Live infrastructure

The five machines behind kerboul.me.

sentinel is the five-node Proxmox cluster I run: routing and DNS at the edge, a self-hosted Git forge with its own CI/CD, and around twenty services behind one Traefik reverse proxy. Every number on this page is read live from the cluster's own API.

The nodes
/01 Nodes

Five nodes, each with a job

One Proxmox cluster, five hosts. The readout on each card is polled live from the cluster's Proxmox API, so what you see is the load right now.
Cluster pulse

reading the pulse…

cerberus

~8 cores · 3.7 GB

The edge. VyOS router, Traefik, DNS, and uptime monitoring.

querying the cluster…

echelon

11 GB RAM

This site. The portfolio, its telemetry, and the analytics.

querying the cluster…

mikoshi

7.6 GB RAM

Apps and Kubernetes. Vireli, Open WebUI, a kube node.

querying the cluster…

cynosure

31 GB RAM

The workhorse. Gitea, the CI runners, Nextcloud, Coolify.

querying the cluster…

ultron

Xeon E5-1650 v3 · 32 GB · GTX 1050

Capacity and GPU. The media stack, with a GPU to pass through.

querying the cluster…

Polled live from the cluster's own Proxmox API. Cached, read only, no secrets.

/02 Path

How a request reaches you

Every hit on kerboul.me crosses the same path, from the public edge to the backend on echelon. Here it is, end to end.
  1. Visitor a browser
  2. Cloudflare DNS
  3. VPS WireGuard
  4. VyOS the router
  5. Traefik TLS, routing
  6. echelon the portfolio
Edge latency

measuring…

A live round-trip from your browser to the cluster's public edge. Your distance to sentinel, in milliseconds.
/03 Services

What is running, right now

The public services behind kerboul.me, each health-checked live from the cluster on every refresh.

checking the services…

Health-checked server side, every refresh. A small, curated public set.
/04 Pipeline

How this page ships

A push to main runs three jobs on a self-hosted runner and lands here in about two minutes, with an automatic rollback if the live smoke test fails.
  1. 01 ~45s verify lint, types, build, and the smoke tests
  2. 02 ~50s image build, scan with Trivy, push to the registry
  3. 03 ~15s deploy pull, smoke test the live URL, roll back on failure

this build 4a6d810 The page you are reading shipped through exactly this pipeline.

/05 Stack

The stack that holds it up

Well-worn tools, wired together and operated end to end.
  • Proxmox VE The five-node hypervisor cluster
  • VyOS The router at the edge
  • WireGuard Tunnel to the public VPS
  • Traefik Reverse proxy, Let's Encrypt certs
  • Docker Every service, containerized
  • Gitea + Actions Self-hosted forge and CI/CD
  • Cloudflare DNS DNS and the ACME challenge
  • AdGuard Home LAN DNS with filtering
  • Tailscale Nomad access to the LAN
  • Coolify A small PaaS for the side apps

A live map of the cluster. The nodes are real; the flowing points are a stand-in for traffic, not a packet capture.

/06 Ops

Operated end to end

The part that does not fit in a screenshot: keeping it up, watching it, and writing the operations down so they outlive my memory.

On call for my own infrastructure: backups, certificate renewal, monitoring, and the failure modes you only meet at the wrong hour.

Monitored by Uptime Kuma

Runbooks as a repo

The cluster's setup, runbooks, and automation live in a versioned repo, operated like code. Adding a node or restoring a service is a documented procedure, not tribal memory.

connecting to sentinel…