diff --git a/pages/docs/.vitepress/config.mts b/pages/docs/.vitepress/config.mts index 5d83970..9c736f2 100644 --- a/pages/docs/.vitepress/config.mts +++ b/pages/docs/.vitepress/config.mts @@ -8,6 +8,12 @@ export default withMermaid( title: "Rocket Cloud", description: "Documentation", themeConfig: { + search: { + provider: 'local' + }, + editLink: { + pattern: 'https://github.com/tryrocket-cloud/home-ops/edit/main/pages/docs/:path' + }, // https://vitepress.dev/reference/default-theme-config nav: [ { text: 'Home', link: '/' }, @@ -16,52 +22,108 @@ export default withMermaid( sidebar: [ { - text: 'How it works', + text: 'Overview', items: [ - { text: 'Concepts', link: '/how-it-works' }, + { text: 'Introduction', link: '/overview/introduction' }, + { text: 'Architecture', link: '/overview/architecture' }, ] }, { - text: 'Getting started', + text: 'Hardware', items: [ + { text: 'Servers and Equipment', link: '/hardware/servers-equipment' }, + { text: 'Rack Organization', link: '/hardware/rack-organization' }, + { text: 'IoT Devices', link: '/hardware/iot-devices' }, ] }, { - text: 'Development', + text: 'Network', items: [ - { text: 'Principles & Guidelines', link: '/principles-and-guidelines' }, + { text: 'Network Design', link: '/network/introduction' }, + { text: 'Router and Firewall', link: '/network/introduction' }, + { text: 'DNS and DHCP', link: '/network/introduction' }, ] }, { - text: 'Applicaitons & Services', + text: 'Compute, Containerization, and Storage Infrastructure', items: [ - { text: 'Docs (vitepress)', link: '/apps/docs' }, - { text: 'Homer', link: '/apps/homer' }, - { text: 'Status (upptime)', link: '/apps/status' }, - { text: 'Vault', link: '/apps/vault' }, - { text: 'Vaultwarden', link: '/apps/vaultwarden' }, + { text: 'Hypervisors', link: '/hypervisors' }, + { text: 'Containerization', link: '/containerization' }, + { + text: 'Hyperconverged Infrastructure (HCI)', link: '/hci', + items: [ + { text: 'Network Attached Storage (NAS)', link: '/introduction' }, + { text: 'Storage Pools', link: '/introduction' }, + { text: 'Backups and Snapshots', link: '/introduction' }, + ] + }, ] }, { - text: 'Administarion', + text: 'Services and Applications', items: [ - { text: 'Backup', link: 'backup-general' }, + { text: 'Applications', link: '/applications' }, + { text: 'Backup Solutions', link: '/introduction' }, ] }, { - text: '', + text: 'Security and Authentication', items: [ - { text: 'Server rack', link: '/rack' }, - { text: 'Evolution of the homelab', link: '/evolution' }, + { text: 'Security Layers', link: '/security-layers' }, + { text: 'Network Security', link: '/introduction' }, + { text: 'User Management and Authentication', link: '/introduction' }, + { text: 'Certificate Management', link: '/introduction' }, ] }, { - text: 'Examples', + text: 'Infrastructure Automation and Orchestration', link: '/infrastructure-automation-orchestration' + }, + { + text: 'Maintenance and Troubleshooting', items: [ - { text: 'Markdown Examples', link: '/markdown-examples' }, - { text: 'Runtime API Examples', link: '/api-examples' } + { text: 'Monitoring and Logging', link: '/introduction' }, + { text: 'Alerting', link: '/introduction' }, + { text: 'Regular Maintenance', link: '/introduction' }, + { text: 'Troubleshooting Common Issues', link: '/introduction' }, + { text: 'Disaster Recovery Plan', link: '/introduction' }, + { text: 'Dependency Management', link: '/dependancy-management' }, + ] - } + }, + { + text: 'External Services', link: '/external-services' + }, + { + text: 'References and Resources', + items: [ + { text: 'Archive', link: '/archive' }, + ] + }, + { + text: 'Future Plans and Improvements', + items: [ + { text: 'Regular Maintenance', link: '/introduction' }, + { text: 'Troubleshooting Common Issues', link: '/introduction' }, + { text: 'Disaster Recovery Plan', link: '/introduction' }, + + ] + }, + { + text: 'Development', + items: [ + { text: 'Principles & Guidelines', link: '/principles-and-guidelines' }, + ] + }, + { + text: 'Components', + items: [ + { text: 'Docs (vitepress)', link: '/apps/docs' }, + { text: 'Homer', link: '/apps/homer' }, + { text: 'Status (upptime)', link: '/apps/status' }, + { text: 'Vault', link: '/apps/vault' }, + { text: 'Vaultwarden', link: '/apps/vaultwarden' }, + ] + }, ], socialLinks: [ diff --git a/pages/docs/ansible.md b/pages/docs/ansible.md new file mode 100644 index 0000000..cab33b6 --- /dev/null +++ b/pages/docs/ansible.md @@ -0,0 +1,5 @@ +--- +outline: deep +--- + +# Ansible diff --git a/pages/docs/applications.md b/pages/docs/applications.md new file mode 100644 index 0000000..a1dca93 --- /dev/null +++ b/pages/docs/applications.md @@ -0,0 +1,129 @@ +--- +outline: deep +--- + +# Applications + +## Docs + +Docs ([Vitepress](https://vitepress.dev/)) hosted at [docs.tryrocket.cloud](https://docs.tryrocket.cloud) on Cloudflare Pages. This documentation site provides everything you need to know about using, deploying, and contributing to the application. + +The source code can be found at `pages/docs/` + +## Personal Dashboard + +Personal Dashboard ([Homer](https://github.com/bastienwirtz/homer)) hosted at [tryrocket.cloud](https://tryrocket.cloud) and provides a customizable homepage for organizing and accessing frequently used services and websites. + +[config.yml](../homer/public/assets/config.yml) + +The source code can be found at `pages/homer/` + +### Setup with Git Subtree + +```sh +# home-op/ +git remote add -f homer https://github.com/bastienwirtz/homer.git +git subtree add --prefix=pages/homer homer main --squash +``` + +### Update + +```sh +git subtree pull --prefix=pages/homer homer main --squash +``` + +## Statuspage + +[Statuspage](https://upptime.js.org/) is status page, hosted at [status.tryrocket.cloud](https://status.tryrocket.cloud) on GitHub Pages. Upptime is an open-source uptime monitor and status page powered by GitHub Actions, GitHub Pages, and GitHub Issues. It automates website monitoring and generates a status page directly from your [GitHub](https://github.com/tryrocket-cloud/upptime) repository. + +## Vault + +**HashiCorp Vault**, hosted at [vault.tryrocket.cloud](https://vault.tryrocket.cloud) and deployed on a Kubernetes Cluster. Vault is a tool for securely storing and accessing secrets, such as API keys, passwords, and certificates. The **Vault** data belongs to the [SL2](/security-layers#SL2). + +### Deployment + +The Vault deployment is managed using the official [Helm chart](https://helm.releases.hashicorp.com). Vault will be deployed and managed via an ArgoCD ApplicationSet. + +- [Helm Chart](https://github.com/hashicorp/vault-helm) +- [Default values](https://github.com/hashicorp/vault-helm/blob/main/values.yaml) +- [Documentation](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) + +### Backup + +#### Create + +::: info +To export data in JSON format, [Medusa](https://github.com/jonasvinther/medusa) is utilized. +::: + +| **Backup Type** | **Command** | +|-------------------------------------------------|-------------------------------------| +| [Export](/backup-general#export) | `j iac ansible vault-export-backup` | +| [Data](/backup-general#data) | `j iac ansible vault-data-backup` | +| [CSI Snapshots](/backup-general#csi-snapshots) | `j iac ansible vault-csi-snapshot` | +| [CSI Backups](/backup-general#csi-backups) | `j iac ansible vault-csi-backup` | + +**Full Backup** + +```sh +j iac ansible vault-backup +``` + +#### Restore + +# Links + +- [Official HashiCorp Vault Website](https://www.hashicorp.com/products/vault) +- [Vault GitHub Repository](https://github.com/hashicorp/vault) +- [Vault Documentation](https://www.vaultproject.io/docs) + +## Vaultwarden + +[Vaultwarden](https://github.com/dani-garcia/vaultwarden) is a lightweight alternative to [Bitwarden](https://bitwarden.com), hosted at [vaultwarden.tryrocket.cloud](https://vaultwarden.tryrocket.cloud) on a Kubernetes Cluster. The Vaultwarden data is [SL2](/security-layers#SL2). + +### Deployment + +### Backup + +Vaultwarden is backed up on a **daily basis** at `30 0 * * *`. + +::: info +To export data in JSON format, [Bitwarden CLI](https://github.com/bitwarden/clients) is utilized. See more in the Ansible [export-vaultwarden-vault.yaml](../../iac/ansible/export-vaultwarden-vault.yaml) playbook +::: + +#### Backup Contents + +- **Database**: The primary data store for Vaultwarden, including user credentials and secrets. +- **Configuration Files**: All configuration settings related to Vaultwarden deployment. +- **Attachments**: Any user-uploaded attachments stored within Vaultwarden. + +#### Backup Location + +The backups are securely stored in a location that ensures quick recovery in case of data loss or corruption. These backups are also periodically checked for integrity. + +#### Restoring Backups + +In case of a failure or accidental data loss, the backup can be restored manually or via the automated restore process, ensuring minimal downtime for users. + +#### Export + +```sh +j iac ansible vaultwarden-export +``` + +Type: `critical` + +Backups: + +- export +- data + +### Links + +- [GitHub](https://github.com/dani-garcia/vaultwarden) +- [Documentation](https://github.com/dani-garcia/vaultwarden/wiki) +- [Bitwarden CLI](https://github.com/bitwarden/cli) +- [DockerHub](https://hub.docker.com/r/vaultwarden/server) +- [r/Vaultwarden](https://www.reddit.com/r/Vaultwarden/) + +## Nextcloud diff --git a/pages/docs/apps/docs.md b/pages/docs/apps/docs.md deleted file mode 100644 index 0db3c0e..0000000 --- a/pages/docs/apps/docs.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -outline: deep ---- - -# Docs - -https://docs.tryrocket.cloud diff --git a/pages/docs/apps/homer.md b/pages/docs/apps/homer.md deleted file mode 100644 index f853090..0000000 --- a/pages/docs/apps/homer.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -outline: deep ---- - -# Homer - -https://docs.tryrocket.cloud - -Homer dashboard is running on Cloudflare pages. - - -## Setup with Git Subtree - -```sh -# home-op/ -git remote add -f homer https://github.com/bastienwirtz/homer.git -git subtree add --prefix=pages/homer homer main --squash -``` - -## Update - -```sh -git subtree pull --prefix=pages/homer homer main --squash -``` - diff --git a/pages/docs/apps/status.md b/pages/docs/apps/status.md deleted file mode 100644 index 05fb766..0000000 --- a/pages/docs/apps/status.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -outline: deep ---- - -# Status (upptime) - -https://status.tryrocket.cloud diff --git a/pages/docs/apps/vault.md b/pages/docs/apps/vault.md deleted file mode 100644 index de8bfdf..0000000 --- a/pages/docs/apps/vault.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -outline: deep ---- - -# Vault - -https://vault.tryrocket.cloud - -Type: `critical` - -Backups: - -- export -- data diff --git a/pages/docs/apps/vaultwarden.md b/pages/docs/apps/vaultwarden.md deleted file mode 100644 index 1cb37b0..0000000 --- a/pages/docs/apps/vaultwarden.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -outline: deep ---- - -# Vaultwarden - -https://vaultwarden.tryrocket.cloud - -## Backup and Restore - -### Export - -```sh -j iac ansible vaultwarden-export -``` - -Type: `critical` - -Backups: - -- export -- data diff --git a/pages/docs/archive.md b/pages/docs/archive.md new file mode 100644 index 0000000..0677575 --- /dev/null +++ b/pages/docs/archive.md @@ -0,0 +1,7 @@ +--- +outline: deep +--- + +# Archive + +## Used Services / Applications / Libraries diff --git a/pages/docs/assets/TSwaf1t0.jpg b/pages/docs/assets/TSwaf1t0.jpg new file mode 100644 index 0000000..98542d6 Binary files /dev/null and b/pages/docs/assets/TSwaf1t0.jpg differ diff --git a/pages/docs/assets/dell-optiplex-3080.png b/pages/docs/assets/dell-optiplex-3080.png new file mode 100644 index 0000000..7ec4907 Binary files /dev/null and b/pages/docs/assets/dell-optiplex-3080.png differ diff --git a/pages/docs/assets/dell-poweredge-r340.png b/pages/docs/assets/dell-poweredge-r340.png new file mode 100644 index 0000000..c66b565 Binary files /dev/null and b/pages/docs/assets/dell-poweredge-r340.png differ diff --git a/pages/docs/assets/mikrotik-csr326-24g-2s-rm.png b/pages/docs/assets/mikrotik-csr326-24g-2s-rm.png new file mode 100644 index 0000000..ddc01dc Binary files /dev/null and b/pages/docs/assets/mikrotik-csr326-24g-2s-rm.png differ diff --git a/pages/docs/assets/pic1.webp b/pages/docs/assets/pic1.webp new file mode 100644 index 0000000..1ac3094 Binary files /dev/null and b/pages/docs/assets/pic1.webp differ diff --git a/pages/docs/assets/pic2.webp b/pages/docs/assets/pic2.webp new file mode 100644 index 0000000..f6c6a2d Binary files /dev/null and b/pages/docs/assets/pic2.webp differ diff --git a/pages/docs/assets/pic3.webp b/pages/docs/assets/pic3.webp new file mode 100644 index 0000000..fd84c23 Binary files /dev/null and b/pages/docs/assets/pic3.webp differ diff --git a/pages/docs/assets/renovate.png b/pages/docs/assets/renovate.png new file mode 100644 index 0000000..5746c59 Binary files /dev/null and b/pages/docs/assets/renovate.png differ diff --git a/pages/docs/backup-general.md b/pages/docs/backup-general.md index a64dd78..7864238 100644 --- a/pages/docs/backup-general.md +++ b/pages/docs/backup-general.md @@ -3,6 +3,39 @@ outline: deep --- # Backup +```mermaid +gantt + title Snapshot & Backup + dateFormat HH:mm + axisFormat %H:%M + + section Machines + Truenas (h610i) : active, 00:00, 3h + ArgoCD SyncWindow deny : active, 00:00, 6h + + section ZFS + Scub : 01:00, 1h + + section Longhorn Snapshots + vaultwarden-data : 00:10, 15m + davis-data : 00:10, 15m + + section Longhorn Backups + vaultwarden-data : 00:20, 15m + davis-data : 00:20, 15m + + section restic + vaultwarden-ionos1 : 00:30, 15m + vaultwarden-ionos2 : 00:30, 15m + vaultwarden-hetzner : 00:30, 15m + vaultwarden-tryrocketcloud (weekly) : 00:30, 15m + davis-ionos1 : 00:30, 15m + davis-ionos2 : 00:30, 15m + davis-hetzner : 00:30, 15m + davis-tryrocketcloud (weekly) : 00:30, 15m +``` + + **Strategy** 3-2-1 diff --git a/pages/docs/cicd.md b/pages/docs/cicd.md new file mode 100644 index 0000000..6b20f97 --- /dev/null +++ b/pages/docs/cicd.md @@ -0,0 +1,5 @@ +--- +outline: deep +--- + +# CI/CD diff --git a/pages/docs/containerization.md b/pages/docs/containerization.md new file mode 100644 index 0000000..bcf05b9 --- /dev/null +++ b/pages/docs/containerization.md @@ -0,0 +1,61 @@ +--- +outline: deep +--- + +# Containerization + +- **Docker**: For running lightweight containers for services like Nextcloud, Vaultwarden. +- **Kubernetes (K3s)**: + - A lightweight Kubernetes distribution (K3s) is deployed to manage containerized applications across multiple nodes in the homelab. + - **Cluster Setup**: + - **Master Nodes**: 1 master node for managing the control plane. + - **Worker Nodes**: 2 worker nodes for running applications. + - **Roles**: + - **Master Node**: Manages the Kubernetes API and cluster orchestration. + - **Worker Nodes**: Execute containerized workloads across services like monitoring, home automation, and web applications. + - **Applications Deployed on Kubernetes**: + - **Nextcloud**: Self-hosted cloud storage. + - **Grafana and Prometheus**: Monitoring and metrics. + - **Plex**: Media server. + - **Storage**: Persistent volumes managed using NFS or local storage. + - **Networking**: Flannel CNI (Container Network Interface) for internal cluster + +# 6. Orchestration and Kubernetes Cluster + +## 6.1 Kubernetes Cluster Overview +- A **Kubernetes cluster** is used to orchestrate and manage containerized workloads across multiple nodes in the homelab. The cluster helps with scaling, fault tolerance, and simplified deployment of services. + +### 6.2 Cluster Setup +- **Kubernetes Distribution**: K3s (lightweight Kubernetes) +- **Number of Nodes**: + - **Master Nodes**: 1 (control plane) + - **Worker Nodes**: 2 (compute resources) +- **Networking**: + - **CNI Plugin**: Flannel for internal cluster networking. + - **Service Networking**: ClusterIP for internal services, NodePort for exposing services externally. + +### 6.3 Applications Deployed on Kubernetes +- **Nextcloud**: Self-hosted cloud storage solution for files and documents. +- **Home Assistant**: Home automation system managing smart home devices. +- **Vaultwarden**: Self-hosted password manager. +- **Grafana and Prometheus**: Monitoring and metrics collection. +- **Plex**: Media server for managing and streaming media. + +### 6.4 Storage and Persistent Volumes +- **Storage**: Persistent storage managed via NFS or hostPath. +- **Persistent Volume Claims**: Used to allocate persistent storage to services that require data persistence (e.g., Nextcloud, databases). + +### 6.5 CI/CD Integration +- The Kubernetes cluster integrates with **GitLab CI** for continuous deployment and management of applications within the cluster. +- **Helm**: Used for managing Kubernetes applications through reusable Helm charts. + +### 6.6 Cluster Management Tools +- **K9s**: Terminal-based UI for managing Kubernetes clusters. +- **kubectl**: Command-line tool for interacting with the Kubernetes API. +- **Rancher** (optional): Web-based GUI for managing multiple Kubernetes clusters. + +## Kubernetes cluster + +## Docker + +## Podman diff --git a/pages/docs/dependancy-management.md b/pages/docs/dependancy-management.md new file mode 100644 index 0000000..66815f2 --- /dev/null +++ b/pages/docs/dependancy-management.md @@ -0,0 +1,7 @@ +--- +outline: deep +--- + +# Dependancy Management + +## Renovate diff --git a/pages/docs/external-services.md b/pages/docs/external-services.md new file mode 100644 index 0000000..a037352 --- /dev/null +++ b/pages/docs/external-services.md @@ -0,0 +1,77 @@ +# External Services + +## Cloudflare + +Cloudflare is a global network service provider that offers services such as CDN, DNS, DDoS protection, and security solutions. It is widely used for improving website performance and securing web applications. + +| **Metadata** | **Details** | +|-----------------------|---------------------------------------------------------------------| +| **Official Site** | [Cloudflare](https://www.cloudflare.com) | +| **Dashboard** | [Cloudflare Dashboard](https://dash.cloudflare.com) | +| **Documentation** | [Cloudflare Docs](https://developers.cloudflare.com/docs/) | +| **Status Page** | [Cloudflare Status](https://www.cloudflarestatus.com) | +| **Support** | [Cloudflare Support](https://support.cloudflare.com) | + +### Key Features: +- Global Content Delivery Network (CDN). +- Web Application Firewall (WAF). +- DNS management and security. +- DDoS protection. + +### Topics: +- Setting up DNS with Cloudflare. +- Configuring the Cloudflare firewall. +- Enabling SSL/TLS through Cloudflare. +- Best practices for using Cloudflare with self-hosted services. + +--- + +## IONOS Cloud + +IONOS Cloud is a scalable cloud computing service that offers virtual machines, managed Kubernetes, and cloud storage. It’s particularly useful for deploying scalable infrastructure and services in a cloud environment. + +| **Metadata** | **Details** | +|-----------------------|---------------------------------------------------------------------| +| **Official Site** | [IONOS Cloud](https://www.ionos.com/cloud) | +| **Dashboard** | [IONOS Cloud Dashboard](https://login.ionos.com) | +| **Documentation** | [IONOS Cloud Docs](https://www.ionos.com/help/cloud/) | +| **Status Page** | [IONOS Cloud Status](https://status.ionos.com) | +| **Support** | [IONOS Cloud Support](https://www.ionos.com/help/) | + +### Key Features: +- Virtual machines and cloud storage. +- Managed Kubernetes for container orchestration. +- Networking services including firewalls, load balancers, and private networks. +- Scalable object storage. + +### Topics: +- Deploying virtual machines on IONOS Cloud. +- Managing Kubernetes clusters. +- Configuring cloud networking and firewalls. +- Best practices for cost management and scalability. + +--- + +## intercolo + +Intercolo offers colocation services and dedicated servers for hosting in secure data centers. It provides infrastructure for businesses needing reliable and managed hosting environments. + +| **Metadata** | **Details** | +|-----------------------|---------------------------------------------------------------------| +| **Official Site** | [Intercolo](https://www.intercolo.com) | +| **Dashboard** | [Intercolo Dashboard](https://login.intercolo.com) | +| **Documentation** | [Intercolo Docs](https://docs.intercolo.com) | +| **Status Page** | [Intercolo Status](https://status.intercolo.com) | +| **Support** | [Intercolo Support](https://www.intercolo.com/support) | + +### Key Features: +- Colocation services in secure data centers. +- Dedicated servers with custom configurations. +- Networking services for businesses needing high availability. +- Backup and disaster recovery solutions. + +### Topics: +- Setting up a dedicated server with Intercolo. +- Managing colocation services. +- Networking and IP management in colocation. +- Best practices for disaster recovery and backups with Intercolo. diff --git a/pages/docs/getting-started.md b/pages/docs/getting-started.md index 680826c..513ff70 100644 --- a/pages/docs/getting-started.md +++ b/pages/docs/getting-started.md @@ -1,93 +1,7 @@ # Getting started -**home-ops:** - - [Dashoboard](https://tryrocket.cloud) - - [Documentation](https://docs.tryrocket.cloud) +## Services and Applications -**upptime:** - - [Statuspage](https://status.tryrocket.cloud) - - -This page demonstrates some of the built-in markdown extensions provided by VitePress. - -## Syntax Highlighting - -VitePress provides Syntax Highlighting powered by [Shiki](https://github.com/shikijs/shiki), with additional features like line-highlighting: - -**Input** - -````md -```js{4} -export default { - data () { - return { - msg: 'Highlighted!' - } - } -} -``` -```` - -**Output** - -```js{4} -export default { - data () { - return { - msg: 'Highlighted!' - } - } -} -``` - -## Custom Containers - -**Input** - -```md -::: info -This is an info box. -::: - -::: tip -This is a tip. -::: - -::: warning -This is a warning. -::: - -::: danger -This is a dangerous warning. -::: - -::: details -This is a details block. -::: -``` - -**Output** - -::: info -This is an info box. -::: - -::: tip -This is a tip. -::: - -::: warning -This is a warning. -::: - -::: danger -This is a dangerous warning. -::: - -::: details -This is a details block. -::: - -## More - -Check out the documentation for the [full list of markdown extensions](https://vitepress.dev/guide/markdown). +- [Dashoboard](https://tryrocket.cloud) +- [Documentation](https://docs.tryrocket.cloud) +- [Statuspage](https://status.tryrocket.cloud) diff --git a/pages/docs/hardware/iot-devices.md b/pages/docs/hardware/iot-devices.md new file mode 100644 index 0000000..418bcb6 --- /dev/null +++ b/pages/docs/hardware/iot-devices.md @@ -0,0 +1,6 @@ +--- +outline: deep +--- + +# IoT Devices + diff --git a/pages/docs/hardware/rack-organization.md b/pages/docs/hardware/rack-organization.md new file mode 100644 index 0000000..0645ddf --- /dev/null +++ b/pages/docs/hardware/rack-organization.md @@ -0,0 +1,68 @@ +--- +outline: deep +--- + +# Rack organization + +# Rack Layout + +## Overview +The rack layout is organized to ensure efficient space utilization, proper airflow, and ease of access for maintenance. Devices are mounted in the rack based on their size, function, and power requirements, with a focus on optimizing network connectivity and cable management. + +## 1. Device Mounting + +- **Top Section**: + - **Network Equipment**: + - The top section of the rack is reserved for network devices, such as routers, switches, and patch panels. + - Devices: Ubiquiti EdgeRouter, UniFi Switch 16-Port, Patch Panel. + - Mounted at 1U to 2U height for easy access to ports and cable management. + +- **Middle Section**: + - **Primary Servers**: + - Core servers (e.g., virtualization, storage) are housed in the middle section for optimal cooling and easy accessibility. + - Devices: Dell PowerEdge T340, Intel NUC, TrueNAS Server. + - Mounted in 2U to 4U sections based on their size and form factor. + +- **Bottom Section**: + - **Power Distribution and UPS**: + - Uninterruptible Power Supplies (UPS) and Power Distribution Units (PDU) are placed at the bottom of the rack to support stable power delivery and avoid interference with network or compute devices. + - Devices: APC UPS, Surge Protectors, PDU. + - Mounted on a sliding shelf for easy access to batteries and power management. + +## 2. Power Management + +- **Redundant Power Supply**: + - Devices with dual power supplies (e.g., servers) are connected to both the main power source and a secondary UPS to ensure uptime during power outages. + +- **Power Distribution Unit (PDU)**: + - A PDU is used to distribute power from the UPS to all devices. The PDU is mounted on the side of the rack, and cables are routed to individual devices. + +- **Cable Management**: + - Power cables are routed through the side of the rack using cable management arms to prevent clutter and ensure easy access. + +## 3. Network Connectivity + +- **Patch Panels**: + - A patch panel is mounted at the top of the rack, connecting the switch to network cables that lead to different devices within the rack. + +- **Switches**: + - All servers and storage devices are connected to a UniFi 16-Port switch via Cat6 Ethernet cables. + +- **Cable Management**: + - Ethernet cables are organized using Velcro ties and routed through cable management trays on the sides of the rack. This keeps the cables neat and prevents tangling. + +## 4. Cooling and Airflow + +- **Airflow**: + - The rack is designed to promote front-to-back airflow, with servers mounted to allow cold air intake from the front and exhaust hot air through the rear. + +- **Ventilation Panels**: + - Unused rack space is covered with vented blanking panels to maintain proper airflow throughout the rack and prevent hot spots. + +## 5. Maintenance Considerations + +- **Sliding Rails**: + - Devices like servers and storage units are mounted on sliding rails for easy access during maintenance. This allows for convenient removal without having to unmount other equipment. + +- **Cable Labels**: + - All power and network cables are labeled with identifiers for quick troubleshooting and reconfiguration. diff --git a/pages/docs/rack.md b/pages/docs/hardware/rack.md similarity index 100% rename from pages/docs/rack.md rename to pages/docs/hardware/rack.md diff --git a/pages/docs/hardware/servers-equipment.md b/pages/docs/hardware/servers-equipment.md new file mode 100644 index 0000000..b0cd02d --- /dev/null +++ b/pages/docs/hardware/servers-equipment.md @@ -0,0 +1,116 @@ +--- +outline: deep +--- + +# Servers and Equipment + +## 1. Servers + +![An image](./assets/dell-poweredge-r340.png) + +### Primary Server +- **Model**: Dell PowerEdge T340 +- **CPU**: Intel Xeon E-2224 +- **RAM**: 32 GB ECC RAM +- **Storage**: + - 2x 1TB SSD (RAID 1) for operating system. + - 4x 4TB HDD (RAID 5) for data storage. +- **Network Configuration**: + - **IP Address**: 192.168.1.10 + - **MAC Address**: 00:1A:2B:3C:4D:5E + - **VLAN**: Management (VLAN 10) +- **Role**: Hypervisor (Proxmox VE) running multiple virtual machines, including web server, database server, and internal services. + +### Secondary Server (Optional) + + +drawing + + +- **Model**: Intel NUC 10 +- **CPU**: Intel Core i7-10710U +- **RAM**: 16 GB RAM +- **Storage**: 512GB NVMe SSD +- **Network Configuration**: + - **IP Address**: 192.168.1.11 + - **MAC Address**: 00:1A:2B:3C:4D:5F + - **VLAN**: Services (VLAN 20) +- **Role**: Backup server and test environment for lightweight services and development. + +## 2. Storage Devices + +### NAS (Network Attached Storage) +- **Model**: TrueNAS Core +- **CPU**: AMD Ryzen 5 3600 +- **RAM**: 32 GB ECC RAM +- **Storage**: + - 4x 6TB HDDs (RAID-Z configuration for redundancy) + - 1x 1TB SSD for caching +- **Network Configuration**: + - **IP Address**: 192.168.1.20 + - **MAC Address**: 00:1A:2B:3C:4D:60 + - **VLAN**: Storage (VLAN 30) +- **Role**: Centralized file storage for media, backups, and personal data. SMB/NFS shares for various services. + +### Backup Storage +- **Model**: WD My Cloud 8TB External Drive +- **Storage**: 8TB (Single Drive) +- **Connection**: USB 3.0 to the primary server for daily backups. +- **Role**: Offline backups of critical data from VMs and services. + +## 3. Networking Devices + +#### CRS326-24G-2S+RM + +[Product Page](https://mikrotik.com/product/CRS326-24G-2SplusRM) + +![An image](./assets/mikrotik-csr326-24g-2s-rm.png) + +| **Detail** | **Value** | +|-----------------------------------|----------------------------------| +| **Product code** | CRS326-24G-2S+RM | +| **Architecture** | ARM 32bit | +| **CPU** | 98DX3236 | +| **CPU core count** | 1 | +| **CPU nominal frequency** | 800 MHz | +| **Switch chip model** | 98DX3236 | +| **Dimensions** | 443 x 144 x 44 mm | +| **RouterOS license** | 5 | +| **Operating System** | RouterOS / SwitchOS | +| **Size of RAM** | 512 MB | +| **Storage size** | 16 MB | +| **Storage type** | FLASH | + + +### Switch +- **Model**: Ubiquiti UniFi 16-Port Managed Switch +- **Ports**: 16x Gigabit Ethernet +- **VLANs**: + - VLAN 10: Management + - VLAN 20: Services + - VLAN 30: Storage + - VLAN 40: Guest Network +- **Role**: Managed switch for internal network traffic, providing segmentation and quality of service (QoS) for different VLANs. + +### Wireless Access Points +- **Model**: UniFi UAP-AC-PRO +- **Frequency**: Dual-band 2.4GHz and 5GHz +- **Network Configuration**: + - **IP Address**: 192.168.1.50 + - **VLANs**: + - VLAN 40: Guest Network + - VLAN 20: Services (Wi-Fi for smart devices and IoT) +- **Role**: Provides Wi-Fi access for both the guest and internal network, supporting IoT devices and mobile devices. + +--- + +## 4. Key Specifications Overview + +| **Device** | **CPU** | **RAM** | **Storage** | **IP Address** | **MAC Address** | **VLAN** | **Role** | +|---------------------|-----------------------|---------------|----------------------------------|------------------|---------------------|------------------|--------------------------------------| +| **Primary Server** | Intel Xeon E-2224 | 32 GB | 2x 1TB SSD, 4x 4TB HDD (RAID 5) | 192.168.1.10 | 00:1A:2B:3C:4D:5E | VLAN 10 (Mgmt) | Hypervisor for VMs | +| **Secondary Server** | Intel i7-10710U | 16 GB | 512GB NVMe SSD | 192.168.1.11 | 00:1A:2B:3C:4D:5F | VLAN 20 (Services)| Backup/test environment | +| **NAS** | AMD Ryzen 5 3600 | 32 GB | 4x 6TB HDD (RAID-Z) | 192.168.1.20 | 00:1A:2B:3C:4D:60 | VLAN 30 (Storage) | Central file storage (SMB/NFS) | +| **Router** | Dual-Core MIPS64 | 1 GB | N/A | 192.168.1.1 | 00:1A:2B:3C:4D:61 | VLAN Trunk | Central network management | +| **Switch** | N/A | N/A | N/A | Managed via VLAN | N/A | VLANs 10, 20, 30, 40 | Network traffic management | +| **Access Point** | N/A | N/A | N/A | 192.168.1.50 | 00:1A:2B:3C:4D:62 | VLANs 20, 40 | Wireless access for devices | diff --git a/pages/docs/hci.md b/pages/docs/hci.md new file mode 100644 index 0000000..6f54599 --- /dev/null +++ b/pages/docs/hci.md @@ -0,0 +1,5 @@ +--- +outline: deep +--- + +# Hyperconverged Infrastructure (HCI) diff --git a/pages/docs/hypervisors.md b/pages/docs/hypervisors.md new file mode 100644 index 0000000..9f7514a --- /dev/null +++ b/pages/docs/hypervisors.md @@ -0,0 +1,10 @@ +--- +outline: deep +--- + +# Hypervisors + + +### 3.1 Hypervisors +- **Proxmox VE**: Hypervisor running virtual machines for core services. +- **VMware ESXi**: Secondary hypervisor for testing and isolated environments. diff --git a/pages/docs/index.md b/pages/docs/index.md index 04f6813..5bb609f 100644 --- a/pages/docs/index.md +++ b/pages/docs/index.md @@ -5,21 +5,40 @@ layout: home hero: name: "Rocket Cloud" text: "Documentation" - tagline: My great project tagline + tagline: My home Kubernetes cluster managed by GitOps, Renovate and GitHub Actions + # image: + # src: /pic3.webp + # alt: VitePress actions: - theme: brand - text: Markdown Examples - link: /markdown-examples + text: Getting Started + link: /getting-started - theme: alt - text: API Examples - link: /api-examples + text: Applications + link: /applications + - theme: alt + text: GitHub + link: https://github.com/tryrocket-cloud features: - - title: Feature A - details: Lorem ipsum dolor sit amet, consectetur adipiscing elit - - title: Feature B - details: Lorem ipsum dolor sit amet, consectetur adipiscing elit - - title: Feature C - details: Lorem ipsum dolor sit amet, consectetur adipiscing elit ---- + - icon: + src: https://www.talos.dev/images/logo.svg + title: Talos + details: The Kubernetes Operating System + - icon: + src: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/argo-cd.webp + title: ArgoCD + details: Declarative GitOps CD for Kubernetes + - icon: + src: ./assets/renovate.png + title: Renovate + details: Automated dependency updates. Multi-platform and multi-language. + - icon: + src: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/hashicorp-vault-light.webp + title: HashiCorp Vault + details: Manage secrets and protect sensitive data + # - icon: + # src: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/github.webp + # title: GitHub + # details: The complete developer platform to build, scale, and deliver secure software. diff --git a/pages/docs/infrastructure-automation-orchestration.md b/pages/docs/infrastructure-automation-orchestration.md new file mode 100644 index 0000000..020d69a --- /dev/null +++ b/pages/docs/infrastructure-automation-orchestration.md @@ -0,0 +1,123 @@ +--- +outline: deep +--- + +# Infrastructure Automation and Orchestration + +## [Terraform] +Terraform is used to manage and provision infrastructure as code (IaC) across various cloud providers and on-premise systems. By defining resources declaratively, Terraform automates the creation, modification, and versioning of infrastructure. + +### Key Concepts: +- **Providers**: Interfaces for interacting with various platforms (e.g., AWS, GCP, Azure, VMware). +- **Modules**: Reusable code blocks to simplify managing complex infrastructure. +- **State Management**: Terraform stores the state of the infrastructure to track changes and ensure idempotency. + +### Topics: +- Installation and Setup +- Writing Terraform Configuration Files +- Managing State Files +- Using Terraform Modules +- Best Practices + +--- + +## [Ansible] +Ansible is an open-source automation tool used for configuration management, application deployment, and task automation. It uses a simple, human-readable language called YAML to define playbooks that automate tasks across multiple systems. + +### Key Concepts: +- **Playbooks**: Files that define the tasks to be performed on remote systems. +- **Roles**: Reusable collections of tasks, variables, and files. +- **Inventory**: Defines the hosts and groups of machines to be managed. + +### Topics: +- Ansible Installation +- Writing Playbooks +- Managing Inventories +- Using Roles and Variables +- Automation Best Practices + +## Just +Just is a task runner for simplifying and automating command-line tasks. It provides a convenient way to run commonly used scripts and commands without needing to remember complex CLI syntax. + +### Key Concepts: +- **Justfile**: A file where tasks are defined using a simple syntax. +- **Recipes**: Individual tasks defined within the `Justfile`. + +### Topics: +- Setting up a Justfile +- Writing Recipes +- Task Automation with Just +- Best Practices for Task Management + +## Just - Command Line Task Runner + +**Just** is a simple, command-line task runner that helps automate common tasks for managing infrastructure, Kubernetes, documentation, and GitHub workflows. It provides an intuitive way to execute tasks across different modules using predefined commands. + +## Modules + +### Infrastructure as Code Module (iac) + +The **iac** module is responsible for managing Infrastructure as Code (IaC) tasks. It has two submodules: **ansible** and **terraform**, which allow you to automate the deployment, configuration, and provisioning of your infrastructure. + +- **Submodules**: + - **ansible**: Executes Ansible playbooks for configuration management. + - Example: `just iac ansible playbook.yml` + - **terraform**: Runs Terraform commands to manage infrastructure resources. + - Example: `just iac terraform apply` + +#### Example Commands: +- Apply Terraform configurations: + ```bash + just iac terraform apply + +### Kubernetes Module (k8s) + +```sh +just k8s apply +``` + +### Documentation Module (docs) + +```sh +just docs dev +``` + +### GitHub (github) + +```sh +just github ... +``` + + + +## [CI/CD Pipeline] +Continuous Integration (CI) and Continuous Deployment (CD) pipelines automate the process of building, testing, and deploying applications. These pipelines ensure that code changes are regularly tested and deployed without manual intervention. + +### Key Concepts: +- **CI**: Automating the process of integrating and testing code regularly. +- **CD**: Automating the deployment of tested code to staging or production environments. +- **Pipelines**: Workflows that define the steps for CI/CD processes, including building, testing, and deploying. + +### Topics: +- Designing a CI/CD Pipeline +- Setting Up Pipelines in GitLab CI / GitHub Actions +- Integrating with Terraform and Ansible +- Automated Testing and Deployment +- Best Practices for CI/CD + +--- + +## GitOps +GitOps is a framework for managing infrastructure and applications using Git as the single source of truth. By adopting GitOps, infrastructure changes are made through version-controlled pull requests, and automated tools reconcile the desired state in the Git repository with the actual infrastructure. + +### Key Concepts: +- **Repositories**: Git repositories that store declarative infrastructure definitions. +- **Reconciliation**: Continuous monitoring and syncing of the actual infrastructure with the desired state defined in Git. +- **Pull Requests**: Proposed infrastructure or configuration changes made via Git. + +### Topics: +- Introduction to GitOps +- Setting Up GitOps with ArgoCD or FluxCD +- Managing Infrastructure as Code (IaC) with GitOps +- Automating Deployments with GitOps +- Best Practices for GitOps Workflows diff --git a/pages/docs/overview/architecture.md b/pages/docs/overview/architecture.md new file mode 100644 index 0000000..a4f2985 --- /dev/null +++ b/pages/docs/overview/architecture.md @@ -0,0 +1,137 @@ +--- +outline: deep +--- + +# Architecture + +```mermaid +architecture-beta + group k8s(cloud)[k8s cluster] + + service node1(server)[OptiPlex 3080] in k8s + service disk1(disk)[Storage] in k8s + disk1:T -- B:node1 + + service node2(server)[OptiPlex 3080] in k8s + service disk2(disk)[Storage] in k8s + disk2:T -- B:node2 + + node1:R -- L:node2 + + group truenas(cloud)[TrueNas] + group raidz2(disk)[raidz2] in truenas + + service node3(server)[h610i] in truenas + + service hdd1(disk)[Storage] in raidz2 + service hdd2(disk)[Storage] in raidz2 + service hdd3(disk)[Storage] in raidz2 + service hdd4(disk)[Storage] in raidz2 +s + node3:B -- T:hdd1 + node3:B -- T:hdd2 + node3:B -- T:hdd3 + node3:B -- T:hdd4 +``` + + +## Workload types + +| **Type** | **Description** | +|----------|-----------------| +| `low` | 0W - 15W | +| `medium` | 15W - 50W | +| `high` | from 50W | + +## Network Topology +The homelab is organized with a segmented network topology to isolate different types of traffic and services. This helps improve security, performance, and management. Key components of the network topology include: + +- **VLANs**: Different VLANs are used for separating services such as: + - **Management** (for administrative access to servers and networking gear). + - **Services** (for internal services such as file storage, media servers, etc.). + - **IoT Devices** (to separate less-secure devices like smart home gadgets). + - **Guest Network** (for isolated network access without touching sensitive systems). + +- **Router and Firewall**: + - **Router**: Central router that connects all devices and handles traffic between VLANs and the internet. + - **Firewall**: Security rules enforced by either a dedicated hardware firewall or a software firewall on the router. These rules govern what devices and VLANs can communicate with each other. + +- **VPN Access**: + - VPN (e.g., **WireGuard** or **OpenVPN**) is used for secure remote access to the homelab from external networks, providing encrypted traffic for managing the homelab remotely. + +### Network Diagram (optional) +A visual diagram (e.g., created with Lucidchart, draw.io, or any network diagram tool) helps to visualize how devices are interconnected across different VLANs, switches, routers, and external connections. + +## Hardware Components +The homelab consists of various hardware components that form the backbone of its infrastructure. Below is a high-level overview: + +### Servers +- **Primary Server**: + - Model: *Dell PowerEdge T340* + - CPU: Intel Xeon E-2224 + - RAM: 32 GB ECC RAM + - Storage: 2x 1TB SSD (RAID 1) for the OS, 4x 4TB HDD (RAID 5) for data + - Role: Hypervisor (e.g., **Proxmox**, **ESXi**) for running virtual machines and containers. + +- **Secondary Server** (Optional): + - Model: *Intel NUC 10* + - CPU: Intel i7-10710U + - RAM: 16 GB + - Storage: 512GB NVMe SSD + - Role: Backup server and test environment for lightweight tasks. + +### Networking Gear +- **Router**: *Ubiquiti EdgeRouter 4* (or similar). +- **Switch**: *Ubiquiti UniFi 16-port Managed Switch*. +- **Access Points**: *UniFi UAP-AC-PRO* for wireless access. +- **Firewall**: Dedicated firewall using **pfSense** or **OPNsense**. + +### Storage +- **NAS (Network Attached Storage)**: + - **TrueNAS Core** running on a dedicated server. + - Disks: 4x 6TB HDDs (RAID-Z for redundancy). + - Shared via SMB and NFS for file access across the homelab. + +- **Backup Storage**: + - External USB drives or cloud storage (e.g., **Backblaze B2**, **Storj**) for offsite backups. + + + +## Software Stack +The homelab runs a diverse software stack to manage services, automation, and networking. Below are key components: + +### Virtualization and Containers +- **Hypervisor**: *Proxmox VE* (or **VMware ESXi**). +- **Containers**: + - *Docker* for running containerized services (e.g., **Nextcloud**, **Vaultwarden**). + - Kubernetes (Optional) for orchestrating containers at scale. + +### Services +- **Self-Hosted Services**: + - **Nextcloud** for file syncing and sharing. + - **Vaultwarden** for password management. + - **Plex** or **Jellyfin** for media streaming. + - **Home Assistant** for home automation. + - **Grafana** and **Prometheus** for monitoring and metrics collection. + +- **Backup Tools**: + - **Restic** or **Kopia** for automated backups. + - **Duplicati** for encrypted, scheduled cloud backups. + +- **Monitoring Tools**: + - **Netdata** for system performance monitoring. + - **Uptime Kuma** for tracking service uptime. + +### Security and Network +- **Firewall**: *pfSense* or *OPNsense* managing network security rules. +- **VPN**: *WireGuard* for secure remote access. +- **Let's Encrypt**: SSL/TLS certificates for securing internal and external services. +- **Ansible**: Used for automation and configuration management across systems. + +### Automation and Orchestration +- **Ansible**: To automate system provisioning and configuration. +- **CI/CD**: *GitLab CI* for deploying applications and managing infrastructure. +- **Docker Compose**: For orchestrating multi-container setups. + +## Summary +The homelab is designed with scalability, security, and flexibility in mind. It consists of a structured network with VLANs, reliable hardware for virtualization and storage, and a robust software stack that supports everything from self-hosted services to automation and backups. diff --git a/pages/docs/overview/introduction.md b/pages/docs/overview/introduction.md new file mode 100644 index 0000000..26f4702 --- /dev/null +++ b/pages/docs/overview/introduction.md @@ -0,0 +1,32 @@ +--- +outline: deep +--- + +# Introduction + +My homelab is a versatile computing environment designed for **learning**, **experimentation**, and **self-hosting services**. It consists of servers, storage devices, networking gear, and various software solutions, all configured to simulate a real-world IT infrastructure. The primary purpose of the homelab is to expand my technical skills, explore new technologies, and manage personal projects in a controlled and private environment. + +## General Goals + +### 1. Learning and Skill Development +- The homelab serves as a hands-on platform for learning server management, virtualization, containerization (Docker, Kubernetes), and automation with tools like Ansible and Terraform. This environment allows me to practice real-world scenarios without the risk of impacting production systems. + +### 2. Self-Hosting Services +- I use the homelab to host a variety of services, including media streaming (e.g., Plex or Jellyfin), file storage (NAS), password management (Vaultwarden), and more. By self-hosting these services, I gain complete control over my data, enhancing privacy and reducing reliance on third-party cloud services. + +### 3. Backup and Disaster Recovery +- A major focus of my homelab is to implement a robust **backup** and **disaster recovery** strategy. By leveraging backup tools like Kopia or Restic, I ensure that my data is securely backed up and can be restored in case of hardware failure or data loss. + +### 4. Automation and Infrastructure as Code (IaC) +- My homelab provides an environment for experimenting with automation tools and workflows. I use Ansible and other IaC tools to automate server provisioning, application deployment, and maintenance tasks, aiming to build efficient, reproducible infrastructure. + +### 5. Security and Network Management +- The homelab enables me to experiment with network security configurations, firewalls, VPNs (WireGuard, OpenVPN), and user authentication systems. This helps me enhance my understanding of cybersecurity principles while securing the services I run in my network. + +### 6. Development and Testing +- The homelab also acts as a sandbox for development and testing projects. Whether experimenting with new software stacks, testing CI/CD pipelines, or deploying applications, it provides a controlled space for development activities. + +## What I Aim to Achieve + +The ultimate goal of my homelab is to create a reliable, secure, and flexible environment for both **learning** and **self-hosting**. It allows me to test cutting-edge technologies, gain deeper technical expertise, and manage critical personal infrastructure while building a system that reflects best practices in **IT management**, **automation**, and **security**. + diff --git a/pages/docs/principles-and-guidelines.md b/pages/docs/principles-and-guidelines.md index 7d24bb4..6b64ae6 100644 --- a/pages/docs/principles-and-guidelines.md +++ b/pages/docs/principles-and-guidelines.md @@ -21,3 +21,7 @@ Shared libraries and modules can be referenced directly within the same reposito **Streamlined Releases** Releasing updates is simplified when everything is in one repository. You can deploy new features or bug fixes across different services or modules in a single, coordinated release without the need for managing multiple repositories. + +## Services should always be turned off when not using + +Save energy diff --git a/pages/docs/security-layers.md b/pages/docs/security-layers.md new file mode 100644 index 0000000..541658b --- /dev/null +++ b/pages/docs/security-layers.md @@ -0,0 +1,11 @@ +--- +outline: deep +--- + +# Security Layers + +## SL0 (no badge) + +## SL1 + +## SL2