High-Level Architecture

In the previous chapter, we defined the business requirements for Fetched & Far GmbH. We now understand what the company needs and will now translated the requirements into an enterprise architecture. Architectural Goals Every architectural decision should support at least one business requirement. For Fetched & Far we defined those in https://philipp.guide/company/requirements/ and assigned each...

Requirements

In the previous chapter, we introduced Fetched & Far GmbH and established a set of design principles that will guide every architectural decision throughout this series. Now it's time to start designing the company's IT infrastructure. But before choosing technologies, we first need to understand what the business actually requires. My responsibility in this fictional...

The Company

Before designing an IT infrastructure, we first need to understand the business it is supposed to support In the previous chapter, I introduced the idea behind this series. Rather than building a collection of self-hosted services, I'll design and implement the IT infrastructure of a fictional company based on real-world requirements and architectural principles. Before...

Building a Fictional Company - Enterprise by Design

Every enterprise starts with a business. Every IT architecture starts with requirements. Most homelabs begin with a new tool. "I want to try Kubernetes." "I want to self-host Immich." "I want to deploy Authentik." Mine started exactly the same way and this is not necessarily an bad thing. Over time, however, I noticed something. While...

How I Keep My Homelab Secure, Reliable, and Recoverable

Keeping services available can be a difficult task. Here’s how I approach it in my homelab. Instead of chasing perfect uptime, I focus on detecting failures quickly and recovering fast. Why I'm Not Using High Availability On a single server, true HA isn’t possible since the server itself is the failure domain. If I were...

Building a Central SSO System with Authentik

Today I want to share how I use Authentik as the central identity provider in my homelab. I originally set up Authentik very early in my homelab journey (it was probably my second or third service), mainly for two reasons: improved security and comfort. The Problem Without a centralized identity system, every service has its...

Implementing SSO for SSH

Today I implemented SSO for SSH using Vault and Authentik. In this post, I’ll explain the basic idea behind the setup, why it’s useful, and some of the trade-offs I encountered. The Problem with Traditional SSH Keys The Problem with Traditional SSH Keys Traditional SSH keys are static and rarely changed, which creates a significant...