Skip to content

weakphish/self-hosted

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
ansible
ansible
 
 
pulumi
pulumi
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 

Repository files navigation

Install & Setup Notes

Ansible

  • Seems to require export ANSIBLE_BECOME_EXE=sudo.ws due to this issue
  • Run with ansible-playbook playbook.yml -i inventory.yml -kK where the flags have you manually input SSH password

Repo Structure

  • ansible/ - Contains Ansible playbook to bootstrap K3s
  • pulumi - IaC for managing cloud & k8s resources

Architecture Notes

Diagram

flowchart TB
    subgraph Internet
        Users[External Users]
        CF[Cloudflare]
    end

    subgraph Tailnet[Tailscale Network]
        Admin[Admin/Internal Users]
    end

    subgraph Server["Server (new-bermuda)"]
        subgraph K3s[K3s Cluster]
            subgraph Networking
                TSOperator[Tailscale Operator]
                Cloudflared[cloudflared pods]
            end

            subgraph Apps[Applications]
                Foundry[Foundry VTT]
                Glance[Glance Dashboard]
                Satisfactory[Satisfactory Server]
            end

            subgraph Monitoring[Monitoring Stack]
                Prometheus[Prometheus]
                Grafana[Grafana]
            end

            subgraph Storage
                FoundryPV[(PV: /home/jack/foundrydata)]
                SatisfactoryPV[(PV: /home/jack/satisfactory)]
                GrafanaPV[(PV: Grafana)]
            end
        end
    end

    Users -->|HTTPS| CF
    CF -->|Zero Trust Auth| CF
    CF -->|Tunnel| Cloudflared
    Cloudflared -->|:30000| Foundry

    Admin -->|Tailscale Full Access| TSOperator
    TSOperator -->|Ingress| Glance
    TSOperator -->|Ingress| Foundry
    TSOperator -->|Ingress| Satisfactory
    TSOperator -->|Ingress| Grafana

    Members[Tailnet Members] -->|Tailscale :7777 only| Satisfactory

    Foundry --> FoundryPV
    Satisfactory --> SatisfactoryPV
    Grafana --> GrafanaPV
    Prometheus -.Scrapes.- Foundry
    Prometheus -.Scrapes.- Satisfactory

    style CF fill:#f6821f
    style TSOperator fill:#4a5568
    style Foundry fill:#7c3aed
    style Glance fill:#10b981
    style Satisfactory fill:#f97316
    style Grafana fill:#ff6b6b
    style Prometheus fill:#e08234
Loading

Networking

  • Cloudflare for 'application' access - in my case, Foundry for DnD sessions
  • Tailscale for everything else
    • Tailscale K8s operator pod
    • ACL: admin user has full access; all other tailnet members restricted to Satisfactory server (port 7777) only

Pulumi

  • Used to manage Cloudflare resources
    • Creates tunnel & DNS records
    • Creates zero-trust application
  • Also creates Kubernetes resources, generally a file per application
  • Bootstrap K8s cluster basically
  • NOTE: in the future, probably will get more Hardware
    • perhaps a stack per machine? maybe? that may not make sense though if a cluster is machine agnostic

Resources / ideas

About

my home server box config and such

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 Latest
Feb 1, 2026

Packages

No packages published

Languages