Proxmox VE 기반 LXC 자동화를 위한 GitOps 프레임워크: Proxmox-GitOps

Proxmox VE 환경에서 리눅스 컨테이너(LXC)를 코드형 인프라(IaC)로 관리하고 배포를 자동화하는 GitOps 프레임워크다.

🔗 원문 보기

nxs-universal-chart v3.0: новое поколение универсального Helm-чарта

Релиз nxs-universal-chart 2.8.3 был более двух лет назад и за это время многое поменялось: Ingress Nginx ушел на покой, GitOps по факту стал стандартом управления инфраструктурой, а AI все сильнее входит в наши жизни. Все эти изменения не могли пройти мимо и заставили нас задуматься о том, как адаптировать наши подход и технологии DevOps к вызовам нового времени. Результатом этих размышлений стал релиз новой версия nxs-universal-chart v3.x : из универсального набора встроенных шаблонов мы постарались превратить его в модульную платформу для поставки приложений в Kubernetes с упором на надежность и современные практики CI/CD процессов. Всем привет, на связи Пётр, инженер

https://habr.com/ru/articles/1023822/

#devops #kubernetes #helm #gitops #cd #manifest #argocd #helm_chart #deploy #cloudnative

Follow-up to https://getnix.io/guides/nixos-auto-upgrades/ — here's how I handle upstream tracking for packages like Netbird:

1. Internal mirror syncs release tags from upstream source repository
2. CI detects new tags, updates the Nix flake (version + related hashes), builds & commits
3. Consumer repos pick up the change, open PRs with nvd diffs
4. Human reviews & merges
5. Hosts auto-deploy

Full pipeline runs unattended — you only step in to review the PR.

#nixos #nix #infrastructureascode #gitops

From Ansible to our own GitOps operator: Espejote.

A journey through operators, reconcilers and real-world Kubernetes challenges - and what we built in the end.

👉 https://www.vshn.ch/en/blog/espejote-a-gitops-journey/

#Kubernetes #GitOps #CloudNative #OpenSource

Tired of SSH-ing into every NixOS machine to run updates? New guide on how to automate it: CI updates flake.lock daily, shows you exactly what changed per host, and machines self-upgrade after you merge. No surprises, no manual SSH.

Works also for your desktop machines.

https://getnix.io/guides/nixos-auto-upgrades/

#Nix #NixOS #CI #IaC #GitOps

After quite some time, I finally have all the pieces in place. Over the last 30 minutes, I’ve set up one of my servers from scratch. Here are some key changes:
- Reverse Proxy: Nginx with Modsecurity (WAF)
- Container Isolation: Every container runs in a seperate linux user
- Podman Quadlet: I rewrote all my compose stacks into quadlet files - now all containers are starting probably after reboot 🥳
- Grafana: Grafana's configuration is no managed by Opentofu which provitions at the moment the datasources (Grafana Loki and Prometheus) as well as the dashboards.
- Server hardening: Improved ssh configuration, firewall, permissions in general on this host
- Ansible: Everything is powered by ansible
- Certbot: Use wildcard certificates for my domains / subdomains for easier renew process
- Backups: All those services have proper backups configured which are timed with systemd timer and are replicated into my local homelab.
- Services that are running at the moment
- Grafana
- Prometheus
- Grafana Loki
- Grafana Alloy
- GitLab Runner
- some other services that I wanna migrate to this server

#homelab #sysadmin #linux #ansible #automation #devsecops #selfhosting #declarative #gitops #monitoring

Wieso heißt es #DevOps und „Das git Ärger”?

#git #gitops

NixOS keeps blowing my mind once the GitOps pieces click together, especially if the right infrastructure is in place.

Here's what my setup looks like now:

👉 CI updates flake inputs daily and opens a PR with per-host changelogs
👉 Hosts auto-upgrade from main — they never touch flake.lock themselves
👉 Nothing hits production without a reviewed, CI-tested PR
👉 Something broke? Rollback takes seconds, no drama
👉 One Nix workflow rules desktop, VMs, and VPS alike

#NixOS #Nix #GitOps #IaC