first version of the knowledge base :)
This commit is contained in:
63
00 - About/infrastructure-overview.md
Normal file
63
00 - About/infrastructure-overview.md
Normal file
@@ -0,0 +1,63 @@
|
||||
---
|
||||
title: Infrastructure Overview
|
||||
description: High-level overview of the infrastructure domains documented within Hidden Den and Den Vault
|
||||
tags:
|
||||
- about
|
||||
- infrastructure
|
||||
- overview
|
||||
category: about
|
||||
created: 2026-03-14
|
||||
updated: 2026-03-14
|
||||
---
|
||||
|
||||
# Infrastructure Overview
|
||||
|
||||
## Summary
|
||||
|
||||
The infrastructure documented in Den Vault is built around a small set of repeatable domains: networking, compute, platform services, observability, security, and data protection. Together, these form a practical blueprint for self-hosted engineering environments.
|
||||
|
||||
## Why it matters
|
||||
|
||||
Readers need a clear map before diving into individual guides. An infrastructure overview helps explain how virtualization, containers, DNS, reverse proxying, monitoring, identity, and backups fit together as one operating model.
|
||||
|
||||
## Core concepts
|
||||
|
||||
- Networking and access: segmentation, VPN, DNS, ingress
|
||||
- Compute: hypervisors, VMs, and container hosts
|
||||
- Platform services: reverse proxy, service discovery, identity, secrets
|
||||
- Operations: monitoring, alerting, backups, updates
|
||||
- Tooling: documented platforms used to implement these layers
|
||||
|
||||
## Practical usage
|
||||
|
||||
A typical self-hosted environment described by Den Vault includes:
|
||||
|
||||
- Proxmox or equivalent compute hosts
|
||||
- Docker-based application workloads
|
||||
- Tailscale or another private access layer
|
||||
- Reverse proxy and TLS termination with tools such as Caddy, Traefik, or NGINX
|
||||
- Prometheus and Grafana for observability
|
||||
- Backup tooling with regular validation
|
||||
- Static or low-dependency site infrastructure where that aligns with privacy and maintainability goals
|
||||
|
||||
## Best practices
|
||||
|
||||
- Keep core platform services few in number and well understood
|
||||
- Separate public ingress from administrative access paths
|
||||
- Maintain inventory of systems, dependencies, and backup coverage
|
||||
- Prefer architectures that can be rebuilt from documented source material
|
||||
|
||||
## Pitfalls
|
||||
|
||||
- Treating infrastructure as a pile of tools instead of a coherent system
|
||||
- Running critical services without monitoring or backup validation
|
||||
- Allowing naming, routing, and authentication patterns to drift over time
|
||||
- Adding redundancy without understanding operational complexity
|
||||
|
||||
## References
|
||||
|
||||
- [Proxmox VE Administration Guide](https://pve.proxmox.com/pve-docs/)
|
||||
- [Docker: Docker overview](https://docs.docker.com/get-started/docker-overview/)
|
||||
- [Tailscale: What is Tailscale?](https://tailscale.com/kb/1151/what-is-tailscale)
|
||||
- [Prometheus overview](https://prometheus.io/docs/introduction/overview/)
|
||||
- [restic documentation](https://restic.readthedocs.io/en/latest/)
|
||||
Reference in New Issue
Block a user