homelab

A homelab for self-hosting open source software.

Architecture

Infrastructure Stack

Infrastructure & Orchestration	Terraform Ansible Docker Kubernetes
Virtualization & Operating Systems	Proxmox Ubuntu Linux Talos Linux
Networking & Security	Cloudflare Tailscale Caddy Traefik
Cloud & DevOps	AWS FluxCD
Monitoring & Observability	Prometheus Grafana Loki
Applications & Databases	n8n PostgreSQL Commafeed Dokploy Portainer Longhorn

Setup

The entire homelab can be provisioned with a single command:

terraform apply

This will:

1. Setup Secrets Manager - Create an AWS SSM Parameter Store for all secrets
2. Configure Cloudflare DNS - Set up CNAME records for all deployed services behind a reverse proxy.
3. Provision VMs - Create 3 Talos Linux VMs on Proxmox (1 control plane, 2 workers) with:
   • 2 cores, 2GB RAM, 20GB disk each
   • Static IPs
   • Custom Talos image with QEMU guest agent and Tailscale extensions
4. Bootstrap Kubernetes - Initialize a 3-node Kubernetes cluster:
   • Generate machine secrets and certificates
   • Apply machine-specific patched Talos configurations
   • Bootstrap etcd and Kubernetes API server on the control-plane node
5. Set up Tailscale - Configure VPN networking:
   • Create Access Control Lists (ACLs) for network policies
   • Generate OAuth2 client credentials for Kubernetes Operator integration
   • Auto-enroll all VMs in the Tailscale network
6. Deploy applications
   • Automatically discover and create namespaces from kubernetes/apps/ directories
   • Deploy all Kubernetes manifests (deployments, services, ingress, PVCs)
   • Install Tailscale Operator via Helm for secure ingress management