Ankhmorpork
π Overview
This is a mono repository for @paulfantom home infrastructure and Kubernetes cluster. Project utilizes Infrastructure as Code to automate provisioning, operating, and updating self-hosted services.
β΅ Kubernetes
Installation
Cluster is k3s provisioned on bare-metal Ubuntu 20.04 using a modified version of Ansible role provided by k3s project.
πΈ Click here to see my Ansible playbooks and roles.
Components
| Logo | Name | Description |
|---|---|---|
 |
Jsonnet | Data templating language |
 |
GitHub Actions | CI system |
 |
Ansible | Automate bare metal provisioning and configuration |
 |
Ubuntu | Base OS for Kubernetes nodes |
 |
K3s | Lightweight distribution of Kubernetes |
 |
Kubernetes | Container-orchestration system, the backbone of this project |
 |
kured | Kubernetes Reboot Daemon |
 |
Flux | GitOps tool built to deploy applications to Kubernetes |
| SealedSecrets | Secrets and encryption management system | |
 |
MetalLB | Bare metal load-balancer for Kubernetes |
 |
cert-manager | Cloud native certificate management |
 |
Cloudflare | DNS |
 |
NGINX | Kubernetes Ingress Controller |
 |
oauth2-proxy | Authentication proxy |
 |
Prometheus | Systems monitoring and alerting toolkit |
 |
Grafana | Operational dashboards |
 |
Parca | Continuous profiling |
 |
Loki | Log aggregation system |
 |
Homer | Portal Site |
 |
HomeAssistant | Home Automation System |
 |
ESPhome | Microcontrollers Management |
 |
Mealie | Cookbook |
 |
Photoprism | Photo Management |
 |
Paperless-ngx | Document Management |
| AND | MANY | OTHERS |
GitOps
Flux watches manifests/ subdirectories in base and apps top-level directories and makes changes based on YAML manifests. Where possible YAML manifests are generated from jsonnet code.
π DNS
Ingress Controller
Over WAN, I have port forwarded ports 80 and 443 to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.
Internal DNS
CoreDNS is deployed in a cluster and provides an internal resolution of ingress addresses as well as a proxy to NextDNS used for AdBlocking.
Dynamic DNS
My home IP can change at any given time and in order to keep my WAN IP address up to date on Cloudflare I have configured DDNS on Unifi Dream Machine Pro.
π½ Network Attached Storage
QNAP NAS TS-431DeU is used to manage NFS shares and backup them to B2 cloud using HBS.
π§ Hardware
| Device | Count | RAM | Storage | Connectivity | Purpose |
|---|---|---|---|---|---|
| Unifi Dream Machine Pro | 1 | N/A | N/A | 8x GbE + 2xSFP+ | Router/NVR |
| Unifi US-16-PoE switch | 1 | N/A | N/A | 16x GbE + 2xSFP | Main Switch |
| QNAP TS-431DeU | 1 | 16GB | 2x240NVMe RAID1 + 4x3TB RAID5 | 2x 2.5GbE LACP | NAS |
| Raspberry Pi 4B | 3 | 4GB | 64GB SSD + 32GB SD Card | 1x GbE | K8S Node |
| Raspberry Pi 3B+ | 2 | 1GB | 16GB SD Card | 1x GbE | K8S Node |
| Custom-built Server | 1 | 64GB | 240NVMe + 1TB SSD | 2x GbE LACP + 1GbE | K8S Node w/GPU |
β¨ Features
Project status: Alpha
- Common applications: Plex, Nextcloud, HomeAssistant, Ghost...
- Automated Kubernetes installation and management
- Monitoring and alerting
- Modular architecture, easy to add or remove features/components
- Automated certificate management
- Installing and managing applications using GitOps
- CI/CD platform
- Automatically update DNS records for exposed services π§
- Distributed storage π§
- Automated bare metal provisioning with PXE boot π§
- Support multiple environments (dev, stag, prod) π§
- Automated offsite backups π§
- Single sign-on π§
π€ Contributing
Any contributions you make, either big or small, are greatly appreciated.
π Security
If you find any security issue please ping me using one of following contact mediums:
- twitter DM (@paulfantom)
- kubernetes slack (@paulfantom)
- freenode IRC (@paulfantom)
- email (paulfantom+security@gmail.com)
ποΈ License
Distributed under the MIT License. See LICENSE for more information.