diff --git a/apps/website/blog.php b/apps/website/blog.php index 86d2cb5..5c0210e 100644 --- a/apps/website/blog.php +++ b/apps/website/blog.php @@ -41,6 +41,8 @@ $stackKeys = [ 'blog_stack_9', 'blog_stack_10', 'blog_stack_11', + 'blog_stack_12', + 'blog_stack_13', ]; $treeHref = 'homelab-tree.php?lang=' . urlencode($lang); @@ -51,15 +53,18 @@ $stackSourceLinks = [ 'blog_stack_1' => [ ['label' => 'lab.sh', 'path' => 'lab.sh'], ['label' => 'cluster/main.tf', 'path' => 'bootstrap/cluster/main.tf'], + ['label' => 'provisioning/main.tf', 'path' => 'bootstrap/provisioning/main.tf'], ], 'blog_stack_2' => [ ['label' => 'cluster/main.tf', 'path' => 'bootstrap/cluster/main.tf'], + ['label' => 'provisioning/main.tf', 'path' => 'bootstrap/provisioning/main.tf'], ], 'blog_stack_3' => [ ['label' => 'lab.sh', 'path' => 'lab.sh'], ['label' => 'cluster', 'path' => 'bootstrap/cluster/main.tf'], ['label' => 'platform', 'path' => 'bootstrap/platform/main.tf'], ['label' => 'apps', 'path' => 'bootstrap/apps/main.tf'], + ['label' => 'provisioning', 'path' => 'bootstrap/provisioning/main.tf'], ['label' => 'edge', 'path' => 'bootstrap/edge/main.tf'], ], 'blog_stack_4' => [ @@ -98,6 +103,15 @@ $stackSourceLinks = [ ['label' => 'demos web-app.yaml', 'path' => 'apps/demos-static/web-app.yaml'], ['label' => 'website demos.php', 'path' => 'apps/website/demos.php'], ], + 'blog_stack_12' => [ + ['label' => 'provisioning/main.tf', 'path' => 'bootstrap/provisioning/main.tf'], + ['label' => 'lab.sh Pimox pipeline', 'path' => 'lab.sh'], + ], + 'blog_stack_13' => [ + ['label' => 'preseed.cfg', 'path' => 'bootstrap/provisioning/templates/preseed.cfg.tftpl'], + ['label' => 'golden-node prepare', 'path' => 'bootstrap/provisioning/templates/golden-node-prepare.sh.tftpl'], + ['label' => 'prepare-template', 'path' => 'bootstrap/provisioning/templates/prepare-template.sh.tftpl'], + ], ]; function renderStackSourceLinks(string $stackKey, array $sourceLinks, string $sourceBase): void { @@ -188,93 +202,101 @@ function renderStackSourceLinks(string $stackKey, array $sourceLinks, string $so
- + Homelab architecture map - Git push enters Gitea, Gitea Actions validates and builds images, OpenTofu manages the cluster, Argo CD syncs manifests, and the OCI edge routes traffic over Tailscale into Kubernetes services. + Git push enters Gitea, Gitea Actions validates and builds app images, OpenTofu manages the cluster and provisioning layers, Debian serves PXE and preseed content, Pimox builds Debian VM templates, Argo CD syncs manifests, and the OCI edge routes traffic into Kubernetes services. - + Source, validation, and images - + Debian node 192.168.100.68 - + Edge access and workloads - + Developer laptop edit, test, push main - + Gitea repository https://lab2025.duckdns.org/git/ main is the release branch - + Gitea Actions runner Debian hosted runner - custom checkout for /git/ path + runs app-only deploys - + Validation gates Gitleaks secret scan Trivy IaC and image posture - + Buildx image build linux/arm64 website + demos - + OpenTofu + lab.sh - infra, platform, apps, edge - repeatable apply path + manual infra apply path + apps command for CI deploys - + + + PXE + preseed service + dnsmasq TFTP, nginx HTTP + Debian 13 arm64 netboot + golden-node prep scripts + + + kubeadm control plane API server, scheduler, controller Calico pod networking - + GitOps mirror validated commit copied locally Argo CD reads deploy state - + Argo CD container-registry, website gitea and demos-static apps - + Storage and backups OpenEBS retained hostpath PVs Gitea dumps and external SSD - + OCI edge host nginx, HAProxy, Varnish, Squid @@ -282,14 +304,14 @@ function renderStackSourceLinks(string $stackKey, array $sourceLinks, string $so public DNS entry point - + Tailscale + NodePorts 30080 website, 30081 demos 30300 Gitea service path - + Raspberry Pi 192.168.100.89 arm64 Kubernetes worker @@ -297,38 +319,52 @@ function renderStackSourceLinks(string $stackKey, array $sourceLinks, string $so demos-static and lab apps - + + + Orange Pi 5 Plus Pimox + VM 9000 Debian template + OVMF, virtio-scsi, qemu agent + future worker clones + waiting on more disk + + + Local registry :30500 php-website and demos-static pulled by arm64 workloads - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - push - workflow - scan - build - apply - validated Git - sync apps - secure tunnel - service traffic - image pulls + push + workflow + scan + build + manual infra + validated Git + serve boot + join path + Pimox template + sync apps + secure tunnel + service traffic + image pulls
@@ -514,6 +550,30 @@ function renderStackSourceLinks(string $stackKey, array $sourceLinks, string $so

+ +
+
+ +
+

+ +

+
+ +
+
+ +
+

+ +

+
diff --git a/apps/website/lang/en.php b/apps/website/lang/en.php index cb96ac3..1fb7f33 100644 --- a/apps/website/lang/en.php +++ b/apps/website/lang/en.php @@ -55,13 +55,13 @@ return [ 'blog_kicker' => 'Homelab field notes', 'blog_title' => 'I accidentally built a tiny CI/CD platform', - 'blog_subtitle' => 'A casual conversation about how a Debian box, a Raspberry Pi, an OCI edge host, and a suspicious amount of stubbornness became a repeatable Kubernetes delivery path.', + 'blog_subtitle' => 'A casual conversation about how a Debian box, a Raspberry Pi, an Orange Pi 5 Plus running Pimox, an OCI edge host, and a suspicious amount of stubbornness became a repeatable Kubernetes delivery path.', 'blog_speaker_question' => 'Future me, judging', 'blog_speaker_answer' => 'Me, holding coffee', 'blog_q1' => 'Be honest: why build all this instead of just running a couple containers like a normal person?', 'blog_a1' => 'Because apparently I looked at "host a website" and thought, "what if this had a control plane, GitOps, retained storage, an image registry, and several new ways to embarrass myself?" The real goal was practice: provision the infra, keep config in Git, deploy with automation, break it, fix it, and make sure I could rebuild it without relying on shell history and vibes.', 'blog_q2' => 'Why kubeadm? Were managed clusters too emotionally stable?', - 'blog_a2' => 'Pretty much. kubeadm keeps the cluster close to the metal, which is a polite way of saying I get to see every sharp edge. The Debian node runs the control plane, the Raspberry Pi joins as an arm64 worker, and suddenly networking, storage, container runtimes, certs, and node recovery are not mysterious cloud magic. They are my problem. Educational, in the same way stepping on a rake is educational.', + 'blog_a2' => 'Pretty much. kubeadm keeps the cluster close to the metal, which is a polite way of saying I get to see every sharp edge. The Debian node runs the control plane, the Raspberry Pi joins as an arm64 worker, and Pimox on an Orange Pi 5 Plus now gives me a path to add Debian 13 arm64 VM workers. Suddenly networking, storage, container runtimes, certs, and node recovery are not mysterious cloud magic. They are my problem.', 'blog_q3' => 'So where is the CI/CD part hiding?', 'blog_a3' => 'It is small, but it is real. OpenTofu brings up the cluster, platform, apps, and edge layers. Argo CD watches Git and keeps the cluster honest. Docker Buildx builds the PHP website for linux/arm64, pushes it to the local registry, and then the workload rolls forward. No enterprise dashboard fireworks, just a clean loop that says: Git changed, image built, cluster updated, nobody had to kubectl-edit anything at 2 AM.', 'blog_q4' => 'Why run your own registry and Gitea? Was the simple option unavailable?', @@ -72,10 +72,12 @@ return [ 'blog_a6' => 'Correct. The CV now has an Elegant mode for terminal-green seriousness and a Fancy mode where my face follows the cursor like it has opinions. The Demos page is now a catalog that links to a separate demos-static artifact, because apparently the natural next step after building a platform is learning not to shove every toy into the same image.', 'blog_q7' => 'Can the current cluster actually handle all that, or are we about to smoke the Pi?', 'blog_a7' => 'The Pi survives because the demos are intentionally local-first and now ship as a separate static artifact. The website pod stays a portfolio shell, the demos-static pod serves static bundles, and the user browser does the expensive work. If I later ship real ONNX object detection, Transformers.js, or full video transcoding models, those must lazy-load in the browser or move to a beefier node. The Raspberry Pi is brave, but it is not a GPU wearing a tiny hat.', + 'blog_q8' => 'So the lab can now build its own worker nodes?', + 'blog_a8' => 'Mostly, yes. Debian now runs a small provisioning layer with dnsmasq, nginx, PXE boot files, GRUB, and a Debian 13 arm64 preseed. OpenTofu talks to Pimox through qm, creates VM 9000, boots it from the network, installs the OS, runs the golden-node prep, disables swap, verifies cgroups, installs containerd and kubeadm tooling, then seals the VM as a template. The only current blocker for cloning more workers is wonderfully physical: add more disk space.', 'blog_stack_title' => 'Technologies and why they are here', - 'blog_stack_1' => 'Debian Linux is the steady adult in the room: control plane host, deployment workstation, and the place where OpenTofu, Docker, kubeadm, and the scripts do their thing.', - 'blog_stack_2' => 'Raspberry Pi adds an arm64 worker, which is great for learning multi-architecture builds and for reminding me that CPU architecture is not a decorative detail.', - 'blog_stack_3' => 'OpenTofu makes the cluster, platform, apps, and edge config repeatable, because "I swear I remember the command" is not a disaster recovery strategy.', + 'blog_stack_1' => 'Debian Linux is the steady adult in the room: control plane host, deployment workstation, PXE/preseed server, and the place where OpenTofu, Docker, kubeadm, and the scripts do their thing.', + 'blog_stack_2' => 'Raspberry Pi adds the current arm64 worker, while Pimox on the Orange Pi 5 Plus gives the lab a VM-based expansion path once there is enough storage.', + 'blog_stack_3' => 'OpenTofu makes the cluster, platform, apps, edge, and provisioning layers repeatable, because "I swear I remember the command" is not a disaster recovery strategy.', 'blog_stack_4' => 'Calico handles pod networking, and OpenEBS hostpath storage keeps the important data around after rebuilds, because deleting everything by accident is only funny once.', 'blog_stack_5' => 'Argo CD is the GitOps referee: manifests live in Git, the cluster follows along, and manual drift gets side-eyed back into place.', 'blog_stack_6' => 'The OCI edge host runs nginx, HAProxy, Varnish, and Squid so TLS, routing, and caching stay outside the home network while Tailscale sneaks the traffic back to the worker node.', @@ -84,10 +86,12 @@ return [ 'blog_stack_9' => 'The newer demos cover network jitter graphs, local JSON/JWT/log tools, an architecture simulator, an offline traveler converter, a redactor prototype, sentiment analysis, and model-drift simulation.', 'blog_stack_10' => 'The heavier ML demos are designed as client-side Wasm/ONNX/Transformers.js candidates, not server-side jobs. That keeps the homelab app boring to operate, which is secretly the whole point.', 'blog_stack_11' => 'The demo code now builds into its own demos-static image and Argo CD app, exposed at /demo-apps/. The PHP website only owns the catalog link, which is much less cursed.', + 'blog_stack_12' => 'The Pimox worker pipeline uses qm over SSH to create an OVMF/virtio-scsi Debian 13 arm64 VM, wait for qemu-guest-agent, seal it, and convert VM 9000 into a reusable template.', + 'blog_stack_13' => 'The golden image bakes in Kubernetes prerequisites: swap disabled, cgroup boot options checked, kernel modules loaded, containerd configured for systemd cgroups, kubeadm/kubelet/kubectl installed, and qemu-guest-agent enabled.', 'blog_arch_kicker' => 'Architecture map', 'blog_arch_title' => 'The homelab, end to end', - 'blog_arch_intro' => 'The current delivery path starts with a push to Gitea, runs local validation, builds arm64 images, syncs the validated commit into the GitOps mirror, and lets Argo CD reconcile the Kubernetes workloads while the OCI edge routes public traffic back through the private path.', - 'blog_arch_caption' => 'The diagram is intentionally operational: it shows the control flow, image flow, storage boundary, and public traffic path without hiding the practical bits that make a small lab behave like a platform.', + 'blog_arch_intro' => 'The current delivery path starts with a push to Gitea, runs local validation, builds arm64 images, syncs the validated commit into the GitOps mirror, and lets Argo CD reconcile the Kubernetes workloads. The infrastructure path stays manual through lab.sh, including the PXE/Pimox template builder, while the OCI edge routes public traffic back through the private path.', + 'blog_arch_caption' => 'The diagram is intentionally operational: it shows the app delivery loop, image flow, provisioning path, storage boundary, and public traffic path without hiding the practical bits that make a small lab behave like a platform.', 'blog_arch_fun_link' => 'Open the Christmas-tree version', 'blog_activity_kicker' => 'Recent activity log', 'blog_activity_title' => 'What changed since the first build', diff --git a/apps/website/lang/nah.php b/apps/website/lang/nah.php index 5fa32be..33bd602 100644 --- a/apps/website/lang/nah.php +++ b/apps/website/lang/nah.php @@ -59,13 +59,13 @@ return [ 'blog_kicker' => 'Homelab tlahcuilolli', 'blog_title' => 'Tlatecpanaliztli homelab CI/CD pipeline', - 'blog_subtitle' => 'Ce tlahtolli in quenin Debian server, Raspberry Pi, ihuan OCI edge box mochihua ce Kubernetes tlatequipanoliztli.', + 'blog_subtitle' => 'Ce tlahtolli in quenin Debian server, Raspberry Pi, Orange Pi 5 Plus ipan Pimox, ihuan OCI edge box mochihua ce Kubernetes tlatequipanoliztli.', 'blog_speaker_question' => 'Nehuatl mostla', 'blog_speaker_answer' => 'Nehuatl axcan', 'blog_q1' => 'Tleica niquichihua inin ihuan ahmo zan container tlatequipanoa?', 'blog_a1' => 'Ahmo zan website. Niquinequi nicnemiliz in operating model: infrastructure, Git, automation, recovery, ihuan reproducible rebuild.', 'blog_q2' => 'Tleica kubeadm ihuan ahmo managed Kubernetes?', - 'blog_a2' => 'kubeadm quipia cluster nechca metal. Debian quipia control plane ihuan Raspberry Pi mochihua arm64 worker, ic niquita networking, storage, runtime, certificates, ihuan node recovery.', + 'blog_a2' => 'kubeadm quipia cluster nechca metal. Debian quipia control plane, Raspberry Pi mochihua arm64 worker, ihuan Pimox ipan Orange Pi 5 Plus quimaca Debian 13 arm64 VM workers. Ipan inin niquita networking, storage, runtime, certificates, ihuan node recovery.', 'blog_q3' => 'Canin nemi CI/CD ipan inin setup?', 'blog_a3' => 'Pipeline achi tepiton. OpenTofu quichihua cluster, platform, apps, ihuan edge. Argo CD quitta Git repo ihuan quichihua sync. Docker Buildx quichihua PHP website image para linux/arm64 ihuan quipush ipan local registry.', 'blog_q4' => 'Tleica private registry ihuan Gitea ipan lab?', @@ -76,10 +76,12 @@ return [ 'blog_a6' => 'Quena. CV quipia Elegant mode para console green ihuan Fancy mode canin noxayac quitta cursor. Demos page axcan catalog ihuan demos-static artifact.', 'blog_q7' => 'Cluster huel quipias nochi demos?', 'blog_a7' => 'Quena, pampa demos cateh local-first ihuan separate static artifact. Website pod zan shell, demos-static pod quimaca bundles, browser quichihua tequitl. Real ONNX, Transformers.js, o video transcoding monequi lazy-load o occe node hueyi.', + 'blog_q8' => 'Axcan lab huel quichihua worker nodes?', + 'blog_a8' => 'Quena, achi. Debian quipia provisioning layer: dnsmasq, nginx, PXE, GRUB, ihuan Debian 13 arm64 preseed. OpenTofu notza Pimox ika qm, quichihua VM 9000, quiboota network, quinstala OS, quichihua golden-node prep, quitzacua swap, quitta cgroups, quinstala containerd ihuan kubeadm tools, ihuan quicuepa template. Axcan monequi occe disk para clones.', 'blog_stack_title' => 'Tlamantli ihuan tleica nemi nican', - 'blog_stack_1' => 'Debian Linux quimaca stable control-plane host ihuan canin nemi OpenTofu, Docker, kubeadm, ihuan scripts.', - 'blog_stack_2' => 'Raspberry Pi quimaca arm64 worker inic niyeyecoa multi-architecture builds ihuan node placement.', - 'blog_stack_3' => 'OpenTofu quichihua cluster, platform, apps, ihuan edge configuration reproducible.', + 'blog_stack_1' => 'Debian Linux quimaca control-plane host, deployment workstation, PXE/preseed server, ihuan canin nemi OpenTofu, Docker, kubeadm, ihuan scripts.', + 'blog_stack_2' => 'Raspberry Pi quimaca axcan arm64 worker; Pimox ipan Orange Pi 5 Plus quimaca VM expansion path quema onca achi disk.', + 'blog_stack_3' => 'OpenTofu quichihua cluster, platform, apps, edge, ihuan provisioning configuration reproducible.', 'blog_stack_4' => 'Calico quimati pod networking; OpenEBS hostpath storage quipia data ipan cluster rebuilds.', 'blog_stack_5' => 'Argo CD quimaca GitOps control loop: manifests cateh ipan Git ihuan cluster moyecpana.', 'blog_stack_6' => 'OCI edge host quipia nginx, HAProxy, Varnish, ihuan Squid para TLS, routing, ihuan cache, ihuan Tailscale quihuica traffic ipan worker node.', @@ -88,6 +90,8 @@ return [ 'blog_stack_9' => 'Yancuic demos quipia network jitter graphs, local JSON/JWT/log tools, architecture simulator, offline traveler converter, redactor, sentiment analysis, ihuan model drift simulation.', 'blog_stack_10' => 'ML demos monequi client-side Wasm/ONNX/Transformers.js, ahmo server-side jobs.', 'blog_stack_11' => 'Demo code axcan quichihua demos-static image ihuan Argo CD app, exposed ipan /demo-apps/. PHP website zan catalog.', + 'blog_stack_12' => 'Pimox worker pipeline quichihua qm ika SSH para OVMF/virtio-scsi Debian 13 arm64 VM, quichia qemu-guest-agent, quiseala, ihuan quicuepa VM 9000 template.', + 'blog_stack_13' => 'Golden image quipia Kubernetes prereqs: swap disabled, cgroup boot options checked, kernel modules, containerd systemd cgroups, kubeadm/kubelet/kubectl, ihuan qemu-guest-agent.', 'demos_kicker' => 'Tepiton tools ipan browser', 'demos_title' => 'Demo Apps',