infra/docs/README.md

# Infrastructure Documentation

This repository contains the configuration and documentation for a homelab Kubernetes cluster running on Proxmox. The infrastructure hosts 70+ services managed declaratively with Terraform and Terragrunt.

## Quick Reference

### Network Ranges
- **Physical Network**: `192.168.1.0/24` - Physical devices and host network
- **Management VLAN 10**: `10.0.10.0/24` - Infrastructure VMs and management
- **Kubernetes VLAN 20**: `10.0.20.0/24` - Kubernetes cluster network

### Key URLs
- **Public**: `viktorbarzin.me`
- **Internal**: `viktorbarzin.lan`

## Architecture Documentation

| Document | Description |
|----------|-------------|
| [Overview](architecture/overview.md) | Infrastructure overview, hardware specs, VM inventory, and service catalog |
| [Networking](architecture/networking.md) | Network topology, VLANs, routing, and firewall rules |
| [VPN](architecture/vpn.md) | Headscale mesh VPN and Cloudflare Tunnel configuration |
| [Storage](architecture/storage.md) | Proxmox host NFS, Proxmox CSI (LVM-thin + LUKS2), and persistent volume management |
| [Authentication](architecture/authentication.md) | Authentik SSO, OIDC flows, and service integration |
| [Security](architecture/security.md) | CrowdSec IPS, Kyverno policies, and security controls |
| [Monitoring](architecture/monitoring.md) | Prometheus, Grafana, Loki, and observability stack |
| [Secrets Management](architecture/secrets.md) | HashiCorp Vault integration and secret rotation |
| [CI/CD](architecture/ci-cd.md) | Woodpecker CI pipeline and deployment automation |
| [Backup & DR](architecture/backup-dr.md) | Backup strategy, disaster recovery, and restore procedures |
| [Compute](architecture/compute.md) | Proxmox VMs, GPU passthrough, K8s resource management, and VPA |
| [Databases](architecture/databases.md) | PostgreSQL, MySQL, Redis, and database operators |
| [Multi-tenancy](architecture/multi-tenancy.md) | Namespace isolation, tier system, and resource quotas |

## Operations

- [Runbooks](../runbooks/) - Step-by-step operational procedures
- [Plans](../plans/) - Infrastructure change plans and rollout strategies

## Getting Started

1. Review the [Overview](architecture/overview.md) for a high-level understanding
2. Read the [Networking](architecture/networking.md) doc to understand connectivity
3. Check [Compute](architecture/compute.md) for resource management patterns
4. Explore individual architecture docs based on your area of interest
add architecture documentation for all infrastructure subsystems [ci skip] 14 docs covering networking, VPN, storage, authentication, security, monitoring, secrets, CI/CD, backup/DR, compute, databases, and multi-tenancy. Each doc includes Mermaid diagrams, component tables, configuration references, decision rationale, and troubleshooting. 2026-03-24 00:55:25 +02:00			`# Infrastructure Documentation`

			`This repository contains the configuration and documentation for a homelab Kubernetes cluster running on Proxmox. The infrastructure hosts 70+ services managed declaratively with Terraform and Terragrunt.`

			`## Quick Reference`

			`### Network Ranges`
			- Physical Network: `192.168.1.0/24` - Physical devices and host network
			- Management VLAN 10: `10.0.10.0/24` - Infrastructure VMs and management
			- Kubernetes VLAN 20: `10.0.20.0/24` - Kubernetes cluster network

			`### Key URLs`
			- Public: `viktorbarzin.me`
			- Internal: `viktorbarzin.lan`

			`## Architecture Documentation`

			`\| Document \| Description \|`
			`\|----------\|-------------\|`
			`\| [Overview](architecture/overview.md) \| Infrastructure overview, hardware specs, VM inventory, and service catalog \|`
			`\| [Networking](architecture/networking.md) \| Network topology, VLANs, routing, and firewall rules \|`
			`\| [VPN](architecture/vpn.md) \| Headscale mesh VPN and Cloudflare Tunnel configuration \|`
[docs] TrueNAS decommission cleanup — remove references from active docs TrueNAS VM 9000 was operationally decommissioned 2026-04-13; NFS has been served by Proxmox host (192.168.1.127) since. This commit scrubs remaining references from active docs. VM 9000 itself remains on PVE in stopped state pending user decision on deletion. In-session cleanup already landed: reverse-proxy ingress + Cloudflare record removed; Technitium DNS records deleted; Vault truenas_{api_key,ssh_private_key} purged; homepage_credentials.reverse_proxy.truenas_token removed; truenas_homepage_token variable + module deleted; Loki + Dashy cleaned; config.tfvars deprecated DNS lines removed; historical-name comment added to the nfs-truenas StorageClass (48 bound PVs, immutable name — kept). Historical records (docs/plans/, docs/post-mortems/, .planning/) intentionally untouched — they describe state at a point in time. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-19 16:55:43 +00:00			`\| [Storage](architecture/storage.md) \| Proxmox host NFS, Proxmox CSI (LVM-thin + LUKS2), and persistent volume management \|`
add architecture documentation for all infrastructure subsystems [ci skip] 14 docs covering networking, VPN, storage, authentication, security, monitoring, secrets, CI/CD, backup/DR, compute, databases, and multi-tenancy. Each doc includes Mermaid diagrams, component tables, configuration references, decision rationale, and troubleshooting. 2026-03-24 00:55:25 +02:00			`\| [Authentication](architecture/authentication.md) \| Authentik SSO, OIDC flows, and service integration \|`
			`\| [Security](architecture/security.md) \| CrowdSec IPS, Kyverno policies, and security controls \|`
			`\| [Monitoring](architecture/monitoring.md) \| Prometheus, Grafana, Loki, and observability stack \|`
			`\| [Secrets Management](architecture/secrets.md) \| HashiCorp Vault integration and secret rotation \|`
			`\| [CI/CD](architecture/ci-cd.md) \| Woodpecker CI pipeline and deployment automation \|`
			`\| [Backup & DR](architecture/backup-dr.md) \| Backup strategy, disaster recovery, and restore procedures \|`
			`\| [Compute](architecture/compute.md) \| Proxmox VMs, GPU passthrough, K8s resource management, and VPA \|`
			`\| [Databases](architecture/databases.md) \| PostgreSQL, MySQL, Redis, and database operators \|`
			`\| [Multi-tenancy](architecture/multi-tenancy.md) \| Namespace isolation, tier system, and resource quotas \|`

			`## Operations`

			`- [Runbooks](../runbooks/) - Step-by-step operational procedures`
			`- [Plans](../plans/) - Infrastructure change plans and rollout strategies`

			`## Getting Started`

			`1. Review the [Overview](architecture/overview.md) for a high-level understanding`
			`2. Read the [Networking](architecture/networking.md) doc to understand connectivity`
			`3. Check [Compute](architecture/compute.md) for resource management patterns`
			`4. Explore individual architecture docs based on your area of interest`