This repository documents the design, architecture, and operational principles of a Linux-based self-hosted infrastructure environment.
The objective is not to document a specific hardware configuration or deployment, but to describe the architectural decisions, infrastructure services, and design principles used to build and evolve the environment.
The repository focuses on stable infrastructure foundations, including naming, routing, identity management, trust, and storage.
The infrastructure is designed around several core objectives:
- Stable service identities
- Centralized routing
- Centralized identity management
- Explicit trust relationships
- Simplified operations
- Long-term maintainability
- Incremental evolution
The architecture prioritizes clear responsibilities and predictable operational behavior over unnecessary complexity.
High-level architectural concepts and infrastructure design.
architecture/
├── overview.md
├── network.md
├── identity.md
└── security.md
Documentation for individual infrastructure services and components.
projects/
├── dns.md
├── reverse-proxy.md
├── freeipa.md
├── internal-ca.md
└── storage.md
Architectural principles and technology decisions.
decisions/
├── design-principles.md
├── services-over-hosts.md
├── identity-over-location.md
├── single-entry-point.md
├── docker-as-runtime.md
└── not-yet-kubernetes.md
The architecture is guided by several recurring principles:
- Build foundations first
- Services over hosts
- Identity over location
- Explicit trust
- Controlled complexity
- Simplicity over novelty
- Evolution over redesign
These principles are documented in greater detail within the "decisions/" directory.
Recommended reading order:
- "architecture/overview.md"
- "architecture/network.md"
- "architecture/identity.md"
- "architecture/security.md"
- "decisions/design-principles.md"
- "decisions/services-over-hosts.md"
- "decisions/identity-over-location.md"
- "decisions/single-entry-point.md"
- "decisions/docker-as-runtime.md"
- "decisions/not-yet-kubernetes.md"
- "projects/dns.md"
- "projects/reverse-proxy.md"
- "projects/freeipa.md"
- "projects/internal-ca.md"
- "projects/storage.md"
Infrastructure should support services rather than define them.
Technology choices are evaluated based on operational requirements, maintainability, and long-term flexibility rather than trends or feature availability.
The objective is to build systems that remain understandable, adaptable, and maintainable as requirements evolve.
A recurring principle throughout the repository is:
Complexity cannot be eliminated, only relocated.
Architectural decisions therefore focus on placing complexity where it is easiest to understand, maintain, and operate.
This repository documents an evolving infrastructure design.
Individual implementations may change over time, but the architectural principles and design decisions are intended to remain stable and guide future evolution.