This repo contains all the files I use to run my personal infrastructure. If I owned and operated the hardware, it would be a homelab, but I do not so it is the CloudLab. Humorous.
The system is designed with the explicit goals of being elegant, declarative, and robust.
- Ingress → Caddy
- Automatic updates → Watchtower
- Backups → Tarsnap
- Email → Maddy and rspamd
- Calendar and contacts → Radicale
- Passwords → Vaultwarden
- Websites
- RSS Reader → Miniflux
- Bookmarks → Linkding
- Livestreams → Owncast
- File sync → Syncthing
All programs are run in a single logical Docker Compose instance,
without exception. The configuration is split throughout several,
domain-oriented files in definitions/ imported from the primary
compose.yml at root.
Individual services store their settings (version-controlled) and data
in the services/ folder. This entire folder is included in backups.
Secrets are committed directly to the repository using SOPS.
Container images are not built anywhere on the server, as that would violate the directive above concerning activity happening outside of Compose. Instead, third-party containers are pulled from various online registries and bespoke images pushed to the server via the unregistry.
Concision in this repository is a virtue. It indicates a delegation of concerns—leaving the aspects of running infrastructure best managed by experts, or reliant on consistent updates, to be managed elsewhere.
