Overview
Self-hosted infrastructure for web projects (Carzying). Runs on 4 Euronodes VPS in Lisbon plus 2 home Proxmox nodes for observability.
Monthly cost: 23.32 EUR
Stack Summary
| Component | Role |
|---|---|
| Talos K8s | Container orchestration (3-node cluster) |
| MetalLB | L2 load balancer, VIP 10.10.1.200 for Traefik |
| ExternalDNS | Auto-creates Cloudflare DNS records from K8s Ingress |
| Caddy WAF | Edge reverse proxy with security rules and passive health checks |
| WireGuard | Encrypted mesh network between all nodes |
| ArgoCD | GitOps continuous delivery |
| GitLab Runner | CI/CD runner in K8s (Helm, Kubernetes executor) |
| SigNoz | Metrics, traces, and logs (OpenTelemetry) |
| Ansible Semaphore | Auto-remediation via SigNoz webhook alerts |
| OneUptime | Incidents, on-call, and status pages |
| CloudNativePG | PostgreSQL operator for K8s |
| step-ca | Internal CA for TLS certificates (bastion) |
| Directus | Headless CMS for content management |
Next Steps
- Network Topology — WireGuard mesh, subnets, and DNS
- Servers — Full inventory with specs and costs
- Architecture — System design and decisions
- Operations — Runbooks and procedures