docs: Consolidate homelab documentation and update SSH guide

2026-04-26 21:28:40 +00:00
parent c3b3b82614
commit 168198e8a7
12 changed files with 232 additions and 208 deletions
--- a/infrastructure.md
+++ b/infrastructure.md
@@ -0,0 +1,37 @@
+# Infrastructure Overview
+
+This document describes the physical and logical infrastructure of the Linode Homelab.
+
+## 🌐 Hardware & OS
+- **Provider:** Linode (Akamai)
+- **Location:** Chicago (US-ORD)
+- **Plan:** Shared CPU 2GB RAM / 50GB NVMe
+- **OS:** Ubuntu 24.04 LTS (Upgraded from 22.04)
+- **Primary User:** `drew` (Sudo & Docker groups)
+- **Security:** Platform-managed Disk Encryption enabled.
+
+## 💾 Storage Architecture
+- **Volume:** 20GB Block Storage (Encrypted)
+- **Mount Point:** `/mnt/docker_data`
+- **Symlink:** `/opt/docker` -> `/mnt/docker_data`
+  - All Docker-related files (compose files, config, volumes) reside under `/opt/docker`.
+- **Mount Logic:** Persistent via `/etc/fstab` with `noatime,nofail`.
+
+## 🖥️ System Tuning
+- **RAM:** 2GB (Shared)
+- **Swap:** 1.5GB Total 
+  - Partition: `/dev/sdb` (512MB default)
+  - File: `/swapfile` (1GB manual)
+- **Swappiness:** Default (60)
+
+## 🏗️ Docker Network Topology
+| Network | Driver | Purpose |
+| :--- | :--- | :--- |
+| `web_gateway` | bridge (ext) | External traffic from Cloudflare Tunnels to containers. |
+| `db_network` | bridge (ext) | Private traffic between Applications and the Global Postgres instance. |
+
+## 🛡️ Security Model
+- **Inbound:** Restricted to SSH (Port 22).
+- **Web Access:** No open ports (80/443/3000). All traffic enters via outbound Cloudflare Tunnels (Zero Trust).
+- **Authentication:** Protected by Cloudflare Access with MFA/WARP.
+- **Backups:** Nightly (2:00 AM) to Linode Object Storage (S3) via `rclone`.