# Infrastructure Overview

This document describes the physical and logical infrastructure of the Linode Homelab.

## 🌐 Hardware & OS
- **Provider:** Linode (Akamai)
- **Location:** Chicago (US-ORD)
- **Plan:** Shared CPU 2GB RAM / 50GB NVMe
- **OS:** Ubuntu 24.04 LTS (Upgraded from 22.04)
- **Primary User:** `drew` (Sudo & Docker groups)
- **Security:** Platform-managed Disk Encryption enabled.

## 💾 Storage Architecture
- **Volume:** 20GB Block Storage (Encrypted)
- **Mount Point:** `/mnt/docker_data`
- **Symlink:** `/opt/docker` -> `/mnt/docker_data`
  - All Docker-related files (compose files, config, volumes) reside under `/opt/docker`.
- **Mount Logic:** Persistent via `/etc/fstab` with `noatime,nofail`.

## 🖥️ System Tuning
- **RAM:** 2GB (Shared)
- **Swap:** 1.5GB Total 
  - Partition: `/dev/sdb` (512MB default)
  - File: `/swapfile` (1GB manual)
- **Swappiness:** Default (60)

## 🏗️ Docker Network Topology
| Network | Driver | Purpose |
| :--- | :--- | :--- |
| `web_gateway` | bridge (ext) | External traffic from Cloudflare Tunnels to containers. |
| `db_network` | bridge (ext) | Private traffic between Applications and the Global Postgres instance. |

## 🛡️ Security Model
- **Inbound:** Restricted to SSH (Port 22).
- **Web Access:** No open ports (80/443/3000). All traffic enters via outbound Cloudflare Tunnels (Zero Trust).
- **Authentication:** Protected by Cloudflare Access with MFA/WARP.
- **Backups:** Nightly (2:00 AM) to Linode Object Storage (S3) via `rclone`.