Infrastructure as Code - Proxmox, Terraform, Ansible, Docker. Rocky Linux 9, Forgejo, Nextcloud, Stirling PDF.

Find a file

Elewyn e30bcbec61 fix: runner registration - working_dir /data et user root		2026-04-30 14:14:09 +02:00
ansible	fix: runner registration - working_dir /data et user root	2026-04-30 14:14:09 +02:00
docker	added: vm runner iac and doc	2026-04-30 12:07:23 +02:00
terraform/proxmox	fix: datastore_id explicite pour cloud-init (local-lvm supprime)	2026-04-30 13:50:18 +02:00
.gitignore	Initial commit - homelab infrastructure	2026-04-09 14:46:59 +02:00
CLAUDE.md	docs: ordre deploiement VM et repertoire ansible	2026-04-30 14:01:18 +02:00
README.md	docs: runner VM, source .env Terraform, arborescence maj	2026-04-30 12:20:43 +02:00

README.md

Projet Homelab

Infrastructure physique

HPE ML110 - Proxmox (192.168.1.242)

CPU : Intel Xeon Gold 5120 (14 cores / 28 threads @ 2.20GHz)
RAM : 48 Go (HP PC4 1RX4 2666 MHz)
Boot : EFI
Kernel : Linux 6.5.11-8-pve
Reseau : vmbr0 (Linux bridge)
Disques :
- /dev/sda - 2 To
- /dev/sda1 - biosboot (1 Mo)
- /dev/sda2 - EFI (1 Go)
- /dev/sda3 - LVM 31 Go (local + local-lvm)
- /dev/sda4 - ext4 104 Go "ISO"
- /dev/sda5 - LVM 1.86 To "VMS"

QNAP TS-431P2 (192.168.1.208)

CPU : Alpine AL-314 (ARM Cortex-A15 quad-core)
RAM : 8 Go
Disques : 4 baies, RAID 1
OS : QTS (on ne touche pas)
Services actuels : Plex, bots Discord, NFS/SMB

Reseau

Box Orange : 192.168.1.1 (gateway + DNS)
Masque : /24
Pas de VLAN (reseau basique)

VMs (Proxmox)

VM	VMID	IP	RAM	vCPU	Disk	Role
VM-DEDICATED	110	192.168.1.110	24 Go	8	40 Go	Serveurs de jeu
gateway	200	192.168.1.254	512 Mo	1	8 Go	WireGuard + Caddy (reverse proxy)
forgejo	201	192.168.1.50	1 Go	2	20 Go	Forge logicielle - https://forge.elewyn.dev
nextcloud	202	192.168.1.51	6 Go	4	20 Go	Cloud personnel - https://cloud.elewyn.dev
tools	203	192.168.1.52	2 Go	2	10 Go	Stirling PDF - http://192.168.1.52:8081
runner	204	192.168.1.53	4 Go	4	20 Go	Forgejo Actions Runner
Reste libre			~8.5 Go			Reserve k3s

Template cloud-init : Rocky Linux 9 (VMID 9000)

Repartition du stockage

Donnee	Emplacement	Raison
OS des VMs + disques virtuels	ML110 (LVM "VMS")	Performance I/O
BDD PostgreSQL (Forgejo, Nextcloud)	ML110 (local)	BDD sur NFS = lent et risque
Fichiers Nextcloud (data utilisateur)	QNAP via NFS	Centralise, sauvegardable
Saves serveurs de jeu	QNAP via NFS	Backups
Backups VMs (vzdump)	QNAP via NFS	Proxmox backup natif
Media (Plex)	QNAP (local)	Deja en place

QNAP - Shares NFS

Share	Usage	Acces restreint a
nextcloud-data	Donnees Nextcloud	192.168.1.51
backups	Backups Proxmox	192.168.1.242
game-saves	Saves serveurs de jeu	192.168.1.110 (VM dedicated)

Poste de pilotage

PC Gaming Windows 11 : VSCodium + Claude Code, WSL2 Debian
Laptop Linux Mint : alternative (non disponible actuellement)
WSL2 Debian : Terraform, Ansible, kubectl, Git, cles SSH

Architecture reseau

Internet --> [VPS Scaleway PLAY2-PICO - 51.158.126.113]
                |  Caddy (reverse proxy + TLS Let's Encrypt)
                |  forge.elewyn.dev -> 192.168.1.50:3000
                |  cloud.elewyn.dev -> 192.168.1.51:8080
                |
             WireGuard tunnel (10.0.0.0/24)
             VPS: 10.0.0.1  Gateway: 10.0.0.2
                |
            [VM gateway - 192.168.1.254]
                |
         +------+-------+-------+
         |      |       |       |
      Forgejo  Nextcloud  Plex  Tools
      (.50)    (.51)     (QNAP) (.52)

Stack technique

Outil	Usage
Terraform (bpg/proxmox)	Provisionnement des VMs
Ansible	Configuration des VMs
Docker Compose	Deploiement des services
WireGuard	VPN entre VPS et homelab
Caddy	Reverse proxy + TLS auto
Forgejo	Forge logicielle (syntaxe GitHub Actions)
Nextcloud	Cloud personnel
Stirling PDF	Convertisseur de fichiers
k3s	Kubernetes (phase future)

Arborescence du repo

~/homelab/
├── .env                              # Secrets Terraform (jamais commit)
├── .gitignore
├── terraform/proxmox/
│   ├── main.tf                       # 5 VMs via for_each
│   ├── variables.tf
│   ├── outputs.tf
│   └── terraform.tfvars
├── ansible/
│   ├── ansible.cfg
│   ├── inventory/
│   │   ├── hosts.yml
│   │   └── group_vars/all/vault.yml  # Secrets chiffres (Ansible Vault)
│   ├── site.yml                      # Orchestre tout
│   └── playbooks/
│       ├── base.yml                  # User Elewyn, SSH hardening, packages
│       ├── docker.yml                # Docker sur forgejo/nextcloud/tools
│       ├── gateway.yml               # WireGuard + Caddy (homelab)
│       ├── forgejo.yml               # Forgejo + PostgreSQL
│       ├── nextcloud.yml             # Nextcloud + montage NFS QNAP
│       ├── tools.yml                 # Stirling PDF
│       ├── runner.yml                # Forgejo Actions Runner
│       ├── vps.yml                   # VPS Scaleway (WireGuard + Caddy)
│       └── templates/
│           ├── wg0.conf.j2           # WireGuard gateway
│           ├── wg0-vps.conf.j2       # WireGuard VPS
│           ├── Caddyfile-vps.j2      # Caddy reverse proxy
│           ├── forgejo.env.j2
│           └── nextcloud.env.j2
└── docker/
    ├── gateway/Caddyfile
    ├── forgejo/
    │   ├── docker-compose.yml
    │   └── .env.example
    ├── nextcloud/
    │   ├── docker-compose.yml
    │   └── .env.example
    └── tools/docker-compose.yml

Users sur les VMs

User	Role	Auth
ansible	Deploiement Ansible (cloud-init)	Cle SSH homelab
Elewyn	Admin (sudo via wheel)	Cle SSH homelab
root	Desactive en SSH	-

Plan d'action

Phase 1 - Fondations (FAIT)

WSL2 Debian installe
Terraform, Ansible, Git installes
Cle SSH homelab generee
Template cloud-init Rocky 9 (VMID 9000)
Token API Proxmox (terraform@pam!provider)
Fichiers Terraform + Ansible ecrits

Phase 2 - Provisionnement VMs

terraform apply (creer les 4 VMs)
Verifier acces SSH aux VMs (ping + ansible ping OK)

Phase 3 - Configuration (Ansible)

base.yml (users, SSH hardening, firewalld, qemu-agent)
Installer collections Ansible (ansible.posix, community.docker, community.general)
Ansible Vault (secrets BDD chiffres)
ansible-playbook site.yml (docker, services)

Phase 4 - Services

Forgejo + PostgreSQL deploye
Stirling PDF deploye
Nextcloud + PostgreSQL deploye
NFS QNAP monte (nextcloud-data, backups crees sur QNAP)

Phase 5 - Exposition externe

Acheter NDD elewyn.dev (~7 EUR/an)
Louer VPS Scaleway PLAY2-PICO (~4 EUR/mois) - 51.158.126.113
WireGuard VPS <-> gateway (10.0.0.1 <-> 10.0.0.2)
Caddy reverse proxy + TLS Let's Encrypt
DNS Cloudflare (forge.elewyn.dev, cloud.elewyn.dev)

Phase 6 - QNAP

Creer shares NFS (nextcloud-data)
Creer share NFS backups
Configurer backups vzdump Proxmox -> NFS (storage qnap-backups, schedule nuit)
Remplacer disque HS + RAID reconstruit

Phase 7 - Kubernetes (futur)

VM k3s single-node (6 Go RAM)
Migration progressive des services
ArgoCD (GitOps)
Monitoring (Grafana/Loki/Prometheus)

Budget

Recurrent

Poste	Cout
NDD elewyn.dev	~7 EUR/an
VPS Scaleway PLAY2-PICO	~48 EUR/an
Total annuel	~55 EUR/an

Hardware (one-shot)

Poste	Cout
Disque QNAP remplacement	~25 EUR
Intel Xeon Gold 5120	~20 EUR
RAM 16 Go HP PC4 1RX4 2666 MHz	~80 EUR
Total hardware	~125 EUR