168198e8a7
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 2s
38 lines
1.5 KiB
Markdown
38 lines
1.5 KiB
Markdown
# Infrastructure Overview
|
|
|
|
This document describes the physical and logical infrastructure of the Linode Homelab.
|
|
|
|
## 🌐 Hardware & OS
|
|
- **Provider:** Linode (Akamai)
|
|
- **Location:** Chicago (US-ORD)
|
|
- **Plan:** Shared CPU 2GB RAM / 50GB NVMe
|
|
- **OS:** Ubuntu 24.04 LTS (Upgraded from 22.04)
|
|
- **Primary User:** `drew` (Sudo & Docker groups)
|
|
- **Security:** Platform-managed Disk Encryption enabled.
|
|
|
|
## 💾 Storage Architecture
|
|
- **Volume:** 20GB Block Storage (Encrypted)
|
|
- **Mount Point:** `/mnt/docker_data`
|
|
- **Symlink:** `/opt/docker` -> `/mnt/docker_data`
|
|
- All Docker-related files (compose files, config, volumes) reside under `/opt/docker`.
|
|
- **Mount Logic:** Persistent via `/etc/fstab` with `noatime,nofail`.
|
|
|
|
## 🖥️ System Tuning
|
|
- **RAM:** 2GB (Shared)
|
|
- **Swap:** 1.5GB Total
|
|
- Partition: `/dev/sdb` (512MB default)
|
|
- File: `/swapfile` (1GB manual)
|
|
- **Swappiness:** Default (60)
|
|
|
|
## 🏗️ Docker Network Topology
|
|
| Network | Driver | Purpose |
|
|
| :--- | :--- | :--- |
|
|
| `web_gateway` | bridge (ext) | External traffic from Cloudflare Tunnels to containers. |
|
|
| `db_network` | bridge (ext) | Private traffic between Applications and the Global Postgres instance. |
|
|
|
|
## 🛡️ Security Model
|
|
- **Inbound:** Restricted to SSH (Port 22).
|
|
- **Web Access:** No open ports (80/443/3000). All traffic enters via outbound Cloudflare Tunnels (Zero Trust).
|
|
- **Authentication:** Protected by Cloudflare Access with MFA/WARP.
|
|
- **Backups:** Nightly (2:00 AM) to Linode Object Storage (S3) via `rclone`.
|