.vscode | ||
group_vars | ||
host_files | ||
host_vars | ||
inventory | ||
LICENSES | ||
mnt | ||
roles | ||
sandbox | ||
scripts | ||
.editorconfig | ||
.git-blame-ignore-revs | ||
.gitignore | ||
ansible.cfg | ||
check-connectivity.yml | ||
playbook.yml | ||
readme.md | ||
REUSE.toml | ||
synology.yml |
Humble homelab
Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.
I also hope that sharing this can inspire others to try self-hosting as well.
This project assumes that you're familiar with Ansible. For a thorough introduction to Ansible, I can highly recommend the e-book Ansible for DevOps by Jeff Gerling.
Getting started with local development
In this project there's a sandbox/
directory which specifies a virtual machine in which we can try out our ansible roles.
Prerequisites:
- Run
git clone git@code.on.nilsnh.no:nilsnh/humble-homelab.git
to download this repo. - Navigate to sub-directory
sandbox/
- Start local Vagrant with
vagrant up
, it should automatically provision thesandbox/playbook.yml
file.- Use
vagrant ssh
to ssh inside a running box. - Use
vagrant provision
to quickly re-run Ansible changes when developing. - Use
vagrant destroy
to fully delete box.
- Use
- After the initial
vagrant provision
, you can subsequently callansible-playbook --become site-forgejo.yml
or other playbooks for developing various roles.
☝️ This will fail if you don't have configured Ansible Vault password.
Deploying changes
- First ensure that you have various ansible variables correctly configured. Any secrets should be handled by Ansible Vault, see section below.
- Specify your target server(s) in
inventory/production
- Call
ansible-playbook --become playbook.yml
.
How-to setup Raspberry Pi to use SSD storage
- Use Raspberry Pi Imager.
- Flash a new SSD
- Use my default SSH public key.
- Activate SSH login.
- Skip configuring wi-fi, if you're relying on ethernet instead.
Configuring Ansible Vault and other variables
Ansible Vault lets us safely store secrets encrypted in git.
To edit Vault entries run ansible-vault edit group_vars/all/vault.yml
. If you're a new user who just downloaded this repo, you should just delete the vault.yml file and re-create it using ansible-vault
.
A ansible.cfg
file in project root is configured to check ~/.vault_pass
for Vault password.
Documentation is regrettably poor on what variables each this project's roles actually require. Nevertheless, I hope that they might be of some use to you just the same.
Licensing
This project uses REUSE Software for licensing. See LICENSES/ to see what licenses are used for this project. See the top section of individual files to learn what license they're released under, for the most part they're released under the Hippocratic 3.0 license with various provisions enabled. Consult the actual license text within LICENSE/
to see what's what. See also the REUSE.toml
file(s) to review licensing for files that don't support custom headers (such as image files).
To generate a complete Software Bill of Materials (SBOM). Run pipx run reuse spdx
(requires pipx).
Credit
The flower emoji comes from the openemoji project, and is licensed under CC BY-SA 4.0.