Praetor

"to lead, to command" — implies governance and orchestration in action.

Praetor is a centralized repository for all systems administration, DevOps tooling, infrastructure-as-code, and automation scripts for the Galaxy LAN infrastructure.

Purpose

This repository serves as the single source of truth for:

• Infrastructure provisioning and configuration management
• Kubernetes cluster deployments and management
• Automation scripts for common operational tasks
• System administration tools and utilities
• DevOps workflows and CI/CD pipelines
• Documentation for infrastructure architecture and procedures

All infrastructure is managed as code, enabling version control, peer review, and repeatable deployments.

Repository Structure

praetor/
├── terraform/                # Kubernetes cluster infrastructure
│   ├── modules/              # Reusable Terraform modules
│   ├── files/                # Configuration files and scripts
│   ├── main.tf               # Main infrastructure configuration
│   ├── variables.tf          # Variable definitions
│   ├── outputs.tf            # Output definitions
│   ├── providers.tf          # Provider configurations
│   ├── Makefile              # Automation and management commands
│   └── README.md             # Detailed setup and usage guide
│
├── helm/                     # Kubernetes cluster bootstrap services
│   ├── libs/                 # Shared utility functions
│   ├── storage/              # Local Path Provisioner for Talos
│   ├── kube-vip/             # LoadBalancer provider for bare-metal
│   ├── metrics-server/       # Real-time resource metrics (kubectl top, Lens)
│   ├── traefik/              # Ingress controller and reverse proxy
│   ├── cert-manager/         # Automated TLS certificate management
│   ├── k8s_gateway/          # Automatic DNS for services
│   ├── prometheus/           # Complete monitoring stack
│   ├── argocd/               # GitOps continuous delivery
│   ├── argocd-image-updater/ # Automatic image updates for ArgoCD
│   └── README.md             # Complete bootstrap guide
│
├── dns/                      # DNS management and automation
│   ├── main.tf               # DNS configuration
│   ├── variables.tf          # DNS variable definitions
│   ├── outputs.tf            # DNS output definitions
│   ├── terraform.tfvars      # DNS configuration values (encrypted)
│   └── README.md             # DNS setup and usage guide
│
└── (future projects)         # Additional infrastructure projects

Projects

terraform/

Kubernetes cluster deployment on Proxmox using Talos Linux:

• Production-ready cluster — Automated deployment with Talos Linux
• Talos Linux — Immutable, secure Linux distribution for Kubernetes
• Proxmox integration — Native VM management and networking
• Multi-cluster support — Easy switching between environments

Built with: Talos Linux, OpenTofu, Proxmox VE, XDG configuration management

See terraform/README.md for detailed setup and usage instructions.

helm/

Kubernetes cluster bootstrap and service deployment:

• Complete bootstrap solution — Zero to production-ready cluster in 15 minutes
• Bare-metal optimized — Works on Proxmox/Talos without cloud providers
• Fully automated — DNS, certificates, load balancing all automatic
• Dynamic configuration — Zero hardcoded values, adapts to your environment
• Production ready — HA, monitoring, GitOps included

Components: Local Path Provisioner, kube-vip, Metrics Server, Traefik, cert-manager, k8s_gateway, Prometheus, ArgoCD, ArgoCD Image Updater

See helm/README.md for complete bootstrap guide and architecture documentation.

dns/

DNS management and automation for Galaxy LAN infrastructure:

• UniFi integration — Automated DNS record management via UniFi Controller API
• Dynamic DNS — Automatic client device registration and IP assignment
• Custom domain support — Galaxy LAN domain management
• API-driven — RESTful API integration for seamless automation

Built with: OpenTofu, UniFi Controller API, Terraform providers

See dns/README.md for detailed setup and usage instructions.

Getting Started

Initial Setup

This repository uses git-crypt to encrypt sensitive files (credentials, secrets, etc.).

If you're an authorized user:

1. Clone the repository:

   git clone git@github.com:KofTwentyTwo/Praetor.git
   cd Praetor

2. Unlock encrypted files with git-crypt:

   git-crypt unlock

   Your GPG key will automatically decrypt all sensitive files.

If you don't have access yet:

Contact the repository owner to have your GPG public key added.

Project-Specific Setup

Each project directory contains its own README with specific setup instructions, architecture documentation, and operational procedures.

Security

Encrypted Files

The following files are encrypted with git-crypt:

• terraform/terraform.tfvars - Infrastructure credentials and Proxmox API tokens
• terraform/kubeconfig* - Kubernetes configuration files
• terraform/talosconfig* - Talos cluster configuration files
• terraform/terraform.tfstate* - Terraform state files
• dns/terraform.tfvars - DNS configuration and API credentials
• SSH keys and other sensitive files

See terraform/README.md for detailed security information and setup.

Authorized Users

• James Maes (james@kof22.com) - GPG: 62859E8ABE1FC2B7FCCB89080021767055740E6D

Contributing

This is an internal repository for Galaxy LAN infrastructure. All changes should:

• Follow infrastructure-as-code best practices
• Be reviewed before merging to main
• Be tested in non-production environments when possible
• Include appropriate documentation updates
• Never commit unencrypted secrets - Verify with git-crypt status

License

See LICENSE for details.

---

Made with ❤️ by James Maes | KofTwentyTwo