This is the config-as-code of my personal machine cluster, which I use to self-host some services, including my personal website.
You can find write-up of the set-up and architecture here.
The fleet is made up of
- a few small servers hosted by Contabo, in Germany
- a few small servers hosted by Hetzner, in Germany
- 2 old machines in London, UK (in my living room)
- 1 old laptop in Madrid, Spain (this one is in my parents' living room)
- Cloudlfare proxies my public HTTP traffic
The technologies I use include
- Wireguard for the connection between nodes, so all cluster communication is private and secure
- Nomad for orchestrating containers, netwkoring, and storage
- Vault for automating and storing secrets, including mTLS between services and my own ACME authority
- Consul for service discovery and service-mesh orchestration
- NixOS for managing the bare-metal (and Colmena for deploying remotely)
- SeaweedFS as a distributed filesystem to manage highly available persistent storage
- CockroachDB for HA distributed SQL databases
- Leng (which I maintain myself) for DNS service-discovery and adblocking
I always set up the HA versions of the above. This means Raft storage for Vault, erasure coding for SeaweedFS, etc.
Configuration management is done declaratively, with Terraform (for the stateful services) and Nix (for the OS and package management).
Here is a screenshot of the main LGTM dashboard:
