Homelab Configuration

Project Overview

This homelab is a production-minded self-hosting platform for family and personal projects. It is designed around two principles:

• Operations first: backups, upgrades, and failure modes are treated as core features.
• Automation first: infrastructure and configuration are expressed as code wherever possible.

The platform runs a set of core services (GitLab, SonarQube, Postgres, object storage, reverse proxy) plus observability and supporting tools. Everything is deployed using Podman Compose and incrementally automated using Terraform.

Architecture and Key Components

Reverse proxy and edge routing (Nginx)

Nginx serves as the entry point for self-hosted services and was iterated on heavily for “real world” behavior:

• Preserved real client IPs in a Podman environment (including a host-network workaround where NAT rules interfered).
• Added performance improvements such as cache configuration and optimizations.
• Hardened UX and operability with a custom 50x error page and controlled exposure of internal endpoints.
• Upgraded logs to structured, “enterprise-grade” JSON including IP geo data for better traffic visibility.

Core platform services

• GitLab CE as the primary source control and CI/CD foundation.
• SonarQube for code quality governance.
• PostgreSQL as the primary relational backend for multiple services.
• Redis integrated where required by GitLab.
• MinIO for S3-compatible object storage.

Observability and log analytics

The platform includes an end-to-end monitoring pipeline:

• Prometheus scrapes service metrics, including Nginx metrics exposed via an exporter and a restricted /stub_status route.
• Grafana provides dashboards with datasources wired to each deployed service.
• Fluent Bit → OpenSearch ships and indexes Nginx logs for search and analysis (including a dedicated index for Nginx monitoring).

Infrastructure as Code (Terraform)

Terraform is used to bring repeatability to both infrastructure and service configuration:

• Provisioned Postgres databases and roles.
• Provisioned MinIO buckets and access roles.
• Managed GitLab groups and service accounts.
• Automated SonarQube ↔ GitLab integration, keeping authentication and integration wiring consistent across changes.

This made it possible to treat services as a platform with version-controlled state rather than a set of snowflake containers.

Reliability, Backups, and Upgrade Strategy

This project intentionally focuses on the “unsexy” parts that make self-hosting reliable:

• Implemented and iterated on backup scripts for GitLab and SonarQube, including fixes for permissions and operational edge cases.
• Added Postgres backups, and later migrated Vaultwarden from its previous database to Postgres for consistency and backupability.
• Tuned GitLab backup behavior (compression improvements) and accelerated restore workflows.
• Reduced operational surprises by introducing named volumes (instead of anonymous volumes) and by tightening container runtime configuration.
• Improved service isolation through a network separation refactor.
• Increased storage availability by moving MinIO storage to NAS-backed infrastructure.

What This Demonstrates

• Platform engineering mindset applied to a home environment: reliability and operability before “more services.”
• Practical experience running stateful systems (GitLab/Postgres/SonarQube/object storage) with backup/restore discipline.
• Incremental automation: starting with Compose, then moving critical configuration into Terraform as the system matures.