group_vars/all | ||
host_vars | ||
inventory | ||
roles | ||
scripts | ||
.gitignore | ||
ansible.cfg | ||
Caddyfile | ||
license.md | ||
playbook-vagrant.yml | ||
playbook.yml | ||
readme.md | ||
Vagrantfile |
Humble homelab
Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.
I also hope that sharing this can inspire others to try self-hosting as well.
Services currently handled by this Ansible setup:
Getting started with local development
Prerequisites:
- Run
git clone git@code.on.nilsnh.no:nilsnh/ansible-homelab.git
to download this repo. - Start local Vagrant with
vagrant up --provision-with ansible
.- Use
vagrant destroy
to fully delete box. - Use
vagrant ssh
to ssh inside a running box. - Use
vagrant provision
to quickly re-run Ansible changes when developing. - You can use Valet to setup local SSL proxy and get URLs like
https://myniceservice.test
.
- Use
☝️ This will fail if you don't have configured Ansible Vault password.
Deploying changes
- First ensure that you have Ansible Vault correctly configured. See section below.
- Call
ansible-playbook --become playbook.yml
.
If you're deploying to a lot of different machines, you should consider a different deployment strategy.
How-to setup Raspberry Pi to use SSD storage
- Use Raspberry Pi Imager.
- Flash a new SSD
- Use my default SSH public key.
- Activate SSH login.
- Skip configuring wi-fi, if you're relying on ethernet instead.
Configuring Ansible Vault
A ansible.cfg
file in project root is configured to check ~/.vault_pass
for Vault password.
To edit Vault entries run ansible-vault edit group_vars/all/vault.yml
.
Current Ansible Vault variables
Credentials for accessing remote mailserver:
vault_mta_user
vault_mta_user_pw
Credentials initially created by Forgejo and then stored here:
vault_forgejo_lfs_secret
vault_forgejo_internal_token
vault_forgejo_jwt_secret
Credentials for accessing the Restic backup destination:
vault_restic_url_jake
vault_restic_pw_jake
Private key for encrypting Wireguard traffic:
vault_wireguard_private_key
License
Unless otherwise specified the contents of this project is licensed under the Hippocratic License, see license.
The flower emoji comes from the openemoji project, and is licensed under CC BY-SA 4.0.