A comprehensive Infrastructure as Code (IaC) homelab implementation featuring containerized services, automated provisioning, and security-first architecture. This repository serves as a complete blueprint for deploying production-ready self-hosted infrastructure across multi-tier environments.
This homelab implements a multi-tier containerized architecture with:
- Three segregated Docker environments: DMZ, Internal, and Lab tiers
- Multi-cloud infrastructure: Proxmox (on-premises) + Linode + Cloudflare integration
- Comprehensive service mesh: 50+ self-hosted applications and services
- Security-first design: WAF, SSO, network segmentation, and automated certificate management
- Full automation: Infrastructure provisioning (Terraform) + Configuration management (Ansible)
- Infrastructure as Code: Git serves as the single source of truth for all infrastructure
- Environment Agnostic: Variable-driven configurations supporting lab/staging/production deployments
- Security by Design: Public repository encouraging secure secret management and best practices
- Simplicity Over Complexity: Preference for straightforward solutions over complex templating
- Self-Hosted First: Emphasis on data sovereignty and privacy
- Authentik - Enterprise SSO/OIDC provider
- Vaultwarden - Self-hosted password manager
- HashiCorp Vault - Secrets management
- Wazuh - SIEM/security monitoring platform
- Traefik (Multi-instance) - Load balancing with WAF capabilities
- Cloudflared - Secure tunnel management
- Squid - Caching proxy server
- Gatus - Service health monitoring
- Grafana - Data visualization
- Uptime Kuma - Uptime monitoring
- Beszel - Infrastructure monitoring
- Dozzle - Docker log aggregation
- Code Server - Web-based VS Code IDE
- Forgejo - Self-hosted Git service
- Nextcloud AIO - Collaboration platform
- Hedgedoc - Collaborative markdown editor
- IT Tools - Developer utilities collection
- Jellyfin - Media server with GPU transcoding
- Immich - Self-hosted photo management
- Home Assistant - Home automation platform
- Synapse - Matrix homeserver
- LibreChat/OpenWebUI - AI chat interfaces
- Actual - Personal finance management
- Firefly III - Financial management
- Vikunja - Task management
- Paperless-NGX - Document management
- AnythingLLM - Document chat with LLM
- OpenAI Proxy - API proxy services
- Proxmox VE: Primary virtualization platform with VM/LXC management
- Docker: Container orchestration across multiple environments
- Kubernetes: K3s cluster for container orchestration (testing)
- Linode: External proxy instances and public-facing services
- Cloudflare: DNS management, CDN, and secure tunnel services
- AWS/Azure: Multi-cloud deployment configurations
- Terraform: Infrastructure provisioning across multiple providers
- Ansible: Configuration management and system hardening
- Watchtower: Automated container updates
- Dockge: Docker Compose stack management
βββ ansible/ # Configuration management & automation
β βββ playbook/ # Ansible playbooks for system configuration
β βββ inventory/ # Environment-specific inventory files
βββ dockerdmz01/ # DMZ tier - External-facing services
βββ dockerint01/ # Internal tier - Private services
βββ dockerlab01/ # Lab tier - Development & testing
βββ terraform/ # Infrastructure provisioning
β βββ aws/ # AWS resources
β βββ azure/ # Azure resources
β βββ cloudflare/ # DNS & CDN management
β βββ linode/ # Linode instances
β βββ proxmox/ # VM/LXC provisioning
βββ scripts/ # Automation scripts
β βββ bash/ # System setup & maintenance
β βββ cloudflare_ddns/ # Dynamic DNS management
β βββ proxmox/ # VM template management
βββ docs/ # Documentation & reference materials
- Proxmox VE cluster (primary compute)
- Cloudflare account (DNS management)
- Terraform >= 1.0
- Ansible >= 2.9
- Docker & Docker Compose
-
Clone Repository
git clone <repository-url> cd home
-
Configure Variables
# Copy and edit terraform variables cp terraform/proxmox/sample.tfvars terraform/proxmox/terraform.tfvars # Update Ansible inventory vim ansible/inventory/lab.yml
-
Provision Infrastructure
# Deploy VMs/LXC containers cd terraform/proxmox terraform init && terraform apply
-
Configure Systems
# Run Ansible playbooks cd ansible ansible-playbook -i inventory/lab.yml playbook/terminal-setup.yml
-
Deploy Services
# Start core services cd dockerint01/traefik docker-compose up -d # Deploy additional services as needed
- Network Segmentation: Isolated Docker networks and VLANs
- Web Application Firewall: Coraza-powered WAF with OWASP rule sets
- Single Sign-On: Centralized authentication via Authentik
- Certificate Management: Automated Let's Encrypt via DNS challenges
- Secret Management: HashiCorp Vault integration
- Access Control: Cloudflare Access for external services
- SIEM: Comprehensive logging and monitoring via Wazuh
- Gatus: https://status.yourdomain.com - Service health monitoring
- Grafana: https://grafana.yourdomain.com - Infrastructure metrics
- Authentik: https://auth.yourdomain.com - User management
# View service status
docker-compose ps
# Update all containers
docker-compose pull && docker-compose up -d
# Check Traefik routing
docker logs traefik
# Backup Vaultwarden
./scripts/backup-vaultwarden.shThis repository is designed to be publicly shareable and educational. When contributing:
- Follow Infrastructure as Code best practices
- Use variables for environment-specific configurations
- Document any new services or significant changes
- Ensure secrets are properly externalized
- Test changes in lab environment first
- Documentation: See
/docsdirectory for detailed guides - Configuration Examples: Check
/zz_Examplesfor reference configurations - Terraform Modules: Reusable infrastructure components in
/terraform - Scripts: Automation utilities in
/scripts
This homelab represents a sophisticated, production-ready infrastructure that balances security, functionality, and ease of management while maintaining strong self-hosting principles.