Back to Projects

Python

Homelab Infrastructure

About this Project

Homelab Infrastructure
Terraform Ansible Docker Coolify Tailscale SOPS

English · Deutsch

A production-style homelab spread across three nodes in two locations — a cloud VPS acting as the public edge, a powerful bare-metal home server, and a small single-board computer at a remote site. All three are joined into one private network with Tailscale and orchestrated by a self-hosted Coolify control plane. The entire estate is defined as code and can be rebuilt from scratch with a single encryption key.

What it demonstrates

  • Infrastructure as Code, end to endTerraform manages the cloud layer (compute, firewalls, DNS); Ansible roles converge the host layer (users, container runtime, networking, storage) across every node.
  • Reproducible disaster recovery — a documented, layered rebuild path: cloud → hosts → orchestrator → applications, with persistent data re-attached, not moved.
  • Secrets done right — every credential is SOPS-encrypted with age; encrypted material lives in version control, the private key never does.
  • Zero-trust style networking — a Tailscale WireGuard mesh keeps the attack surface tiny; only a handful of ports are ever exposed publicly, enforced by a cloud firewall managed in code.
  • Self-hosting at scale — file sync, photo management, home automation, DNS/ad-filtering, dashboards, and local AI, all deployed through a single GitOps-style control plane.
  • Observability — metrics collection and dashboards across all nodes.

Stack

Terraform · Ansible · Docker · Coolify · Tailscale · Prometheus · Grafana · Home Assistant · SOPS + age · Linux

Repository layout

├── terraform/     # cloud layer — reusable modules + a production environment
├── ansible/       # host layer — roles, inventory, playbooks (+ encrypted vault)
├── inventory/     # declarative source-of-truth for hardware, network, systems
├── services/      # configuration for self-hosted dashboards & monitoring
├── home-assistant/# home-automation configuration
└── docs/          # architecture, runbooks, and design notes

Engineering principles

  • Declarative over manual — the live infrastructure is reconciled against code; the Terraform was validated by importing real resources and confirming a zero-change plan.
  • Least exposure — secrets encrypted, networking meshed, public surface minimal.
  • Recoverable by design — if any node is lost, it comes back from code.

Private project. Source is kept private; this page is a portfolio showcase of the architecture and engineering approach.