Ankhmorpork

📖 Overview

This is a mono repository for @paulfantom home infrastructure and Kubernetes cluster. Project utilizes Infrastructure as Code to automate provisioning, operating, and updating self-hosted services.

⛵ Kubernetes

Installation

Cluster is k3s provisioned on bare-metal hosts with latest LTS Ubuntu OS using a modified version of Ansible role provided by k3s project.

🔸 Click here to see my Ansible playbooks and roles.

Components

Logo	Name	Description
	Jsonnet	Data templating language
	GitHub Actions	CI system
	Ansible	Automate bare metal provisioning and configuration
	Ubuntu	Base OS for Kubernetes nodes
	K3s	Lightweight distribution of Kubernetes
	Kubernetes	Container-orchestration system, the backbone of this project
	kured	Kubernetes Reboot Daemon
	TopoLVM	Local storage based on LVM
	Longhorn	Distributed block storage
	Minio	S3 storage
	Flux	GitOps tool built to deploy applications to Kubernetes
	ExternalSecrets	Secrets and encryption management system
	MetalLB	Bare metal load-balancer for Kubernetes
	cert-manager	Cloud native certificate management
	Cloudflare	DNS
	Traefik	Kubernetes Ingress Controller
	oauth2-proxy	Authentication proxy
	Prometheus	Systems monitoring and alerting toolkit
	Thanos	Metrics datalake
	Grafana	Operational dashboards
	Cloudnative-pg	Postgres Controller
	Homer	Portal Site
	HomeAssistant	Home Automation System
	ESPhome	Microcontrollers Management
	Tandoor	Cookbook
	Photoprism	Photo Management
	Paperless-ngx	Document Management
AND	MANY	OTHERS

GitOps

Flux watches manifests/ subdirectories in base and apps top-level directories and makes changes based on YAML manifests. Where possible YAML manifests are generated from jsonnet code.

🌐 DNS

Ingress Controller

Over WAN, I have port-forwarded ports 80 and 443 to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.

Internal DNS

CoreDNS is deployed in a cluster and provides an internal resolution of ingress addresses as well as a proxy to NextDNS used for AdBlocking.

Dynamic DNS

My home IP can change at any given time and in order to keep my WAN IP address up to date on Cloudflare I have configured DDNS on Unifi Dream Machine Pro.

💽 Network Attached Storage

QNAP NAS TS-431DeU is used to manage NFS shares and backup them to B2 cloud using HBS.

🔧 Hardware

✨ Features

Project status: Alpha

• [x] Common applications: Plex, Nextcloud, HomeAssistant, Ghost...
• [x] Automated Kubernetes installation and management
• [x] Monitoring and alerting
• [x] Modular architecture, easy to add or remove features/components
• [x] Automated certificate management
• [x] Installing and managing applications using GitOps
• [x] CI/CD platform
• [x] Distributed storage
• [ ] Automatically update DNS records for exposed services 🚧
• [ ] Automated bare metal provisioning with PXE boot 🚧
• [ ] Support multiple environments (dev, stag, prod) 🚧
• [ ] Automated in-cluster offsite backups 🚧
• [ ] Single sign-on 🚧

🤝 Contributing

Any contributions you make, either big or small, are greatly appreciated.

🔏 Security

If you find any security issue please ping me using one of following contact mediums:

• twitter DM (@paulfantom)
• kubernetes slack (@paulfantom)
• freenode IRC (@paulfantom)
• email ([email protected])

🏛️ License

Distributed under the MIT License. See LICENSE for more information.