234 lines
7.6 KiB
Markdown
234 lines
7.6 KiB
Markdown
# Projet Homelab
|
|
|
|
## Infrastructure physique
|
|
|
|
### HPE ML110 - Proxmox (192.168.1.242)
|
|
- **CPU** : Intel Xeon Gold 5120 (14 cores / 28 threads @ 2.20GHz)
|
|
- **RAM** : 48 Go (HP PC4 1RX4 2666 MHz)
|
|
- **Boot** : EFI
|
|
- **Kernel** : Linux 6.5.11-8-pve
|
|
- **Reseau** : vmbr0 (Linux bridge)
|
|
- **Disques** :
|
|
- /dev/sda - 2 To
|
|
- /dev/sda1 - biosboot (1 Mo)
|
|
- /dev/sda2 - EFI (1 Go)
|
|
- /dev/sda3 - LVM 31 Go (local + local-lvm)
|
|
- /dev/sda4 - ext4 104 Go "ISO"
|
|
- /dev/sda5 - LVM 1.86 To "VMS"
|
|
|
|
### QNAP TS-431P2 (192.168.1.208)
|
|
- **CPU** : Alpine AL-314 (ARM Cortex-A15 quad-core)
|
|
- **RAM** : 8 Go
|
|
- **Disques** : 4 baies, RAID 1
|
|
- **OS** : QTS (on ne touche pas)
|
|
- **Services actuels** : Plex, bots Discord, NFS/SMB
|
|
|
|
### Reseau
|
|
- Box Orange : 192.168.1.1 (gateway + DNS)
|
|
- Masque : /24
|
|
- Pas de VLAN (reseau basique)
|
|
|
|
---
|
|
|
|
## VMs (Proxmox)
|
|
|
|
| VM | VMID | IP | RAM | vCPU | Disk | Role |
|
|
|----|------|----|-----|------|------|------|
|
|
| VM-DEDICATED | 110 | 192.168.1.110 | 24 Go | 8 | 40 Go | Serveurs de jeu |
|
|
| gateway | 200 | 192.168.1.254 | 512 Mo | 1 | 8 Go | WireGuard + Caddy (reverse proxy) |
|
|
| forgejo | 201 | 192.168.1.50 | 1 Go | 2 | 20 Go | Forge logicielle - https://forge.elewyn.dev |
|
|
| nextcloud | 202 | 192.168.1.51 | 6 Go | 4 | 20 Go | Cloud personnel - https://cloud.elewyn.dev |
|
|
| tools | 203 | 192.168.1.52 | 2 Go | 2 | 10 Go | Stirling PDF - http://192.168.1.52:8081 |
|
|
| **Reste libre** | | | **~12.5 Go** | | | Reserve k3s |
|
|
|
|
Template cloud-init : Rocky Linux 9 (VMID 9000)
|
|
|
|
---
|
|
|
|
## Repartition du stockage
|
|
|
|
| Donnee | Emplacement | Raison |
|
|
|--------|-------------|--------|
|
|
| OS des VMs + disques virtuels | ML110 (LVM "VMS") | Performance I/O |
|
|
| BDD PostgreSQL (Forgejo, Nextcloud) | ML110 (local) | BDD sur NFS = lent et risque |
|
|
| Fichiers Nextcloud (data utilisateur) | QNAP via NFS | Centralise, sauvegardable |
|
|
| Saves serveurs de jeu | QNAP via NFS | Backups |
|
|
| Backups VMs (vzdump) | QNAP via NFS | Proxmox backup natif |
|
|
| Media (Plex) | QNAP (local) | Deja en place |
|
|
|
|
---
|
|
|
|
## QNAP - Shares NFS
|
|
|
|
| Share | Usage | Acces restreint a |
|
|
|-------|-------|--------------------|
|
|
| nextcloud-data | Donnees Nextcloud | 192.168.1.51 |
|
|
| backups | Backups Proxmox | 192.168.1.242 |
|
|
| game-saves | Saves serveurs de jeu | 192.168.1.110 (VM dedicated) |
|
|
|
|
---
|
|
|
|
## Poste de pilotage
|
|
|
|
- **PC Gaming Windows 11** : VSCodium + Claude Code, WSL2 Debian
|
|
- **Laptop Linux Mint** : alternative (non disponible actuellement)
|
|
- **WSL2 Debian** : Terraform, Ansible, kubectl, Git, cles SSH
|
|
|
|
---
|
|
|
|
## Architecture reseau
|
|
|
|
```
|
|
Internet --> [VPS Scaleway PLAY2-PICO - 51.158.126.113]
|
|
| Caddy (reverse proxy + TLS Let's Encrypt)
|
|
| forge.elewyn.dev -> 192.168.1.50:3000
|
|
| cloud.elewyn.dev -> 192.168.1.51:8080
|
|
|
|
|
WireGuard tunnel (10.0.0.0/24)
|
|
VPS: 10.0.0.1 Gateway: 10.0.0.2
|
|
|
|
|
[VM gateway - 192.168.1.254]
|
|
|
|
|
+------+-------+-------+
|
|
| | | |
|
|
Forgejo Nextcloud Plex Tools
|
|
(.50) (.51) (QNAP) (.52)
|
|
```
|
|
|
|
---
|
|
|
|
## Stack technique
|
|
|
|
| Outil | Usage |
|
|
|-------|-------|
|
|
| **Terraform** (bpg/proxmox) | Provisionnement des VMs |
|
|
| **Ansible** | Configuration des VMs |
|
|
| **Docker Compose** | Deploiement des services |
|
|
| **WireGuard** | VPN entre VPS et homelab |
|
|
| **Caddy** | Reverse proxy + TLS auto |
|
|
| **Forgejo** | Forge logicielle (syntaxe GitHub Actions) |
|
|
| **Nextcloud** | Cloud personnel |
|
|
| **Stirling PDF** | Convertisseur de fichiers |
|
|
| **k3s** | Kubernetes (phase future) |
|
|
|
|
---
|
|
|
|
## Arborescence du repo
|
|
|
|
```
|
|
~/homelab/
|
|
├── .env # Secrets Terraform (jamais commit)
|
|
├── .gitignore
|
|
├── terraform/proxmox/
|
|
│ ├── main.tf # 4 VMs via for_each
|
|
│ ├── variables.tf
|
|
│ ├── outputs.tf
|
|
│ └── terraform.tfvars
|
|
├── ansible/
|
|
│ ├── ansible.cfg
|
|
│ ├── inventory/
|
|
│ │ ├── hosts.yml
|
|
│ │ └── group_vars/all/vault.yml # Secrets chiffres (Ansible Vault)
|
|
│ ├── site.yml # Orchestre tout
|
|
│ └── playbooks/
|
|
│ ├── base.yml # User Elewyn, SSH hardening, packages
|
|
│ ├── docker.yml # Docker sur forgejo/nextcloud/tools
|
|
│ ├── gateway.yml # WireGuard + Caddy (homelab)
|
|
│ ├── forgejo.yml # Forgejo + PostgreSQL
|
|
│ ├── nextcloud.yml # Nextcloud + montage NFS QNAP
|
|
│ ├── tools.yml # Stirling PDF
|
|
│ ├── vps.yml # VPS Scaleway (WireGuard + Caddy)
|
|
│ └── templates/
|
|
│ ├── wg0.conf.j2 # WireGuard gateway
|
|
│ ├── wg0-vps.conf.j2 # WireGuard VPS
|
|
│ ├── Caddyfile-vps.j2 # Caddy reverse proxy
|
|
│ ├── forgejo.env.j2
|
|
│ └── nextcloud.env.j2
|
|
└── docker/
|
|
├── gateway/Caddyfile
|
|
├── forgejo/
|
|
│ ├── docker-compose.yml
|
|
│ └── .env.example
|
|
├── nextcloud/
|
|
│ ├── docker-compose.yml
|
|
│ └── .env.example
|
|
└── tools/docker-compose.yml
|
|
```
|
|
|
|
---
|
|
|
|
## Users sur les VMs
|
|
|
|
| User | Role | Auth |
|
|
|------|------|------|
|
|
| ansible | Deploiement Ansible (cloud-init) | Cle SSH homelab |
|
|
| Elewyn | Admin (sudo via wheel) | Cle SSH homelab |
|
|
| root | Desactive en SSH | - |
|
|
|
|
---
|
|
|
|
## Plan d'action
|
|
|
|
### Phase 1 - Fondations (FAIT)
|
|
- [x] WSL2 Debian installe
|
|
- [x] Terraform, Ansible, Git installes
|
|
- [x] Cle SSH homelab generee
|
|
- [x] Template cloud-init Rocky 9 (VMID 9000)
|
|
- [x] Token API Proxmox (terraform@pam!provider)
|
|
- [x] Fichiers Terraform + Ansible ecrits
|
|
|
|
### Phase 2 - Provisionnement VMs
|
|
- [x] terraform apply (creer les 4 VMs)
|
|
- [x] Verifier acces SSH aux VMs (ping + ansible ping OK)
|
|
|
|
### Phase 3 - Configuration (Ansible)
|
|
- [x] base.yml (users, SSH hardening, firewalld, qemu-agent)
|
|
- [x] Installer collections Ansible (ansible.posix, community.docker, community.general)
|
|
- [x] Ansible Vault (secrets BDD chiffres)
|
|
- [x] ansible-playbook site.yml (docker, services)
|
|
|
|
### Phase 4 - Services
|
|
- [x] Forgejo + PostgreSQL deploye
|
|
- [x] Stirling PDF deploye
|
|
- [x] Nextcloud + PostgreSQL deploye
|
|
- [x] NFS QNAP monte (nextcloud-data, backups crees sur QNAP)
|
|
|
|
### Phase 5 - Exposition externe
|
|
- [x] Acheter NDD elewyn.dev (~7 EUR/an)
|
|
- [x] Louer VPS Scaleway PLAY2-PICO (~4 EUR/mois) - 51.158.126.113
|
|
- [x] WireGuard VPS <-> gateway (10.0.0.1 <-> 10.0.0.2)
|
|
- [x] Caddy reverse proxy + TLS Let's Encrypt
|
|
- [x] DNS Cloudflare (forge.elewyn.dev, cloud.elewyn.dev)
|
|
|
|
### Phase 6 - QNAP
|
|
- [x] Creer shares NFS (nextcloud-data)
|
|
- [x] Creer share NFS backups
|
|
- [x] Configurer backups vzdump Proxmox -> NFS (storage qnap-backups, schedule nuit)
|
|
- [x] Remplacer disque HS + RAID reconstruit
|
|
|
|
### Phase 7 - Kubernetes (futur)
|
|
- [ ] VM k3s single-node (6 Go RAM)
|
|
- [ ] Migration progressive des services
|
|
- [ ] ArgoCD (GitOps)
|
|
- [ ] Monitoring (Grafana/Loki/Prometheus)
|
|
|
|
---
|
|
|
|
## Budget
|
|
|
|
### Recurrent
|
|
|
|
| Poste | Cout |
|
|
|-------|------|
|
|
| NDD elewyn.dev | ~7 EUR/an |
|
|
| VPS Scaleway PLAY2-PICO | ~48 EUR/an |
|
|
| **Total annuel** | **~55 EUR/an** |
|
|
|
|
### Hardware (one-shot)
|
|
|
|
| Poste | Cout |
|
|
|-------|------|
|
|
| Disque QNAP remplacement | ~25 EUR |
|
|
| Intel Xeon Gold 5120 | ~20 EUR |
|
|
| RAM 16 Go HP PC4 1RX4 2666 MHz | ~80 EUR |
|
|
| **Total hardware** | **~125 EUR** |
|