How This Site is Built: A Modern DevOps Pipeline
Deep dive into the modern, self-hosted infrastructure powering this website - from Hugo static generation to multi-region Kubernetes deployment using GitOps principles.
Technical

Architecture Overview

The site follows a GitOps approach, with every component self-hosted across multiple geographic regions:

  • Source Control: Self-hosted Gitea Git repository
  • Static Site Generator: Hugo with custom theme
  • Build Pipeline: Argo Workflows
  • Container Registry: Harbor
  • Orchestration: Kubernetes clusters across multiple regions
  • Deployment: Flux GitOps operator
  • Networking: Home networks with VPN interconnects

Static Site Generation with Hugo

The foundation is Hugo, a fast static site generator written in Go. Hugo was chosen for several key advantages:

  • Performance: Builds complete site in under 2 seconds
  • Security: No server-side code means minimal attack surface
  • Scalability: Static files can be served from any web server
  • Version Control: All content is markdown in Git

Theme Architecture

The site uses a custom Hugo theme built with:

  • Bootstrap 5: Modern CSS framework for responsive design
  • SCSS: Modular stylesheets with variables and mixins
  • FontAwesome: Icon library for UI elements
  • Modular Typography: Consistent scaling using mathematical ratios
// Example: Modular typography scale
$modular-scale: 1.25; // Major Third
$base-font-size: 1rem;
$font-size-h1: calc($base-font-size * pow($modular-scale, 4));

Container Build Pipeline

Multi-Stage Docker Build

The site is containerized using a multi-stage Dockerfile that optimizes for both build efficiency and runtime performance:

# Stage 1: Build site content
FROM rossigee/hugo:v0.146.6 AS hugobuild
RUN apt-get update && apt-get install -y nodejs npm
COPY docs /workdir
WORKDIR /workdir
RUN npm install && npm run build

# Stage 2: Runtime container
FROM nginx:1.27.1-bookworm
COPY --from=hugobuild /workdir/public /public/htdocs
COPY nginx.conf /etc/nginx/conf.d/default.conf

Argo Workflows for CI/CD

Argo Workflows handles the build automation. When code is pushed to the Git repository, webhooks trigger workflow executions that:

  1. Clone the latest source code
  2. Build the Hugo site and container image
  3. Test the build for integrity
  4. Push the container to Harbor registry
  5. Update the deployment manifests

Example workflow step:

- name: build-site
  container:
    image: rossigee/hugo:v0.146.6
    command: [hugo]
    args: ["--minify", "--destination", "/workspace/public"]
    volumeMounts:
    - name: workspace
      mountPath: /workspace

Self-Hosted Container Registry

Harbor Registry

Harbor provides enterprise-grade container registry capabilities:

  • Security Scanning: Automated vulnerability detection
  • Image Signing: Ensures container integrity
  • Replication: Multi-region image distribution
  • Access Control: RBAC for container access

The registry runs on the Kubernetes cluster and integrates with the CI/CD pipeline to store all container images.

Multi-Region Kubernetes Infrastructure

Cluster Architecture

The infrastructure spans multiple physical locations connected via VPN:

Home Network A (Primary)    Home Network B (Secondary)
├── Kubernetes Master      ├── Kubernetes Worker Nodes
├── Harbor Registry         ├── Backup Storage
├── Argo Workflows          └── Monitoring Stack
└── Primary Workloads

Networking

Each location runs on home internet connections with:

  • Wireguard VPNs: Secure inter-site connectivity
  • Dynamic DNS: Handles changing IP addresses
  • Load Balancing: Traffic distribution across regions
  • SSL Termination: Let’s Encrypt certificates managed by cert-manager

GitOps Deployment with Flux

The infrastructure and deployment configurations are managed in a self-hosted Gitea repository as part of the GitOps workflow, providing full version control and audit trails for all infrastructure changes.

Flux Controller

Flux monitors the Gitea repository and automatically synchronizes cluster state:

  1. Source Controller: Watches Git repositories for changes
  2. Kustomize Controller: Applies Kubernetes manifests
  3. Helm Controller: Manages Helm chart deployments
  4. Image Automation: Updates container versions automatically

Deployment Manifests

Site deployment is defined declaratively:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: homepage
spec:
  replicas: 2
  selector:
    matchLabels:
      app: homepage
  template:
    spec:
      containers:
      - name: homepage
        image: harbor.local/homepage:latest
        ports:
        - containerPort: 80

Additional Features

Lightning Network Integration

The site includes Bitcoin Lightning Network payment functionality:

  • LNURL-pay Protocol: Enables Lightning payments
  • Static JSON Files: LNURL endpoints served via Nginx
  • QR Code Generation: Dynamic payment request codes

Monitoring and Observability

Comprehensive monitoring stack includes:

  • Prometheus: Metrics collection
  • Grafana: Visualization dashboards
  • AlertManager: Incident notifications
  • Jaeger: Distributed tracing

Security Considerations

Security is built into every layer:

  • Network Segmentation: VLANs isolate traffic
  • Pod Security Standards: Restricted container permissions
  • Image Scanning: Automated vulnerability detection
  • Secret Management: Kubernetes secrets with rotation
  • Backup Strategy: Automated backups to multiple locations

Benefits of This Architecture

Reliability

  • Multi-region deployment ensures high availability
  • Automated failover handles infrastructure issues
  • Immutable deployments provide consistent environments

Security

  • Self-hosted infrastructure maintains complete control
  • Air-gapped networks limit external attack vectors
  • Automated security scanning catches vulnerabilities early

Scalability

  • Container orchestration enables elastic scaling
  • GitOps workflows handle complex deployments
  • Multi-cluster architecture supports geographic distribution

Learning Platform

  • Real-world DevOps practices in a personal environment
  • Experimentation sandbox for new technologies
  • Portfolio demonstration of technical capabilities

Future Enhancements

Planned improvements include:

  • Enhanced Networking: Cilium service mesh capabilities for advanced traffic management
  • Edge Computing: CDN integration for global performance
  • Chaos Engineering: Automated resilience testing
  • ML/AI Integration: Intelligent monitoring and optimization

This infrastructure demonstrates that enterprise-grade DevOps practices can be implemented at any scale. The combination of Hugo’s simplicity with Kubernetes’ power creates a robust, scalable platform for content delivery while serving as a practical learning environment for modern cloud-native technologies.

hugo containers argo-workflows harbor flux kubernetes gitops self-hosted