Homelab Infrastructure as Code
Full homelab managed with OpenTofu — 5 VMs, 14 Docker stacks, secrets via Infisical, webhook-triggered deployments.
The entire homelab infrastructure is defined as code using OpenTofu (Terraform fork). Every VM, Docker stack, DNS record, and secret is versioned in Git and deployed through an automated pipeline.
A self-hosted webhook service receives GitHub push/PR events and runs plan/apply cycles. PR comments show the diff, and /apply triggers deployment. Secrets are fetched at deploy time from a self-hosted Infisical instance — nothing sensitive lives in the repo.
The result is a homelab where I can rebuild any service from scratch by running a single pipeline, and where every change is auditable through Git history.
Case Study
The Problem
Managing a growing homelab with manual SSH and docker-compose was error-prone and undocumented.
The Approach
Adopted OpenTofu for infrastructure definitions, Infisical for secrets management, and a self-hosted webhook pipeline for automated plan/apply on Git push.
The Outcome
A fully reproducible homelab: 5 VMs, 14 managed stacks, automated deployments, secrets rotation, and full Git audit trail.