services

Below is a catalog of every network service I run, categorized roughly by its purpose. If you would like to see a short list of things I've worked with in the past, click here.

Version Control

• Gitea is the main service I use for version control.
• Forgejo is something I've been experimenting with. Currently, it serves as a mirror, for public-facing things (e.g. structurizr diagram fragments).
• GitLab uses too many resources and does too many things for me to consider it a good candidate for my needs, but I keep it running as a mirror of certain Gitea repos just to say I have experience with GitLab.

CI/CD

• Agola has been my CI + CD solution of choice until recently. My needs have outgrown its capabilities, but I haven't migrated over all of the jobs because it still works for those purposes.
• Concourse is my CI solution for anything I'm writing these days.
• ArgoCD handles the deployments for infrastructure services on Kubernetes.

Documentation

• Dendron, a FOSS alternative to Obsidian. All pods are built and served as a static site via httpd. This website is comprised of a subset of these notes.
• Backstage to wrangle documentation for all of my various projects and keep it in one central location
• Structurizr Lite ok honestly I don't even know why this is even still running, but it's there.
• Stucturizr OnPrem for rapid iteration of structurizr diagrams. It hasn't reached feature parity with the cli, so it's rare I do heavy diagramming with it.
• Structurizr Mini for actually serving structurizr diagrams to users.
• Forgejo Pages as a FOSS alternative to Github Pages. Very often I've found it useful to make a repo's readme a discrete website.
• mermaid-live-editor for collaboration when creating MermaidJS diagrams.
• Kroki as the renderer backend for mermaid-live-editor.

Logging

• Grafana Alloy as a log collection agent. Previously, I used Promtail.
• Grafana Loki as a log ingester for Alloy.

Monitoring/Observability

• metrics-server is used for both HPAs and basic diagnostics.
• kube-dashboard
• Prometheus as a centralized way to collect metrics
• Alertmanager for basic alerting.
• Jaeger for request tracing, used by Istio and traefik.
• cAdvisor to expose container-level metrics
• node_exporter to expose node-level metrics
• redis_exporter to expose metrics about redis instances
• rabbitmq_exporter to expose metrics about RabbitMQ
• kafka_exporter to expose metrics about Kafka
• transmission_exporter to expose torrent metrics
• mc-monitor to expose metrics about Minecraft worlds I run
• minecraft-exporter to expose player-level metrics in minecraft worlds.

Kubernetes Operators

I find it very important to minimize cognitive load, so I utilize Kubernetes operators to manage resources for me.

• Strimzi to manage Kafka.
• apicurio-registry-operator manages an Apicurio cluster that interface with Kafka.
• kube-arangodb to manage ArangoDB.
• etcd-druid for managing the etcd clusters used by applications.
• CloudNativePG
• prometheus-operator to manage Prometheus within my Kubernetes clusters.

Visualization

• Grafana, the primary interface for visualizing everything observable.
• rebrow for when redis-cli isn't enough
• pgweb for when I need to manually interface with postgres. I don't like having tools installed on my workstation, so something accessible over the web is great.
• Redpanda Console as a single-pane-of-glass view for insight into Kafka operations.
• Kiali for visualizing Istio.

Networking

• Istio as a service mesh and ingress gateway for Kubernetes.
• cert-manager to provide TLS certs for use with Istio.
• step-ca as the CA for generating HTTPS certificates for my internal domains. Some services don't recognize self-signed certificates as "valid", so adding step-ca as a trusted CA and using its certificates instead is a handy workaround.
• step-issuer to issue certificates for cert-manager.
• istio-csr to integrate Istio and cert-manager.
• MetalLB to provision IP addresses for ingress gateways in bare-metal clusters.
• Aeraki as a service mesh specifically for Valkey, primarily for automatically handling Valkey Cluster connections.
• HAProxy serves as a load balancer for clusters running Talos Linux, forwarding requests to kubernetes API servers in the cluster.
• Technitium as a general-purpose DNS blackhole for ads and tracking
• CoreDNS as a DNS server to answer queries about my internal domains and their subdomains. It forwards all other requests to Technitium.

Messaging

• Kafka as the main pub/sub message queue. I do lots of web scraping, so most projects I spin up use this for delegation of tasks to scrapers.
• Apicurio Registry as a schema registry for Kafka.
• RabbitMQ as a simple message queue for various services that require it. I prefer to use Kafka where possible, but not everything supports it.

Databases

• postgres as a traditional SQL data store. It's rare that I write something that requires SQL, but it's my go-to for any service that requires a SQL data store.
• Cassandra as a storage backend for Jaeger.
• CouchDB as a general-purpose document store. Whenever I spin up a new project and I need a database, I use this.
• ArangoDB stores social media info that I've scraped.

Storage

• MinIO for general object storage. Very frequently I'll need to make some file accessible over the internet (ISOs, config files, etc), so I just drop it into a bucket and let MinIO manage its lifecycle. It also serves as a storage backend for many services.
• Mimir as a storage backend for Prometheus
• Harbor for storage of custom images and as a pull-through cache. Previously, I used Registry.
• Liget for a low-overhead nuget server.
• Valkey as a key-value store for non-critical data. It's proven to be most useful for quickly iterating upon object schema, when sharing information between processes. Previously, I used Redis.
• etcd as a key-value store for data I actually care about persisting in case of disaster.
• docker-nfs-server is used for remote mounting of media data.
• Memcached as a cache storage backend for Mimir.
• local-path-provisioner

File Sharing (P2P)

• Picoshare for easy short-term storage and sharing of files
• flood is used as a layer of abstraction for all automated services that need a torrent client, and as a UI when necessary
• transmission is behind flood. I've found it to be the most performant of all clients, when the total torrent volume is in the thousands.
• deluge is used for manually downloading torrents

Media

I have a full writeup here talking about how my media stack is configured.

• jellyfin is the primary way that I interface with my media collection
• emby is the best option for Samsung smart TVs, so I begrudgingly run it despite it not meeting my use-case or adhering to my philosophy.
• jellyseerr, a UI for managing requests for my media library
• jackett for better querying to trackers
• prowlarr for syncing indexers between radarr and sonarr
• sonarr for organizing tv shows
• radarr for organizing movies
• flaresolverr for bypassing cloudflare rate-limiting
• Airsonic Advanced for streaming my music library to other devices.

Gaming

I run a cracked minecraft server, you can read about my setup here.

• infrared as a reverse proxy. I've found it to suit my needs better than mc-router despite not having as much flexibility.
• docker-mc-proxy to facilitate switching between minecraft worlds
• docker-minecraft-server for both Limbo worlds and the actual game worlds
• docker-mc-backup in order to back up my minecraft worlds
• RCON web admin as a container in order to delegate admin access without having to worry about cracked account impersonation.

Other

• taiga for project/task management. It's pretty bad honestly, but I haven't gotten around to replacing it yet.
• string-is, for manipulating text without having to send it to some random person's webserver in order to do so.
• telegram bot api because I run a telegram bot, and the additional features granted by running your own instance are useful
• whoami because it has been proven immeasurably useful for debugging what a server "thinks" a request IP address is.
• Kafka Connect to store Kafka messages in MinIO.
• Kyverno is used for policy management in Kubernetes clusters. In practice, I'm just using it to mount root CA certificates to all pods in a cluster.
• trust-manager to create configmaps out of created certificates, for consumption by Kyverno
• Talos Discovery Service because I don't think a third-party website should have its hands in my Kubernetes clusters.
• Talos Image Factory for the same reason as above.
• Descheduler to automatically balance workloads between nodes.
• Swagger UI to turn OpenAPI json into something human-readable. Very often I work with third-party APIs, so this has proved to be useful.