This repository documents the configuration, automation, and management of a self-hosted Alpine Linux home server.
The system runs containerized and bare-metal workloads, uses Infrastructure as Code (IaC) for consistency, and is designed for minimalism, observability, and resilience.
| Component | Description |
|---|---|
| Base OS | Alpine Linux |
| Init System | OpenRC |
| Configuration Management | Ansible |
| Orchestration | K3s (lightweight Kubernetes) |
| Monitoring | Prometheus, Node Exporter, Grafana |
| Backups | Custom rsync-based incremental backups with cron |
| Networking | iptables, WPA supplicant |
| Storage | ext4 |
| Scheduler | crond (cronie) |
- Maintain a minimal, reproducible, and secure Linux server
- Automate configuration and deployment with Ansible playbooks
- Centralize metrics and monitoring for all nodes
- Implement reliable backup and recovery routines
- Serve as a testbed for IaC and DevOps automation
graph TD
A[Alpine Linux Host] -->|Ansible| B[System Configuration]
A -->|K3s| C[Kubernetes Workloads]
A -->|crond| D[Backup Jobs] & E[Update Jobs]
A -->|Node Exporter| F[Prometheus Server]
F --> G[Grafana Dashboards]
homelab-config/
├── LICENSE
├── README.md
├── configuration
│ ├── docker
│ ├── prometheus.yml
│ └── terraform
├── documentation
│ └── architecture.md
├── iac
│ ├── ansible
│ │ ├── inventory.yml
│ │ ├── playbooks
│ │ └── roles
├── inventory
├── runbooks
│ ├── DR
│ └── infrastructure
└── scripts
- Node Exporter: Exposes host metrics (CPU, disk, network, memory)
- Prometheus: Scrapes metrics and stores time-series data
- Grafana: Provides visual dashboards
- Alerting: Configuration via Prometheus Alertmanager. (TODO)
Metrics are exposed locally and can be aggregated via the Prometheus federation model
- Script: /usr/local/bin/backup.sh (rsync-based incremental)
- Scheduling: cron entries under /etc/cron.d/
- Targets: local disk + remote rsync endpoint
- Verification: optional checksum validation and logging to /var/log/backup.log
- SSH restricted to key-based auth
- Root password disabled for remote access
- Regular updates using apk upgrade via scheduled cron job
- iptables rules configured automatically by Ansible
- Sensitive credentials managed via Ansible Vault
- Add centralized log collection with Loki
- Introduce GitOps via FluxCD or ArgoCD
- Expand multi-node monitoring federation
- Integrate alerting via email/webhook
- Automate patch rollouts with Ansible cron hooks