The Stack
The Stack
Main Site
Compute
3x Proxmox nodes (Minisforum MS-A2)
Storage
Synology DS920+ - 4x Seagate IronWolf Pro 8TB (RAID5)
Synology DX517 expansion - 4x Seagate Exos 7E10 8TB (SHR)
S3: Versity Gateway + RusticFS - ~2TB total
Networking
- D-Link DGS-1210-24 — 24-port managed Gigabit switch
- 3x Tenda SM108 — 8-port 2.5GbE unmanaged switches
- 3x UniFi AC LR — Long-range WiFi access points
Kubernetes
Deployed via Spectro Cloud (migrated from Kubespray)
- Cilium — CNI, network policies, LoadBalancer IPAM
- Traefik — Ingress controller (public + private entrypoints)
- cert-manager — Automated TLS certificates (Let’s Encrypt)
- Rook-Ceph — Distributed storage for PVCs
- VPA — 92 policies auto-tuning resource requests
- Reloader — auto-restart pods on ConfigMap/Secret changes
- Descheduler — rebalance pods across nodes
- k8tz — timezone injection for pods
- etcd-defrag — automatic etcd maintenance
- PriorityClasses:
critical-service(800M) for infra,high-priority-service(100M) for apps
GitOps
Flux CD managing 90+ applications (migrated from ArgoCD)
Git & CI
Forgejo - 230+ repos organized via organizations
- Migrated from GitLab (self-hosted)
Forgejo Actions - 67 workflows (GitHub Actions compatible)
- Migrated from GitLab CI + GitLab CI/CD Catalog
Crossplane CI - Compositions with full CI testing
- Kind + Kubeconform + Chainsaw e2e
Core Services
| Service | Solution | Notes |
|---|---|---|
| DNS (Private) | AdGuard Home | 2 instances, OpenTofu provisioned |
| DNS (Public) | DNSControl → Gcore + deSEC | CI-managed, redundant |
| Dynamic DNS | ddns-updater | Keeps public DNS records in sync |
| VPN | Tailscale | Mesh VPN connecting all sites |
| Network Controller | UniFi Controller | Manages WiFi APs |
| Auth | Pocket ID | OIDC provider |
| Secrets (K8s) | Infisical | |
| Databases | CNPG, MariaDB Operator | Crossplane compositions |
| Cache | Valkey | Redis replacement, 3-node Sentinel HA |
| Container Registry | Harbor | 133 projects, 366 repos, ~200GB S3, 274 replication policies, Crossplane managed |
| Nix Cache | NCPS | Local caching proxy for Nix/Devbox, speeds up CI pipelines |
| Policy Engine | Kyverno | s3bkp auto-injection, resource defaults |
| Dependency Management | Renovate + Renovate Operator | Per-repo RenovateJobs, central config, custom regex/groups |
| Observability | kube-prometheus-stack, Blackbox Exporter | Prometheus, Grafana, Alertmanager |
| Exporters | AdGuard, domain, Hetzner Cloud, NUT, Proxmox VE, MQTT, Tailscale | Fleet of custom metric exporters |
| Logging | Loki, OpenTelemetry Operator | Logs, instrumentation |
| Cert Monitoring | certmon | TLS certificate expiry monitoring |
| Backups (K8s) | Velero + Velero UI, Kasten K10, s3bkp (custom) | PVC snapshots, cross-cluster migration |
| Backups (Postgres) | Barman (CNPG), PGBackWeb | |
| Backups (VMs) | Kopia, rsnapshot | |
| Personal Cloud | Nextcloud | File sync, photos, calendar, contacts |
| Home Automation | Home Assistant | |
| Automation | n8n | Workflow automation |
| Notifications | ntfy | Push notifications for alerts and automations |
| Secrets (Personal) | Vaultwarden | Bitwarden server |
| Wiki | Wiki.js | |
| URL Shortener | Kutt | Self-hosted link shortening |
| RSS | FreshRSS + RSS-Bridge | Fiery Feeds on iOS |
| Bookmarks | Linkwarden | |
| Resume | Reactive Resume | |
| Sharing | PrivateBin, Yopass, croc, transfer.sh, uptermd | Pastes, secrets, files, web terminal |
Custom Solutions
| Tool | Description |
|---|---|
| s3bkp | K8s-native PVC backup/restore with cross-cluster migration, auto-injected via Kyverno |
| kcl-ci | CI/CD workflow generator using KCL, self-regenerating workflows (38+ repos) |
| git-manager | TUI for managing Git repos (clone, pull, push, PRs, mirrors, CI status) |
| imdbtop250rss | IMDb Top 250 to RSS feed |
| theme-api | Theme sync across devices |
AI Tooling
Most work done with Claude Code + custom prompts
| MCP | Purpose |
|---|---|
| dot-ai | K8s deployments, remediation, cluster queries |
| Grafana | Dashboards, alerts, incidents, Loki/Prometheus queries |
| Prometheus | Direct Prometheus queries |
| Context7 | Library documentation lookup |
DR Site
Hardware
Synology DS1621+
- 32 GB RAM
- 3x Seagate IronWolf Pro 14TB
- 2x Synology 400GB M.2 (cache)
Purpose
- Backup target for Kopia
- Offsite backups and replicas
Cloud / VPS
Hardware
- 4 vCPU (AMD), 8 GB RAM, 80GB
- 75GB extra storage
Services
Last updated on