adminuser/private-ai-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Hrankin, Aleksandr (contracted)
2026-02-19 11:34:13 +00:00
commit f243f440c3
191 changed files with 6183 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

271
README.md Normal file
View File

@@ -0,0 +1,271 @@
# 🧠 DevOps Infra Stack --- Proxmox + Ceph + Kubernetes + DNS
Fully automated self-hosted infrastructure.
![Project Logo](documentation/images/arch-diagram.jpg)
The project deploys:
- Proxmox infrastructure
- Golden VM templates via
Packer - VM provisioning via Terraform
- Hardened nodes (SSH, nftables,
fail2ban)
- DNS (PowerDNS)
- NTP (chrony hierarchy)
- Ceph cluster
- Kubernetes cluster
- K8s apps (MetalLB, ingress, postgres operator,
valkey)
Everything is deployed via Makefile + Ansible + Terraform + Packer.
------------------------------------------------------------------------
# 🏗 Architecture
Infrastructure components:
- Proxmox host (bare metal)
- LXC packer builder
- Golden VM templates
- VM nodes:
- DNS
- NTP
- Ceph (3 nodes)
- Kubernetes master
- Kubernetes worker
- K8s stack:
- MetalLB
- nginx ingress
- Crunchy Postgres Operator
- Valkey (Redis alternative)
------------------------------------------------------------------------
# 📦 Technology Stack
- Proxmox VE
- Terraform
- Ansible
- Packer
- Docker + Docker Compose (for DNS)
- Ceph
- Kubernetes
- Helm
- PowerDNS
- Chrony
- nftables + fail2ban hardening
------------------------------------------------------------------------
# 🚀 Full Infrastructure Bootstrap
Main entrypoint:
``` bash
make -f bootstrap.mk
```
It will execute:
1. VM creation
2. Hardening
3. DNS setup
4. NTP setup
5. Ceph cluster
------------------------------------------------------------------------
# 🧱 Deployment Stages
## 0. Create LXC + Packer
``` bash
make -f 00_create_and_setup_lxc_container_with_packer.mk
```
- Download LXC template
- Create LXC via Terraform
- Install packer inside LXC
------------------------------------------------------------------------
## 1. Golden VM template
``` bash
make -f 01_create_vm_golden_template.mk
```
- Download ISO
- Upload packer config
- Build golden image
- Shut down packer LXC
------------------------------------------------------------------------
## 2. Create VMs
``` bash
make -f 02_create_vms.mk
```
- Enable cloud-init snippets
- Terraform creates VMs
------------------------------------------------------------------------
## 3. Harden nodes
``` bash
make -f 03_harden_vms.mk
```
- Remove packer user
- SSH hardening
- nftables
- fail2ban
------------------------------------------------------------------------
## 4. DNS
``` bash
make -f 04_setup_dns.mk
```
- PowerDNS install
- Zones + records via Terraform
- systemd-resolved config
------------------------------------------------------------------------
## 5. NTP
``` bash
make -f 05_setup_ntp.mk
```
Hierarchy:
- edge NTP server (proxmox)
- core NTP server
- clients use core NTP server
------------------------------------------------------------------------
## 6. Ceph
``` bash
make -f 06_setup_ceph.mk
```
- install
- bootstrap
- share keys
- cluster init
------------------------------------------------------------------------
## 7. Kubernetes
``` bash
make -f 07_setup_k8s.mk
```
After installation:
``` bash
ssh user@k8smasternode -p 10525
```
Replace cluster endpoint with localhost tunnel.
Then:
``` bash
terraform apply -target=module.metallb_helm
terraform apply -target=module.crunchy_operator
terraform apply
```
Get credentials:
``` bash
# postgres
kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.user}' | base64 -d; echo
# valkey
kubectl -n valkey get secret valkey-users -o jsonpath='{.data.default}' | base64 -d; echo
```
------------------------------------------------------------------------
# 📁 Project Structure
ansible/
terraform/
packer/
makefiles/
bootstrap.mk
------------------------------------------------------------------------
# 🔐 Requirements
Before running:
- SSH access to Proxmox
- Proxmox API token
- terraform.tfvars filled
- inventory.ini filled
- kubeconfig path specified
------------------------------------------------------------------------
# 🔭 Planned Services & Future Stack
The following services are planned for the next deployment stages:
- **NetBird** --- internal VPN mesh network (currently working on this
stage)
- **Keycloak** --- unified authentication and identity provider across
services
- **Monitoring stack (Grafana, Loki, Prometheus, Trickster)** ---
monitoring and observability tools\
*(previously deployed, but not yet integrated into this project)*
- **FreeIPA** --- centralized user and identity management inside
operating systems
- **Vault** --- centralized storage for passwords, tokens, and
operational credentials
- **OpenNebula** --- additional virtualization layer for providing
user VM spaces\
*(similar to AWS EC2 for internal infrastructure)*
- **Nextcloud + LibreOffice** --- Google Cloud alternative for
collaborative document editing\
*(Nextcloud deployed previously, but not yet within this project)*
- **Element + Matrix** --- Telegram-like communication platform\
*(stack deployed previously, but not yet integrated into this
project)*
- **LLM (local language model)** --- neural network for text
processing\
*(GPT2 already tested; LLaMA 7B planned as MVP depending on
available resources)*\
Future usage:
- LibreOffice document assistant
- Matrix/Element chatbot integration
- **Kafka** --- message queue layer between LibreOffice, Element, and
LLM services\
Ensures reliable request delivery and acts as a service integration
layer
- **OCR tools** --- document recognition and conversion pipeline\
Enables transforming documents into formats suitable for LLM
processing and search
------------------------------------------------------------------------
# 🧠 Project Idea
Self-hosted cloud platform, own mini cloud. Fully autonomous infrastructure.
# 👤 Author
Aleksandr Hrankin