viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add architecture documentation for all infrastructure subsystems [ci skip]

Browse source 
14 docs covering networking, VPN, storage, authentication, security,
monitoring, secrets, CI/CD, backup/DR, compute, databases, and
multi-tenancy. Each doc includes Mermaid diagrams, component tables,
configuration references, decision rationale, and troubleshooting.
This commit is contained in:
Viktor Barzin 2026-03-24 00:55:25 +02:00
parent 31767ed8e7
commit 5a42643176
15 changed files with 5340 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

44
docs/README.md Normal file
View file

@ -0,0 +1,44 @@
# Infrastructure Documentation
This repository contains the configuration and documentation for a homelab Kubernetes cluster running on Proxmox. The infrastructure hosts 70+ services managed declaratively with Terraform and Terragrunt.
## Quick Reference
### Network Ranges
- **Physical Network**: `192.168.1.0/24` - Physical devices and host network
- **Management VLAN 10**: `10.0.10.0/24` - Infrastructure VMs and management
- **Kubernetes VLAN 20**: `10.0.20.0/24` - Kubernetes cluster network
### Key URLs
- **Public**: `viktorbarzin.me`
- **Internal**: `viktorbarzin.lan`
## Architecture Documentation
| Document | Description |
|----------|-------------|
| [Overview](architecture/overview.md) | Infrastructure overview, hardware specs, VM inventory, and service catalog |
| [Networking](architecture/networking.md) | Network topology, VLANs, routing, and firewall rules |
| [VPN](architecture/vpn.md) | Headscale mesh VPN and Cloudflare Tunnel configuration |
| [Storage](architecture/storage.md) | TrueNAS NFS, democratic-csi, and persistent volume management |
| [Authentication](architecture/authentication.md) | Authentik SSO, OIDC flows, and service integration |
| [Security](architecture/security.md) | CrowdSec IPS, Kyverno policies, and security controls |
| [Monitoring](architecture/monitoring.md) | Prometheus, Grafana, Loki, and observability stack |
| [Secrets Management](architecture/secrets.md) | HashiCorp Vault integration and secret rotation |
| [CI/CD](architecture/ci-cd.md) | Woodpecker CI pipeline and deployment automation |
| [Backup & DR](architecture/backup-dr.md) | Backup strategy, disaster recovery, and restore procedures |
| [Compute](architecture/compute.md) | Proxmox VMs, GPU passthrough, K8s resource management, and VPA |
| [Databases](architecture/databases.md) | PostgreSQL, MySQL, Redis, and database operators |
| [Multi-tenancy](architecture/multi-tenancy.md) | Namespace isolation, tier system, and resource quotas |
## Operations
- [Runbooks](../runbooks/) - Step-by-step operational procedures
- [Plans](../plans/) - Infrastructure change plans and rollout strategies
## Getting Started
1. Review the [Overview](architecture/overview.md) for a high-level understanding
2. Read the [Networking](architecture/networking.md) doc to understand connectivity
3. Check [Compute](architecture/compute.md) for resource management patterns
4. Explore individual architecture docs based on your area of interest