nilsnh
/
humble-homelab
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
An Ansible-powered homelab setup containing a git server, and probably some other services in the future.
38 Commits 2 Branches 0 Tags 164 KiB
Jinja 67.7%
Shell 32.3%
Go to file
Nils Norman Haukås b5b27c1636 :UP: upgrade forgejo to 1.21.11-1 (latest) 2024-04-23 10:04:55 +02:00
group_vars/all add wireguard config 2024-03-20 15:11:31 +01:00
host_vars add munin role 2024-04-23 09:50:40 +02:00
inventory ♻️ refactor how hosts are defined 2024-03-20 16:44:43 +01:00
roles :UP: upgrade forgejo to 1.21.11-1 (latest) 2024-04-23 10:04:55 +02:00
scripts simplify restic script 2024-02-25 07:28:55 +01:00
.gitignore 🎉 initial commit 2024-01-18 21:29:44 +01:00
Vagrantfile 🎉 initial commit 2024-01-18 21:29:44 +01:00
ansible.cfg 🎉 initial commit 2024-01-18 21:29:44 +01:00
license.md 🎉 initial commit 2024-01-18 21:29:44 +01:00
playbook-vagrant.yml clarify variable purpose by renaming to sendmail_hostname 2024-01-30 12:08:09 +01:00
playbook.yml ♻️ refactor how hosts are defined 2024-03-20 16:44:43 +01:00
readme.md specify where flower emoji is 2024-03-20 16:49:27 +01:00

readme.md

Humble homelab

Hippocratic License HL3-FULL Please don't upload to GitHub

Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.

I also hope that sharing this can inspire others to try self-hosting as well.

Services currently handled by this Ansible setup:

Getting started with local development

Prerequisites:

  1. Run git clone git@code.on.nilsnh.no:nilsnh/ansible-homelab.git to download this repo.
  2. Start local Vagrant with vagrant up --provision-with ansible.
    • Use vagrant destroy to fully delete box.
    • Use vagrant ssh to ssh inside a running box.
    • Use vagrant provision to quickly re-run Ansible changes when developing.
    • You can use Valet to setup local SSL proxy and get URLs like https://myniceservice.test.

☝️ This will fail if you don't have configured Ansible Vault password.

Deploying changes

  1. First ensure that you have Ansible Vault correctly configured. See section below.
  2. Call ansible-playbook --become playbook.yml.

If you're deploying to a lot of different machines, you should consider a different deployment strategy.

How-to setup Raspberry Pi to use SSD storage

  1. Use Raspberry Pi Imager.
  2. Flash a new SSD
  • Use my default SSH public key.
  • Activate SSH login.
  • Skip configuring wi-fi, if you're relying on ethernet instead.

Configuring Ansible Vault

A ansible.cfg file in project root is configured to check ~/.vault_pass for Vault password.

To edit Vault entries run ansible-vault edit group_vars/all/vault.yml.

Current Ansible Vault variables

Credentials for accessing remote mailserver:

  • vault_mta_user
  • vault_mta_user_pw

Credentials initially created by Forgejo and then stored here:

  • vault_forgejo_lfs_secret
  • vault_forgejo_internal_token
  • vault_forgejo_jwt_secret

Credentials for accessing the Restic backup destination:

  • vault_restic_url_jake
  • vault_restic_pw_jake

Private key for encrypting Wireguard traffic:

  • vault_wireguard_private_key

License

Unless otherwise specified the contents of this project is licensed under the Hippocratic License, see license.

The flower emoji comes from the openemoji project, and is licensed under CC BY-SA 4.0.