Skip to content

weakphish/self-hosted

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
ansible
ansible
 
 
pulumi
pulumi
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 

Repository files navigation

Install & Setup Notes

Ansible

  • Seems to require export ANSIBLE_BECOME_EXE=sudo.ws due to this issue
  • Run with ansible-playbook playbook.yml -i inventory.yml -kK where the flags have you manually input SSH password

Repo Structure

  • ansible/ - Contains Ansible playbook to bootstrap K3s
  • pulumi - IaC for managing cloud & k8s resources

Architecture Notes

Diagram

flowchart TB
    subgraph Internet
        Users[External Users]
        CF[Cloudflare]
    end

    subgraph Tailnet[Tailscale Network]
        Admin[Admin/Internal Users]
    end

    subgraph Cluster[K3s Cluster]
        subgraph Server["Control Plane (new-bermuda)"]
            subgraph Networking
                TSOperator[Tailscale Operator]
                Cloudflared[cloudflared pods]
            end

            subgraph Apps[Applications]
                Foundry[Foundry VTT]
                Glance[Glance Dashboard]
                Paperless[Paperless-ngx]
            end

            subgraph Monitoring[Monitoring Stack]
                Prometheus[Prometheus]
                Grafana[Grafana]
                Alertmanager[Alertmanager]
            end

            subgraph Storage
                FoundryPV[(PV: /home/jack/foundrydata)]
                GrafanaPV[(PV: Grafana)]
                PaperlessPV[(PV: /home/jack/paperless)]
            end
        end

        subgraph Agent["Agent Node (infinite-granite) — Tainted: NoSchedule"]
            Satisfactory[Satisfactory Server]
            SatisfactoryPV[(PV: /home/jack/satisfactory)]
            Satisfactory --> SatisfactoryPV
        end
    end

    Users -->|HTTPS| CF
    CF -->|Zero Trust Auth| CF
    CF -->|Tunnel| Cloudflared
    Cloudflared -->|:30000| Foundry

    Admin -->|Tailscale Full Access| TSOperator
    TSOperator -->|LoadBalancer| Glance
    TSOperator -->|LoadBalancer| Foundry
    TSOperator -->|LoadBalancer| Satisfactory
    TSOperator -->|LoadBalancer| Grafana
    TSOperator -->|LoadBalancer| Prometheus
    TSOperator -->|LoadBalancer| Alertmanager
    TSOperator -->|LoadBalancer| Paperless

    Members[Tailnet Members] -->|Tailscale :7777 only| Satisfactory

    Foundry --> FoundryPV
    Grafana --> GrafanaPV
    Paperless --> PaperlessPV
    Prometheus -.Scrapes.- Foundry
    Prometheus -.Scrapes.- Satisfactory

    style CF fill:#f6821f
    style TSOperator fill:#4a5568
    style Foundry fill:#7c3aed
    style Glance fill:#10b981
    style Satisfactory fill:#f97316
    style Grafana fill:#ff6b6b
    style Prometheus fill:#e08234
    style Alertmanager fill:#e05d44
    style Paperless fill:#17541f
    style Agent fill:#3b82f6
Loading

Networking

  • Cloudflare for 'application' access - in my case, Foundry for DnD sessions
  • Tailscale for everything else
    • Tailscale K8s operator pod
    • ACL: admin user has full access; all other tailnet members restricted to Satisfactory server (port 7777) only

Pulumi

  • Used to manage Cloudflare resources
    • Creates tunnel & DNS records
    • Creates zero-trust application
  • Also creates Kubernetes resources, generally a file per application
  • Bootstrap K8s cluster basically
  • NOTE: in the future, probably will get more Hardware
    • perhaps a stack per machine? maybe? that may not make sense though if a cluster is machine agnostic

Resources / ideas

About

my home server box config and such

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 Latest
Feb 1, 2026

Packages

No packages published

Languages