Skip to content

AnonGoldup/infrastructure-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
ansible/playbooks
ansible/playbooks
 
 
docker
docker
 
 
monitoring
monitoring
 
 
scripts
scripts
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
network-diagram.png
network-diagram.png
 
 
notes.md
notes.md
 
 

Repository files navigation

Infrastructure Lab

Architecture and configuration documentation for a multi-VM infrastructure lab environment designed for hands-on system administration, networking, and containerized service management.

Stack

  • Firewall: Fortinet (FortiGate)
  • Storage: TrueNAS Scale
  • Virtualization: Proxmox VE
  • Networking: VLANs, VPN (WireGuard/OpenVPN), Reverse Proxy (Nginx)
  • Monitoring: Prometheus, Grafana, Uptime Kuma

Network Diagram

Lab Topology

Key Features

  • VLANs for network segmentation (Trusted, Guest, IoT)
  • Reverse proxy for remote access using Cloudflare Tunnel
  • TrueNAS for secure backups and network shares (ZFS)
  • Proxmox for running VMs and Docker containers (30+ services)
  • FortiGate firewall for granular traffic control and VPN
  • UPS for power redundancy and graceful shutdown

Repository Structure

Docker Compose Stacks

File Description
docker/docker-compose.monitoring.yml Prometheus, Grafana, Alertmanager, Node Exporter, cAdvisor
docker/docker-compose.networking.yml Traefik (reverse proxy with SSL), Pi-hole (DNS), WireGuard VPN
docker/.env.example Template environment variables for all stacks

Monitoring Configuration

File Description
monitoring/prometheus/prometheus.yml Prometheus scrape config for Node Exporter, cAdvisor, Traefik, SQL Server
monitoring/prometheus/alert-rules.yml Alert rules: instance down, high CPU, low disk, high memory, container restarts
monitoring/alertmanager/alertmanager.yml Alertmanager routing and email notification config

Ansible Playbooks

File Description
ansible/playbooks/base-setup.yml Base Ubuntu VM setup: packages, timezone, UFW firewall, SSH hardening
ansible/playbooks/docker-host.yml Docker Engine and Docker Compose installation on Ubuntu

Maintenance Scripts

File Description
scripts/backup-vms.sh Proxmox vzdump backup with retention policy and logging
scripts/update-containers.sh Pull latest images and recreate Docker Compose stacks

Infrastructure Components

Core

  • Proxmox VE - Virtualization platform for VMs and containers
  • TrueNAS Scale - Network-attached storage with ZFS pools and snapshots
  • Fortinet FortiGate - Firewall, VPN, VLANs, and network segmentation

Services

  • Docker Compose - 30+ containerized services with orchestration
  • Nginx Proxy Manager - Reverse proxy with SSL termination
  • Portainer - Container management interface
  • Uptime Kuma - Service monitoring and health checks
  • Prometheus/Grafana - Metrics collection and dashboards

Access and Administration

  • Cloudflare Tunnel - Secure remote access without port forwarding
  • WatchTower - Automated container updates
  • WireGuard VPN - Encrypted remote management

Network Configuration

  • Static IPs and DHCP reservations by device type
  • Fortinet policies isolating guest and IoT networks
  • VLAN segmentation with firewall rules blocking cross-VLAN traffic by default
  • VPN for secure off-site management

Security

  • MFA enabled on all remote access services
  • No port forwarding; all remote access via Cloudflare Tunnel
  • Regular backups of Proxmox and TrueNAS configurations
  • Firewall rules follow least-privilege access model

License

MIT License - for documentation and educational reuse.

About

Network and infrastructure lab - Proxmox, Docker, TrueNAS, VLANs, and monitoring

Topics

linux docker infrastructure networking proxmox

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages