Ecosystem Overview¶
This page provides a complete view of the Kavi infrastructure ecosystem.
Infrastructure as Code
All infrastructure is managed via Terraform - servers, DNS, storage, SSH keys, and firewall rules are defined as code in the terraform-infra repository. This enables version control, disaster recovery, and multi-device management.
ποΈ Infrastructure Components¶
Servers¶
| Component | Provider | Location | Purpose | Cost | Managed By |
|---|---|---|---|---|---|
| Kimsufi Server | OVH/Kimsufi | Canada | Media & Plex | ~$15/mo | Manual |
| Hetzner VPS | Hetzner Cloud | Germany (FSN1) | Web services | ~$20/mo | Terraform |
| Storage Box | Hetzner | Germany (FSN1) | Backups + Terraform state | ~$4/mo | Terraform |
| Object Storage | Hetzner | Germany (FSN1) | Images (S3) | ~$5/mo | Terraform |
Domains & DNS¶
| Domain | Provider | Purpose | Managed By |
|---|---|---|---|
kua.cl |
Cloudflare | Primary domain | Terraform |
Subdomains¶
| Subdomain | Points To | Service | Managed By |
|---|---|---|---|
kua.cl |
Hetzner VPS | Root A record | Terraform |
secrets.kua.cl |
Hetzner | Infisical | Terraform |
plex.kua.cl |
Kimsufi | Plex Media Server | Terraform |
radarr.kua.cl |
Kimsufi | Radarr (Movies) | Terraform |
sonarr.kua.cl |
Kimsufi | Sonarr (TV) | Terraform |
overseerr.kua.cl |
Kimsufi | Overseerr (Requests) | Terraform |
cdn.kua.cl |
Hetzner | Image CDN | Terraform |
media.kua.cl |
Hetzner | KaviCloud API | Terraform |
n8n.kua.cl |
Hetzner | n8n Automation | Terraform |
DNS Automation
All DNS records are managed via Terraform. When the Hetzner VPS IP changes, Terraform automatically updates all relevant DNS records with a single terraform apply.
π Access Methods¶
SSH Keys (Terraform-Managed)¶
All SSH public keys are managed via Terraform for multi-device access control:
| Device | SSH Key | Managed By |
|---|---|---|
| MacBook | id_ed25519_macbook.pub |
Terraform (hcloud_ssh_key.macbook) |
| iPad | id_ed25519_ipad.pub |
Terraform (hcloud_ssh_key.ipad) |
| PC | id_ed25519_pc.pub |
Terraform (hcloud_ssh_key.pc) |
!!! success "Terraform SSH Advantage" - Audit trail: Git history shows when keys were added/removed - Easy revocation: Remove key from Terraform β apply β access revoked on all servers - Version controlled: ssh_keys list = exactly who has access - Multi-device sync: Any device can update SSH keys via Terraform - Secure Onboarding: Use the Bootstrap System to migrate keys to new devices.
Tailscale (Private Network)¶
All servers are connected via Tailscale for secure internal access.
| Device | Tailscale IP | Hostname |
|---|---|---|
| Kimsufi | 100.81.231.36 |
kimsufi-plex |
| Hetzner VPS | 100.80.53.55 |
cpx42-kavi-hetzner |
| Your Mac | 100.x.x.x |
MacBook-Pro-de-Kavi |
| iPhone | 100.93.192.77 |
iphone-13-mini |
| Apple TV | 100.91.20.13 |
apple-tv |
Public Access¶
| Service | Requires Auth | Method |
|---|---|---|
| Plex | Yes | Plex account |
| Overseerr | Yes | Plex account |
| KaviCloud | No | Public API |
| CDN | No | Public images |
| n8n | Yes | n8n account |
| Admin panels | Yes | Via Caddy domains |
πΎ Storage Architecture¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STORAGE ARCHITECTURE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββ β
β β KIMSUFI HDD β β HETZNER CLOUD β β
β β (~8TB) β β β β
β β β β ββββββββββββββ ββββββββββββββ β β
β β β’ Media files β β βObject Storeβ β Storage Boxβ β β
β β β’ Plex library β β β (S3) β β (Backup) β β β
β β β’ Downloads β β β β β β β β
β β β β β β’ Images β β β’ VPS bkup β β β
β β NO REDUNDANCY β β β β’ Assets β β β’ DB dumps β β β
β β (acceptable) β β β β β β’ Personal β β β
β β β β β REDUNDANT β β RAID 5/6 β β β
β ββββββββββββββββββββ β ββββββββββββββ ββββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π Backup Strategy¶
| What | Where | Frequency | Retention | Recovery Method |
|---|---|---|---|---|
| Infrastructure config | GitHub (terraform-infra) | Every change (Git) | Unlimited | terraform apply |
| Terraform state | Storage Box S3 | Real-time (remote backend) | Snapshots | Restore from backend |
| Hetzner VPS | Storage Box | Daily 3 AM | 7 daily, 4 weekly, 6 monthly | Snapshot restore |
| Kimsufi configs | Local + Git | Manual | Unlimited | Manual rebuild |
| Media files | None | N/A | Re-downloadable | Re-download |
Disaster Recovery: 30 Minutes
With Terraform, complete infrastructure loss can be recovered in 30 minutes: 1. Clone terraform-infra repo (1 min) 2. terraform init (2 min) 3. terraform apply (10 min) - rebuilds VPS, DNS, storage, SSH keys, firewall 4. Deploy services (15 min) - docker-compose up
See [Disaster Recovery](../runbooks/disaster-recovery.md) for details.
π Cost Summary¶
| Item | Monthly Cost |
|---|---|
| Kimsufi Server | ~$15 |
| Hetzner VPS | ~$20 |
| Hetzner Storage Box | ~$4 |
| Hetzner Object Storage | ~$5 |
| Domains | ~$2 |
| Total | ~$46/month |