shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d5d242601f1af289e2a9a55b4d37866dd5fb9305
homelab/CLAUDE.md

105 lines
4.0 KiB
Markdown
Raw Blame History

# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
This is a homelab infrastructure-as-code project using CDKTF (Cloud Development Kit for Terraform) with TypeScript. The project defines and manages a complete Kubernetes-based homelab environment including various services like GitLab, Postgres clusters, authentication systems, and monitoring solutions.
## Architecture
The project follows a modular architecture pattern where each service is implemented as a TypeScript class extending `Construct`. The main stack is defined in `main.ts` which orchestrates all the services:
- **Core Stack**: Located in `main.ts` - defines the main `Homelab` class that manages all infrastructure components
- **Service Modules**: Each service (Gitea, Postgres, Authentik, etc.) is in its own directory with an `index.ts` file
- **Helm Values**: Service-specific Helm chart values are stored in `helm/values/` directory
- **State Management**: Uses Cloudflare R2 as the Terraform state backend
### Key Services Managed
- **GitLab Server** (`gitea/`) - Self-hosted Git repository management
- **PostgreSQL Cluster** (`postgres/`) - Multi-instance database cluster with TLS certificates
- **Authentik** (`authentik/`) - Identity and access management
- **Redis Cluster** (`redis/`) - In-memory data structure store
- **Monitoring Stack** (`prometheus/`) - Prometheus-based monitoring
- **Storage** (`longhorn/`) - Distributed block storage
- **Load Balancing** (`metallb/`) - Bare metal load balancer
- **Ingress** (`nginx/`) - HTTP/HTTPS ingress controller
- **DNS** (`pihole/`) - Network-wide ad blocking
- **Secret Management** (`1password/`) - External secrets integration
## Development Commands
### Build and Compilation
```bash
npm run build # Compile TypeScript to JavaScript
npm run compile # Compile with pretty output
npm run watch # Watch mode for development
```
### CDKTF Operations
```bash
npm run get # Download and generate provider bindings
npm run synth # Generate Terraform configuration
cdktf deploy # Deploy infrastructure
cdktf destroy # Destroy infrastructure
```
### Environment Setup
```bash
nix develop # Enter development environment (requires Nix)
```
## Development Environment
The project uses Nix for development environment management. The `flake.nix` provides:
- Node.js 24
- Terraform and CDKTF CLI
- Kubernetes tooling (kubectl, helm)
- Development tools (TypeScript LSP, prettier, jq)
- Infrastructure tools (tflint, awscli2)
## Environment Variables
Required environment variables (defined in `.env`):
- `R2_ACCESS_KEY_ID` - Cloudflare R2 access key
- `R2_SECRET_ACCESS_KEY` - Cloudflare R2 secret key
- `ACCOUNT_ID` - Cloudflare account ID
- `BUCKET` - R2 bucket name for state storage
## TypeScript Configuration
The project uses strict TypeScript configuration with:
- Target: ES2018
- Module: CommonJS
- Strict type checking enabled
- Declaration files generated
- Incremental compilation
## Working with Services
Each service follows a consistent pattern:
1. Service class in `{service}/index.ts`
2. Helm values file in `helm/values/{service}.values.yaml`
3. Service instantiated in `main.ts` with required providers and configuration
When adding new services:
- Create a new directory with `index.ts`
- Define a TypeScript class extending `Construct`
- Add Helm values file if using Helm charts
- Import and instantiate in `main.ts`
## Certificate Management
The PostgreSQL cluster includes comprehensive TLS certificate management using cert-manager:
- Self-signed root CA certificates
- Separate server and client certificate chains
- Automatic certificate rotation
- Client certificates for database users
## Storage and Networking
- **Storage Class**: Uses `longhorn-crypto` for encrypted persistent volumes
- **Networking**: MetalLB provides load balancer services for bare metal
- **DNS**: Custom CoreDNS configuration for internal name resolution
- **Ingress**: Nginx ingress controller for HTTP/HTTPS traffic
Reference in New Issue View Git Blame Copy Permalink