diff --git a/1password/secrets.json b/1password/secrets.json index d53de47..70c0ac7 100644 --- a/1password/secrets.json +++ b/1password/secrets.json @@ -79,9 +79,5 @@ "name": "longhorn-backup", "namespace": "longhorn-system", "itemPath": "vaults/Lab/items/longhorn-backup" - }, - { - "name": "cloudflare-r2-token", - "itemPath": "vaults/Private/items/cloudflare" } ] diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 100644 index 3e32ce6..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1,105 +0,0 @@ -# CLAUDE.md - -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. - -## Project Overview - -This is a homelab infrastructure-as-code project using CDKTF (Cloud Development Kit for Terraform) with TypeScript. The project defines and manages a complete Kubernetes-based homelab environment including various services like GitLab, Postgres clusters, authentication systems, and monitoring solutions. - -## Architecture - -The project follows a modular architecture pattern where each service is implemented as a TypeScript class extending `Construct`. The main stack is defined in `main.ts` which orchestrates all the services: - -- **Core Stack**: Located in `main.ts` - defines the main `Homelab` class that manages all infrastructure components -- **Service Modules**: Each service (Gitea, Postgres, Authentik, etc.) is in its own directory with an `index.ts` file -- **Helm Values**: Service-specific Helm chart values are stored in `helm/values/` directory -- **State Management**: Uses Cloudflare R2 as the Terraform state backend - -### Key Services Managed - -- **GitLab Server** (`gitea/`) - Self-hosted Git repository management -- **PostgreSQL Cluster** (`postgres/`) - Multi-instance database cluster with TLS certificates -- **Authentik** (`authentik/`) - Identity and access management -- **Redis Cluster** (`redis/`) - In-memory data structure store -- **Monitoring Stack** (`prometheus/`) - Prometheus-based monitoring -- **Storage** (`longhorn/`) - Distributed block storage -- **Load Balancing** (`metallb/`) - Bare metal load balancer -- **Ingress** (`nginx/`) - HTTP/HTTPS ingress controller -- **DNS** (`pihole/`) - Network-wide ad blocking -- **Secret Management** (`1password/`) - External secrets integration - -## Development Commands - -### Build and Compilation -```bash -npm run build # Compile TypeScript to JavaScript -npm run compile # Compile with pretty output -npm run watch # Watch mode for development -``` - -### CDKTF Operations -```bash -npm run get # Download and generate provider bindings -npm run synth # Generate Terraform configuration -cdktf deploy # Deploy infrastructure -cdktf destroy # Destroy infrastructure -``` - -### Environment Setup -```bash -nix develop # Enter development environment (requires Nix) -``` - -## Development Environment - -The project uses Nix for development environment management. The `flake.nix` provides: -- Node.js 24 -- Terraform and CDKTF CLI -- Kubernetes tooling (kubectl, helm) -- Development tools (TypeScript LSP, prettier, jq) -- Infrastructure tools (tflint, awscli2) - -## Environment Variables - -Required environment variables (defined in `.env`): -- `R2_ACCESS_KEY_ID` - Cloudflare R2 access key -- `R2_SECRET_ACCESS_KEY` - Cloudflare R2 secret key -- `ACCOUNT_ID` - Cloudflare account ID -- `BUCKET` - R2 bucket name for state storage - -## TypeScript Configuration - -The project uses strict TypeScript configuration with: -- Target: ES2018 -- Module: CommonJS -- Strict type checking enabled -- Declaration files generated -- Incremental compilation - -## Working with Services - -Each service follows a consistent pattern: -1. Service class in `{service}/index.ts` -2. Helm values file in `helm/values/{service}.values.yaml` -3. Service instantiated in `main.ts` with required providers and configuration - -When adding new services: -- Create a new directory with `index.ts` -- Define a TypeScript class extending `Construct` -- Add Helm values file if using Helm charts -- Import and instantiate in `main.ts` - -## Certificate Management - -The PostgreSQL cluster includes comprehensive TLS certificate management using cert-manager: -- Self-signed root CA certificates -- Separate server and client certificate chains -- Automatic certificate rotation -- Client certificates for database users - -## Storage and Networking - -- **Storage Class**: Uses `longhorn-crypto` for encrypted persistent volumes -- **Networking**: MetalLB provides load balancer services for bare metal -- **DNS**: Custom CoreDNS configuration for internal name resolution -- **Ingress**: Nginx ingress controller for HTTP/HTTPS traffic \ No newline at end of file diff --git a/main.ts b/main.ts index 877e3c3..0ac3b91 100644 --- a/main.ts +++ b/main.ts @@ -128,7 +128,6 @@ class Homelab extends TerraformStack { users: ["shahab", "budget-tracker"], primaryUser: "shahab", initSecretName: "postgres-password", - backupR2EndpointURL: `https://${env.ACCOUNT_ID}.r2.cloudflarestorage.com/homelab-backups`, }); new RedisCluster(this, "redis-cluster", {