.50 / :80, :443) β β β
β β β β’ Reverse proxy for all services β β β
β β β β’ Let's Encrypt SSL via Cloudflare DNS challenge β β β
β β β β’ Prometheus metrics + access logging β β β
β β β β’ CrowdSec bouncer plugin middleware β β β
β β β β’ Cloudflare trusted IPs (CF-Connecting-IP header) β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β β
β β βΌ β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β CROWDSEC (192.168.1.127) - "The Bouncer" β β β
β β β β’ LAPI on :8080 β β β
β β β β’ AppSec engine on :7422 β β β
β β β β’ Detects: XSS, Path Traversal, Brute Force β β β
β β β β’ Mode: LIVE (blocks bad actors in real-time) β β β
β β β β’ "You shall not pass" energy β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β COREDNS (192.168.1.126) - Alpine, 128MB RAM β β β
β β β Internal DNS resolution β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π TELEPORT (192.168.1.122) β β
β β Zero-Trust Access β β
β β "SSH but make it enterprise" β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π VPN-SERVER (192.168.1.123) β β
β β OpenVPN β β
β β "For when you're not at home" β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β ποΈ HEPHAESTUS (192.168.1.124) β β
β β "Named after the Greek god of craftsmanship" β β
β β β β
β β GitLab Runner β GitHub Runner β Maven β Go β K8s Tools β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π΅οΈ THE SENTRY (Planned) β β
β β "Parental Controls via ARP Poisoning" β β
β β Because asking nicely doesn't work on tablets at 1 AM β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββ π§ͺ LAB / DEV ββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β K3s KUBERNETES CLUSTER β β
β β π§ LAB ENVIRONMENT ONLY - NOT PRODUCTION π§ β β
β β (Migration aborted, now it's a playground) β β
β β β β
β β "I tried to migrate to K8s. K8s won. Now it's where I test things β β
β β before they go to the real Docker setup. Or break things on β β
β β purpose with Chaos Mesh. Mostly the second one." β β
β β β β
β β ArgoCD β Traefik β Longhorn β Sealed Secrets β Chaos Mesh β β
β β PostgreSQL β Redis β MinIO β Vaultwarden β qBittorrent β β
β β β β
β β Status: β¨ Learning β¨ Testing β¨ Breaking β¨ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
dev-oops/
βββ ansible/ # Configuration Management
β βββ core/ # π THE PRODUCTION STUFF
β β βββ inventory.ini # The network map (192.168.1.x gang)
β β βββ hephaestus/ # CI/CD runners (Greek god = extra cool points)
β β βββ lxc/ # PostgreSQL 16, Kafka in containers
β β β βββ postgresql/ # The elephant (192.168.99.2)
β β β βββ kafka/ # Message queue for enterprise cosplay
β β βββ teleport/ # Zero-trust access (fancy SSH for fancy people)
β β βββ ubuntu-server/ # THE DOCKER WORKHORSE
β β β βββ apps/ # GitLab, Jellyfin, Nextcloud, qBittorrent...
β β β β βββ useless-app.yaml # Yes, this exists. No, I won't explain.
β β β βββ basic/ # apt, samba, storage, swap, user management
β β β βββ observation-and-monitoring/ # Grafana, Prometheus, Loki, Alloy
β β β βββ system-cron/ # Backups via restic (I learned my lesson)
β β βββ vpn-server/ # OpenVPN because WireGuard is too easy
β βββ kubernetes/ # Kubespray configs (deprecated)
β βββ sonarqube/ # Code quality (yes, I lint my YAML. Judge me.)
β
βββ kubernetes/ # π§ͺ LAB ENVIRONMENT ONLY
β βββ argocd/ # GitOps playground
β β βββ argocd-app/ # Application definitions
β β β βββ daemon/ # Kube-Prometheus-Stack, MetalLB
β β β βββ stateful/ # PostgreSQL, Redis, MinIO, Longhorn, CHAOS MESH
β β β βββ stateless/ # Traefik, Vaultwarden, Sealed Secrets
β β βββ argocd-crd/ # ArgoCD itself (it's ArgoCD all the way down)
β βββ traefik/ # Ingress controller configs
β # β οΈ This is NOT production! Just a place to test K8s concepts
β # and break things with Chaos Mesh before giving up and
β # going back to Docker like a sensible person.
β
βββ tf/ # Terraform (Infrastructure as Code)
β βββ cloudflare/ # DNS & Storage for datrollout.dev
β βββ proxmox/ # VM provisioning
β βββ openstack/ # Because why not add another cloud?
β βββ uptimerobot/ # "Is it down?" β "Yes, check Discord"
β βββ terraform-module/ # Reusable modules (I're professionals here)
β
βββ disaster-recovery/ # For when things go wrong (often)
β βββ vaultwarden/ # Python backup scripts to MinIO
β βββ Backup/ # Because losing passwords is NOT an option
β
βββ plans/ # Future chaos documentation
βββ use-side-arm-arp-interception.md # *chef's kiss* (see below)
Traffic flows through multiple security layers before reaching any service:
Internet π
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLOUDFLARE β
β β’ DDoS protection ("Please don't hurt me") β
β β’ DNS management (datrollout.dev) β
β β’ Firewall rules (Terraform managed) β
β β’ Proxy mode enabled (hides real IP) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CF-Connecting-IP header
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TRAEFIK v3.6.7 β
β β’ Reverse proxy on 192.168.1.121:80/443 β
β β’ Let's Encrypt SSL via Cloudflare DNS challenge β
β β’ Routes: gitlab, vaultwarden, nextcloud, jellyfin, teleport... β
β β’ Every request passes through CrowdSec middleware β
β β’ Prometheus metrics + structured access logs β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β crowdsec@file middleware
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CROWDSEC (192.168.1.127) β
β LXC Container - "The Bouncer" β
β β
β LAPI (:8080) AppSec Engine (:7422) β
β ββ Decision API ββ Real-time request analysis β
β ββ Ban/Captcha ββ HTTP path traversal detection β
β ββ IP reputation ββ XSS probing detection β
β ββ Generic brute force detection β
β β
β Mode: LIVE (blocks in real-time, not just logging) β
β Failure behavior: BLOCK (if CrowdSec is down, deny all) β
β "I'd rather break the site than let hackers in" β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
Allowed
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β The actual userful services β
β GitLab β Vaultwarden β Nextcloud β Jellyfin β SonarQube β etc. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Attack Type | Detection | Response |
|---|---|---|
| Path Traversal | crowdsecurity/http-path-traversal-probing |
403 Forbidden |
| XSS Probing | crowdsecurity/http-xss-probing |
403 Forbidden |
| Brute Force | crowdsecurity/http-generic-bf |
403 + Temp Ban |
| DDoS | Cloudflare | Mitigation |
| Bot Traffic | CrowdSec community blocklists | 403 Forbidden |
# If CrowdSec AppSec is unreachable:
crowdsecAppsecUnreachableBlock: true # BLOCK EVERYTHING
# If CrowdSec fails:
crowdsecAppsecFailureBlock: true # BLOCK EVERYTHING
# Translation: "I'd rather explain downtime than a breach"ADR Status: Accepted
Codename: Homelab Sentry
mAF (mom Acceptance Factor): Pending review
When Screen Time isn't enough and you have a Proxmox server with existential anxiety, you build a Man-in-the-Middle attack framework for your home network.
Normal Network:
iPad π§ βββββββββββββββββββββββββββΊ Router π‘ βββΊ Internet
After I'm Done:
iPad π§ βββΊ Sentry VM π΅οΈ βββΊ Router π‘ βββΊ Internet
β
βββ "Is it 1 AM? DROP PACKET."
βββ "Is it homework time? Block YouTube DNS."
βββ "Alert Dad via Telegram Bot."
- ARP Poisoning: Whispers to the iPad: "I am the router now"
- Time-based blocking: No internet after 1 AM (the hard way)
- DNS Sinkholing: YouTube resolves to a "Go to bed" page
- Telegram Bot:
/allow 1hwhen they've been good - Graceful Shutdown: Floods correct ARP packets on exit so WiFi doesn't die when Proxmox reboots
- IP conflicts if I mess up broadcasts
- Explaining to my mom why I'm "hacking the children"
- Slight latency increase (4K streaming might suffer)
- The kids might learn networking to fight back
| Tool | Purpose | Status |
|---|---|---|
| Proxmox VE | Hypervisor | π’ Running (pve-master) |
| Terraform | Infrastructure as Code | π’ Running |
| Cloudflare | DNS & Security | π’ Running |
| OpenStack | ??? | π‘ It's in the tf folder, I'll figure it out |
| Tool | Purpose | Chaos Level |
|---|---|---|
| Ansible | Server configuration (π PRODUCTION) | π₯π₯ Medium (YAML indentation trauma) |
| ansible/core | The actual production playbooks | π₯π₯ Medium (but it works!) |
| Kubespray | K8s deployment | π₯π₯π₯ Deprecated (I gave up) |
| Tool | Purpose | Environment | Chaos Level |
|---|---|---|---|
| Docker | Container runtime | π PRODUCTION | π₯π₯ Medium (I know this one) |
| Traefik | Reverse proxy & SSL | π PRODUCTION | π₯π₯ Medium (middleware inception) |
| K3s | Lightweight Kubernetes | π§ͺ LAB ONLY | π₯π₯π₯π₯ Extreme (it's still Kubernetes) |
| ArgoCD | GitOps deployment | π§ͺ LAB ONLY | π₯π₯ Medium (fun to learn) |
| Longhorn | Distributed storage | π§ͺ LAB ONLY | π₯π₯π₯ High (distributed = distributed problems) |
| Chaos Mesh | Breaking things on purpose | π§ͺ LAB ONLY | π₯π₯π₯π₯π₯ MAXIMUM (by design) |
Why K8s is lab-only: I tried to migrate from Docker to K8s. I really did. But you know what? Docker Compose + Ansible just worksβ’. The K8s cluster now serves as a playground for learning, testing configs, and occasionally running Chaos Mesh to watch pods die for educational purposes.
| Tool | Purpose | Chaos Level |
|---|---|---|
| Prometheus | Metrics collection | π₯π₯ Medium |
| Grafana | Pretty dashboards | π₯ Low (the fun part) |
| Loki | Log aggregation | π₯π₯ Medium |
| Alloy | Telemetry collector | π₯π₯ Medium (new hotness) |
| InfluxDB | Time-series DB | π₯π₯ Medium |
| UptimeRobot | External monitoring | π₯ Low (it texts me at 3 AM) |
| App | Purpose | Why |
|---|---|---|
| GitLab | Git hosting & CI/CD | Self-hosted GitHub at home |
| Vaultwarden | Password manager | Because I can't remember anything |
| Nextcloud | File sync | Google Drive but with more RAM usage |
| Jellyfin | Media server | "Linux ISOs" streaming |
| qBittorrent | Torrent client | For "Linux ISOs" |
| Agent DVR | Security cameras | Watching the driveway, professionally |
| PostgreSQL | Database | The elephant in the room |
| Kafka | Message queue | Because why not? |
| Redis | Cache | Speed |
| MinIO | Object storage | S3 at home (for backups, mostly) |
| Teleport | Zero-trust access | SSH but enterprise-grade |
| SonarQube | Code quality | Yes, I lint my homelab code |
| useless-app | Unknown | The YAML exists. That's all I know. |
| Tool | Purpose | Vibe |
|---|---|---|
| Traefik v3.6.7 | Reverse proxy + SSL | The front door |
| CrowdSec | WAF + Threat detection | The bouncer |
| CoreDNS | Internal DNS | 128MB of pure resolution |
| Cloudflare | DDoS + DNS + CDN | The bodyguard |
| Let's Encrypt | SSL certs | Free HTTPS via DNS challenge |
Named after the Greek god of fire, metalworking, and craftsmanship, our CI/CD runner infrastructure auto-provisions:
- π¨ GitLab Runner β for the self-hosted git
- π GitHub Runner β for the cloud repos
- β Maven β Java builds
- πΉ Golang β Go builds
- π‘ K8s Tools β kubectl, helm, the works
- π³ Docker β containers all the way down
All managed by Ansible because manually installing runners is for mortals.
- Deleted production database (it was just my passwords, no big deal)
- Ran
terraform destroyon the wrong workspace - Forgot to backup before "quick fix"
- Locked myself out of my own server
- Filled up the boot disk with logs
- Created an infinite ArgoCD sync loop
- Misconfigured firewall, couldn't SSH in
- Tried to migrate from Docker to K8s
- Gave up on K8s migration (Docker + Ansible supremacy)
- Kept K8s cluster anyway as "learning environment" (cope)
- Installed Chaos Mesh and immediately regretted it
- Successfully ARP-spoofed my kids (coming soon)
- Lost data permanently (knock on wood πͺ΅)
- Always backup Vaultwarden β hence the Python scripts to MinIO
- Docker + Ansible is fine β K8s is cool but production uptime is cooler
- K8s is great... for learning β keep it as a lab, not production
- Chaos Mesh is both amazing and terrifying β USE WITH CAUTION (in lab only)
- Name things after Greek gods β makes debugging feel epic
- Document your ARP spoofing plans β your future self will thank you
- LXC for databases, VMs for apps β this actually works really well
| File | What It Does | Concern Level |
|---|---|---|
useless-app.yaml |
Deploys... something? | π€· |
use-side-arm-arp-interception.md |
Tactical child network control | π |
delete-crd.sh |
Exactly what it sounds like | π |
chaos-mesh/argo-app.yaml |
Automated breaking things | π₯ |
backup.sh (in Vaultwarden) |
The most important file | π |
# Step 1: Clone this chaos
git clone https://github.com/ngodat0103/dev-oops.git
cd dev-oops
# Step 2: Terraform your cloud resources
cd tf/cloudflare && terraform init && terraform apply
# Step 3: Ansible your PRODUCTION servers (the real stuff)
cd ../../ansible/core
ansible-playbook -i inventory.ini ubuntu-server/basic/apt.yaml # Base setup
ansible-playbook -i inventory.ini ubuntu-server/apps/gitlab.yaml # GitLab
ansible-playbook -i inventory.ini ubuntu-server/apps/traefik.yaml # Reverse proxy
ansible-playbook -i inventory.ini lxc/postgresql/0-manage-postgresql.yaml # DB
# Step 4: (Optional) Play with K8s lab environment
cd ../../kubernetes/argocd
# This is just for learning, not production. Go wild. Break things.
kubectl apply -f argocd-crd/
# Step 5: Watch it all in Grafana
# Step 6: Get paged at 3 AM by UptimeRobot
# Step 7: Fix it half-asleep
# Step 8: Write a postmortem you'll never read
# Step 9: RepeatThis is my personal homelab, so contributions are... unexpected? But if you:
- Found a security issue β Please tell me (nicely)
- Have a suggestion β Open an issue
- Want to judge my YAML β Fair enough
- Know why
useless-app.yamlexists β Please enlighten me - Have better parental control ideas than ARP poisoning β I'm listening
βββββββββββββββββββββββββββββββββββββββ
β My Mental State β
β β
β βββββββββββ βββββββββββ β
β β Anxiety ββββββΊβ Coffee β β
β βββββββββββ ββββββ¬βββββ β
β β² β β
β β βΌ β
β ββββββ΄βββββ βββββββββββ β
β β 3 AM ββββββ Alerts β β
β β Panic β βββββββββββ β
β βββββββββββ β
βββββββββββββββββββββββββββββββββββββββ
This project is licensed under the "Works On My Machine" license.
You're free to:
- Copy this and break your own stuff
- Learn from my mistakes
- Laugh at my configuration choices
- Question my parenting techniques
- Wonder why anyone needs Chaos Mesh at home
Powered by caffeine, spite, and 56 Xeon cores that could heat a small apartment.