π GitOps Infrastructure
Repository: github.com/jhathcock-sys/Dockers
Project Overview
Infrastructure as Code for my homelab environment. All Docker Compose configurations are version-controlled in Git, enabling reproducible deployments, change tracking, and easy rollbacks.
This is a stepping stone toward full Kubernetes orchestration, building GitOps practices while working with Docker Compose.
π Repository Structure
homelab-ops/
βββ proxmox/ # ProxMoxBox (192.168.1.4) stacks
β βββ dockhand/ # Docker management UI
β βββ homepage/ # Dashboard + config files
β β βββ config/ # services.yaml, widgets.yaml, etc.
β βββ homelab-tools/ # Homebox asset inventory
β βββ minecraft/ # PaperMC + Geyser/Floodgate
β βββ monitoring/ # Full observability stack
β β βββ alertmanager/ # Alert routing config (Discord)
β β βββ prometheus/ # Scrape configs + alert rules
β β βββ loki/ # Log aggregation config
β β βββ promtail/ # Log collector config
β β βββ grafana/ # Dashboard provisioning
β βββ nginx-proxy-manager/ # Reverse proxy
β βββ uptime-kuma/ # Service health monitoring
β
βββ pi5/ # Raspberry Pi 5 stacks (via Hawser)
βββ infra/ # Pi-hole + Tailscale
βββ mealie/ # Recipe management
βββ nebula-sync/ # Pi-hole sync
π Deployment Workflow
Local Stacks (ProxMoxBox)
# 1. Edit compose files locally
vim proxmox/homepage/docker-compose.yaml
# 2. Commit and push
git add . && git commit -m "Update homepage config"
git push
# 3. On server: pull and deploy
cd /opt/homepage
git pull
docker compose up -d
Remote Stacks (Pi5 via Hawser)
Pi5 stacks are managed remotely through Dockhand’s Hawser agent:
- Compose files live on ProxMoxBox at
/opt/pi5-stacks/ - Hawser executes commands on the Pi5 Docker daemon
- No SSH required for routine deployments
πΊοΈ Path Mapping
| Git Path | Deploy Path | Server |
|---|---|---|
proxmox/<stack>/ | /opt/<stack>/ | ProxMoxBox |
pi5/<stack>/ | /opt/pi5-stacks/<stack>/ | ProxMoxBox (Hawser β Pi5) |
π§ Stack Management with Dockhand
Dockhand provides a web UI for Docker management:
- Stack Import: Adopt existing containers by pointing to compose files
- Remote Management: Hawser agent enables control of remote Docker hosts
- Compose Editing: Edit and redeploy stacks from the UI
Key Configuration
services:
dockhand:
image: fnsys/dockhand:latest
environment:
- HOST_DATA_DIR=/opt # Path resolution for stacks
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt:/opt # Access to all compose files
π Secrets Management
Sensitive values are kept out of Git using .env files:
# Template provided in repo
cp .env.example .env
# Generate encryption keys
openssl rand -hex 32
Pattern:
.env.exampleβ Committed (templates with placeholders).envβ Gitignored (actual secrets)
π Current Stacks
ProxMoxBox Services
| Stack | Ports | Purpose |
|---|---|---|
| dockhand | 3000 | Docker management |
| homepage | 4000 | Dashboard |
| homelab-tools | 3100 | Homebox inventory |
| minecraft | 25565, 19132/udp | Game server |
| monitoring | 3030, 9090, 9093, 9100, 8081, 3101 | Grafana, Prometheus, Alertmanager, Loki, exporters |
| nginx-proxy-manager | 80, 443, 81 | Reverse proxy |
| uptime-kuma | 3001 | Health monitoring |
Pi5 Services (via Hawser)
| Stack | Services | Purpose |
|---|---|---|
| infra | Pi-hole, Tailscale | DNS + VPN |
| mealie | Mealie | Recipe management |
| nebula-sync | Nebula-sync | Pi-hole replication |
| promtail | Promtail | Log collection to Loki |
π₯οΈ Non-Docker Services
Some infrastructure runs on dedicated VMs outside the GitOps workflow:
| Service | IP | Notes |
|---|---|---|
| Wazuh SIEM | 192.168.1.7 | Security monitoring - standalone Debian VM |
These are managed separately but integrate with the Docker-based services (e.g., Wazuh agents on Docker hosts report to the SIEM).
π Future Plans
- Implement CI/CD pipeline for automated deployments
- Add pre-commit hooks for YAML linting
- Migrate to Kubernetes with ArgoCD
- Set up Renovate for automated image updates