Skip to content

DevSecOps Homelab

Production-inspired documentation for application security, CI/CD industrialization, GitOps, Kubernetes operations, observability and purple-team practice.

This documentation is the operational knowledge base for the homelab. It explains what is built, why each choice exists, how operations are performed, and how security controls are validated.

Delivery

GitLab CI

DAG pipelines, reusable templates, policy checks and artifact promotion.

Platform

GitOps

Private-by-default Kubernetes platform with Argo CD, OPNsense and OpenBao.

Security

Purple team

GOAD isolation, Wazuh, Suricata, supply-chain evidence and incident drills.

flowchart LR
operator[Operator] --> docs[Documentation]
docs --> app[Weather App]
docs --> platform[Homelab platform]
docs --> ci[GitLab CI templates]
docs --> goad[GOAD purple-team lab]
platform --> trust[authentik + OpenBao + PKI]
platform --> k8s[Kubernetes + Argo CD]
platform --> obs[Prometheus + Loki + ELK/OpenSearch]

Weather App

Application productionization with tests, Docker hardening, Helm packaging and supply-chain evidence.

Homelab Platform

Platform substrate evaluation, OPNsense, Kubernetes, Argo CD, OpenBao, authentik and platform observability.

Security Operations

Segmentation, GOAD, Wazuh, Suricata, vulnerability analysis, incident drills and remediation records.

Documentation System

ADRs, runbooks, postmortems, checklists, frontmatter schemas and freshness checks.

Every important operational decision must be backed by one of these artifacts:

  • Service overview for ownership and criticality.
  • ADR for architectural tradeoffs.
  • Runbook for repeatable operations.
  • Checklist for high-risk changes.
  • Postmortem for learning from incidents.

View document templates