--- title: Infrastructure Overview description: High-level overview of the infrastructure domains documented within Hidden Den and Den Vault tags: - about - infrastructure - overview category: about created: 2026-03-14 updated: 2026-03-14 --- # Infrastructure Overview ## Summary The infrastructure documented in Den Vault is built around a small set of repeatable domains: networking, compute, platform services, observability, security, and data protection. Together, these form a practical blueprint for self-hosted engineering environments. ## Why it matters Readers need a clear map before diving into individual guides. An infrastructure overview helps explain how virtualization, containers, DNS, reverse proxying, monitoring, identity, and backups fit together as one operating model. ## Core concepts - Networking and access: segmentation, VPN, DNS, ingress - Compute: hypervisors, VMs, and container hosts - Platform services: reverse proxy, service discovery, identity, secrets - Operations: monitoring, alerting, backups, updates - Tooling: documented platforms used to implement these layers ## Practical usage A typical self-hosted environment described by Den Vault includes: - Proxmox or equivalent compute hosts - Docker-based application workloads - Tailscale or another private access layer - Reverse proxy and TLS termination with tools such as Caddy, Traefik, or NGINX - Prometheus and Grafana for observability - Backup tooling with regular validation - Static or low-dependency site infrastructure where that aligns with privacy and maintainability goals ## Best practices - Keep core platform services few in number and well understood - Separate public ingress from administrative access paths - Maintain inventory of systems, dependencies, and backup coverage - Prefer architectures that can be rebuilt from documented source material ## Pitfalls - Treating infrastructure as a pile of tools instead of a coherent system - Running critical services without monitoring or backup validation - Allowing naming, routing, and authentication patterns to drift over time - Adding redundancy without understanding operational complexity ## References - [Proxmox VE Administration Guide](https://pve.proxmox.com/pve-docs/) - [Docker: Docker overview](https://docs.docker.com/get-started/docker-overview/) - [Tailscale: What is Tailscale?](https://tailscale.com/kb/1151/what-is-tailscale) - [Prometheus overview](https://prometheus.io/docs/introduction/overview/) - [restic documentation](https://restic.readthedocs.io/en/latest/)