# Projet Homelab ## Infrastructure physique ### HPE ML110 - Proxmox (192.168.1.242) - **CPU** : 16 x Intel Xeon Silver 4110 @ 2.10GHz (1 Socket) - **RAM** : 32 Go (upgrade en commande : +16 Go HP PC4 1RX4 2666 MHz → 48 Go total) - **CPU upgrade en commande** : Intel Xeon Gold 5120 (14 cores / 28 threads @ 2.20GHz) - **Boot** : EFI - **Kernel** : Linux 6.5.11-8-pve - **Reseau** : vmbr0 (Linux bridge) - **Disques** : - /dev/sda - 2 To - /dev/sda1 - biosboot (1 Mo) - /dev/sda2 - EFI (1 Go) - /dev/sda3 - LVM 31 Go (local + local-lvm) - /dev/sda4 - ext4 104 Go "ISO" - /dev/sda5 - LVM 1.86 To "VMS" ### QNAP TS-431P2 (192.168.1.208) - **CPU** : Alpine AL-314 (ARM Cortex-A15 quad-core) - **RAM** : 8 Go - **Disques** : 4 baies, RAID 1, disque remplace + RAID reconstruit - **OS** : QTS (on ne touche pas) - **Services actuels** : Plex, bots Discord, NFS/SMB ### Reseau - Box Orange : 192.168.1.1 (gateway + DNS) - Masque : /24 - Pas de VLAN (reseau basique) --- ## VMs existantes | VM | RAM | vCPU | Disk | Role | |----|-----|------|------|------| | VM-DEDICATED | 20 Go | 8 | 40 Go | Serveurs de jeu | --- ## VMs a creer (Terraform - provider bpg/proxmox) | VM | VMID | IP | RAM | vCPU | Disk | Role | |----|------|----|-----|------|------|------| | gateway | 200 | 192.168.1.254 | 512 Mo | 1 | 8 Go | WireGuard + Caddy (reverse proxy) | | forgejo | 201 | 192.168.1.50 | 1 Go | 2 | 20 Go | Forge logicielle - http://192.168.1.50:3000 | | nextcloud | 202 | 192.168.1.51 | 4 Go | 3 | 20 Go | Cloud personnel - http://192.168.1.51:8080 | | tools | 203 | 192.168.1.52 | 2 Go | 2 | 10 Go | Stirling PDF - http://192.168.1.52:8081 | | **Total** | | | **5.5 Go** | **7** | **58 Go** | | | **Reste libre** | | | **~4.5 Go** | | | Reserve k3s | Template cloud-init : Rocky Linux 9 (VMID 9000) --- ## Repartition du stockage | Donnee | Emplacement | Raison | |--------|-------------|--------| | OS des VMs + disques virtuels | ML110 (LVM "VMS") | Performance I/O | | BDD PostgreSQL (Forgejo, Nextcloud) | ML110 (local) | BDD sur NFS = lent et risque | | Fichiers Nextcloud (data utilisateur) | QNAP via NFS | Centralise, sauvegardable | | Saves serveurs de jeu | QNAP via NFS | Backups | | Backups VMs (vzdump) | QNAP via NFS | Proxmox backup natif | | Media (Plex) | QNAP (local) | Deja en place | --- ## QNAP - Shares NFS a creer | Share | Usage | Acces restreint a | |-------|-------|--------------------| | nextcloud-data | Donnees Nextcloud | 192.168.1.51 | | backups | Backups Proxmox | 192.168.1.242 | | game-saves | Saves serveurs de jeu | 192.168.1.x (VM dedicated) | --- ## Poste de pilotage - **PC Gaming Windows 11** : VSCode + Claude Code, WSL2 Debian - **Laptop Linux Mint** : alternative (non disponible actuellement) - **WSL2 Debian** : Terraform, Ansible, kubectl, Git, cles SSH --- ## Architecture reseau cible (avec VPS) ``` Internet --> [VPS Hetzner CX22 ~4 EUR/mois] | Caddy (reverse proxy + TLS Let's Encrypt) | CrowdSec | WireGuard tunnel (10.0.0.0/24) | [VM gateway - 192.168.1.254] | +------+-------+-------+ | | | | Forgejo Nextcloud Plex Tools (.50) (.51) (QNAP) (.52) ``` --- ## Stack technique | Outil | Usage | |-------|-------| | **Terraform** (bpg/proxmox) | Provisionnement des VMs | | **Ansible** | Configuration des VMs | | **Docker Compose** | Deploiement des services | | **WireGuard** | VPN entre VPS et homelab | | **Caddy** | Reverse proxy + TLS auto | | **Forgejo** | Forge logicielle (syntaxe GitHub Actions) | | **Nextcloud** | Cloud personnel | | **Stirling PDF** | Convertisseur de fichiers | | **k3s** | Kubernetes (phase future) | --- ## Arborescence du repo ``` ~/homelab/ ├── .env # Secrets Terraform (jamais commit) ├── .gitignore ├── terraform/proxmox/ │ ├── main.tf # 4 VMs via for_each │ ├── variables.tf │ ├── outputs.tf │ └── terraform.tfvars ├── ansible/ │ ├── ansible.cfg │ ├── inventory/hosts.yml │ ├── templates/wg0.conf.j2 │ ├── site.yml # Orchestre tout │ └── playbooks/ │ ├── base.yml # User Elewyn, SSH hardening, packages │ ├── docker.yml # Docker sur forgejo/nextcloud/tools │ ├── gateway.yml # WireGuard + Caddy │ ├── forgejo.yml # Forgejo + PostgreSQL │ ├── nextcloud.yml # Nextcloud + montage NFS QNAP │ └── tools.yml # Stirling PDF └── docker/ ├── gateway/Caddyfile ├── forgejo/ │ ├── docker-compose.yml │ └── .env.example ├── nextcloud/ │ ├── docker-compose.yml │ └── .env.example └── tools/docker-compose.yml ``` --- ## Users sur les VMs | User | Role | Auth | |------|------|------| | ansible | Deploiement Ansible (cloud-init) | Cle SSH homelab | | Elewyn | Admin (sudo via wheel) | Cle SSH homelab | | root | Desactive en SSH | - | --- ## Plan d'action ### Phase 1 - Fondations (FAIT) - [x] WSL2 Debian installe - [x] Terraform, Ansible, Git installes - [x] Cle SSH homelab generee - [x] Template cloud-init Rocky 9 (VMID 9000) - [x] Token API Proxmox (terraform@pam!provider) - [x] Fichiers Terraform + Ansible ecrits ### Phase 2 - Provisionnement VMs - [x] terraform apply (creer les 4 VMs) - [x] Verifier acces SSH aux VMs (ping + ansible ping OK) ### Phase 3 - Configuration (Ansible) - [x] base.yml (users, SSH hardening, firewalld, qemu-agent) - [x] Installer collections Ansible (ansible.posix, community.docker, community.general) - [x] Ansible Vault (secrets BDD chiffres) - [x] ansible-playbook site.yml (docker, services) ### Phase 4 - Services - [x] Forgejo + PostgreSQL deploye - [x] Stirling PDF deploye - [x] Nextcloud + PostgreSQL deploye - [x] NFS QNAP monte (nextcloud-data, backups crees sur QNAP) ### Phase 5 - Exposition externe - [ ] Acheter NDD (~7 EUR/an) - [ ] Louer VPS Hetzner CX22 (~4 EUR/mois) - [ ] WireGuard VPS <-> gateway - [ ] Caddy reverse proxy + TLS - [ ] DNS Cloudflare ### Phase 6 - QNAP - [x] Creer shares NFS (nextcloud-data) - [x] Creer share NFS backups - [x] Configurer backups vzdump Proxmox -> NFS (storage qnap-backups, schedule nuit) - [x] Remplacer disque HS + RAID reconstruit ### Phase 7 - Kubernetes (futur) - [ ] VM k3s single-node (6 Go RAM) - [ ] Migration progressive des services - [ ] ArgoCD (GitOps) - [ ] Monitoring (Grafana/Loki/Prometheus) --- ## Budget | Poste | Cout | |-------|------| | NDD .fr | ~7 EUR/an | | VPS Hetzner CX22 | ~48 EUR/an | | Disque QNAP remplacement | ~20-30 EUR (une fois) | | **Total premiere annee** | **~80 EUR** |