cat about.md
Terragrunt-based infrastructure-as-code for provisioning and managing a personal homelab environment on AWS and Kubernetes.
This page is auto-generated and updated with every PR merge to the main branch.
ls -la features/
Remote State Management
AWS S3 and DynamoDB for secure state storage
Modular Infrastructure
Using Terragrunt and Terraform for maintainable code
Kubernetes Integration
Automated manifests and Helm charts deployment
Cloudflare Integration
DNS management and secure tunnels
Authentication
Keycloak SSO with GitHub/Google OAuth via shared oauth2-proxy
AI Capabilities
Hermes Agent (Lera) — Telegram-native personal assistant with persistent memory, Google Calendar, voice notes and browser tools, running on arm64
Github Actions CI/CD
Automated testing, building, and deployment pipelines
Secrets Management
Custom S3-backed secrets manager with a hand-written Terraform provider in Go
Custom Terraform Provider
terraform-provider-secretsmanager written from scratch in Go — resources, data sources, and write-only secret semantics for the in-house secrets manager
Database Management
PostgreSQL and Redis with authenticated web UIs
Observability Stack
Prometheus, Grafana, and Loki for metrics, dashboards, and logs — collected by Alloy and Promtail across amd64/arm nodes
Bare-Metal Fleet
k3s across amd64 + arm64/armv7 nodes (Ubuntu server, Raspberry Pi 5/2), host-level config via Ansible
find . -type d -name "*-*" | sort
| Module | Description |
|---|---|
| ./020-cloudflare | Cloudflare DNS, API token, and tunnel setup |
| ./021-ingress | NGINX Ingress controller for Kubernetes |
| ./030-redis | Redis data store |
| ./032-postgres | PostgreSQL database + per-app databases |
| ./035-keycloak | Keycloak identity provider |
| ./042-realm | Keycloak realm + shared oauth2-proxy |
| ./050-secrets-manager | Custom S3-backed secrets manager + custom Terraform provider written in Go |
| ./051-secrets | Secret path placeholders, values set out-of-band |
| ./100-monitoring | Prometheus, Grafana, Loki observability stack — Alloy + Promtail log collection |
| ./215-hermes | Hermes Agent "Lera": Telegram assistant on rpi5 — calendar, voice, web, persistent memory |
| ./500-apps | Apps: pgweb, RedisInsight (Keycloak protected) |
| ./900-webpage | This terminal-style webpage |
| ./ansible | Node-level IaC: Ubuntu k3s control-plane provisioning with Pi-hole LAN DNS, agent join (rpi5, rpi2), mDNS resolution, labels & taints |