64 lines
2.5 KiB
Markdown
64 lines
2.5 KiB
Markdown
---
|
|
title: Infrastructure Overview
|
|
description: High-level overview of the infrastructure domains documented within Hidden Den and Den Vault
|
|
tags:
|
|
- about
|
|
- infrastructure
|
|
- overview
|
|
category: about
|
|
created: 2026-03-14
|
|
updated: 2026-03-14
|
|
---
|
|
|
|
# Infrastructure Overview
|
|
|
|
## Summary
|
|
|
|
The infrastructure documented in Den Vault is built around a small set of repeatable domains: networking, compute, platform services, observability, security, and data protection. Together, these form a practical blueprint for self-hosted engineering environments.
|
|
|
|
## Why it matters
|
|
|
|
Readers need a clear map before diving into individual guides. An infrastructure overview helps explain how virtualization, containers, DNS, reverse proxying, monitoring, identity, and backups fit together as one operating model.
|
|
|
|
## Core concepts
|
|
|
|
- Networking and access: segmentation, VPN, DNS, ingress
|
|
- Compute: hypervisors, VMs, and container hosts
|
|
- Platform services: reverse proxy, service discovery, identity, secrets
|
|
- Operations: monitoring, alerting, backups, updates
|
|
- Tooling: documented platforms used to implement these layers
|
|
|
|
## Practical usage
|
|
|
|
A typical self-hosted environment described by Den Vault includes:
|
|
|
|
- Proxmox or equivalent compute hosts
|
|
- Docker-based application workloads
|
|
- Tailscale or another private access layer
|
|
- Reverse proxy and TLS termination with tools such as Caddy, Traefik, or NGINX
|
|
- Prometheus and Grafana for observability
|
|
- Backup tooling with regular validation
|
|
- Static or low-dependency site infrastructure where that aligns with privacy and maintainability goals
|
|
|
|
## Best practices
|
|
|
|
- Keep core platform services few in number and well understood
|
|
- Separate public ingress from administrative access paths
|
|
- Maintain inventory of systems, dependencies, and backup coverage
|
|
- Prefer architectures that can be rebuilt from documented source material
|
|
|
|
## Pitfalls
|
|
|
|
- Treating infrastructure as a pile of tools instead of a coherent system
|
|
- Running critical services without monitoring or backup validation
|
|
- Allowing naming, routing, and authentication patterns to drift over time
|
|
- Adding redundancy without understanding operational complexity
|
|
|
|
## References
|
|
|
|
- [Proxmox VE Administration Guide](https://pve.proxmox.com/pve-docs/)
|
|
- [Docker: Docker overview](https://docs.docker.com/get-started/docker-overview/)
|
|
- [Tailscale: What is Tailscale?](https://tailscale.com/kb/1151/what-is-tailscale)
|
|
- [Prometheus overview](https://prometheus.io/docs/introduction/overview/)
|
|
- [restic documentation](https://restic.readthedocs.io/en/latest/)
|