humble-homelab/readme.md

# Humble homelab

[![Hippocratic License HL3-FULL](https://img.shields.io/static/v1?label=Hippocratic%20License&message=HL3-FULL&labelColor=5e2751&color=bc8c3d)](https://firstdonoharm.dev/version/3/0/full.html) [![Please don't upload to GitHub](https://nogithub.codeberg.page/badge.svg)](https://nogithub.codeberg.page)

Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails. 

I also hope that sharing this can inspire others to try self-hosting as well.

Services currently handled by this Ansible setup:

- [code.on.nilsnh.no](https://code.on.nilsnh.no/)

## Getting started with local development

Prerequisites:
 - [Ansible](https://www.ansible.com/)
 - [Vagrant](https://www.vagrantup.com/)
 - [Go](https://go.dev/) for building [Restic](https://restic.readthedocs.io/) from source.

1. Run `git clone git@code.on.nilsnh.no:nilsnh/ansible-homelab.git` to download this repo.
1. Start local Vagrant with `vagrant up --provision-with ansible`.
    - Use `vagrant destroy` to fully delete box.
    - Use `vagrant ssh` to ssh inside a running box.
    - Use `vagrant provision` to quickly re-run Ansible changes when developing.
    - You can use [Valet](https://cpriego.github.io/valet-linux/) to setup local SSL proxy and get URLs like `https://myniceservice.test`.

:point_up: This will fail if you don't have configured [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) password.

## Deploying changes

1. First ensure that you have Ansible Vault correctly configured. See section below.
1. Call `ansible-playbook --become playbook.yml`.

If you're deploying to a lot of different machines, you should consider a different deployment strategy.

## How-to setup Raspberry Pi to use SSD storage

1. Use [Raspberry Pi Imager](https://www.raspberrypi.com/software/).
1. Flash a new SSD
  - Use my default SSH public key.
  - Activate SSH login.
  - Skip configuring wi-fi, if you're relying on ethernet instead.

## Configuring Ansible Vault

A `ansible.cfg` file in project root is configured to check `~/.vault_pass` for Vault password.

To edit Vault entries run `ansible-vault edit group_vars/all/vault.yml`.

### Current Ansible Vault variables

Credentials for accessing remote mailserver:

- `vault_mta_user`
- `vault_mta_user_pw`

Credentials initially created by Forgejo and then stored here:

- `vault_forgejo_lfs_secret`
- `vault_forgejo_internal_token`
- `vault_forgejo_jwt_secret`

Credentials for accessing the Restic backup destination:

- `vault_restic_url_jake`
- `vault_restic_pw_jake`

Private key for encrypting Wireguard traffic:

- `vault_wireguard_private_key`

## License

Unless otherwise specified the contents of this project is licensed under the [Hippocratic License](https://firstdonoharm.dev/), see [license](license.md). 

The [flower emoji](roles/forgejo/files/custom/public/assets/img/logo.png) comes from [the openemoji project](https://openmoji.org/), and is licensed under [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/#).
add Hippocratic license 2024-01-22 14:13:21 +01:00			`# Humble homelab`
:tada: initial commit 2024-01-18 21:29:44 +01:00
add hl3 badge 2024-01-22 14:12:22 +01:00			`[![Hippocratic License HL3-FULL](https://img.shields.io/static/v1?label=Hippocratic%20License&message=HL3-FULL&labelColor=5e2751&color=bc8c3d)](https://firstdonoharm.dev/version/3/0/full.html) [![Please don't upload to GitHub](https://nogithub.codeberg.page/badge.svg)](https://nogithub.codeberg.page)`

:tada: initial commit 2024-01-18 21:29:44 +01:00			`Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.`

			`I also hope that sharing this can inspire others to try self-hosting as well.`

			`Services currently handled by this Ansible setup:`

			`- [code.on.nilsnh.no](https://code.on.nilsnh.no/)`

			`## Getting started with local development`

			`Prerequisites:`
			`- [Ansible](https://www.ansible.com/)`
			`- [Vagrant](https://www.vagrantup.com/)`
			`- [Go](https://go.dev/) for building [Restic](https://restic.readthedocs.io/) from source.`

:fire: remove restic submodule 2024-02-22 18:49:00 +01:00			1. Run `git clone git@code.on.nilsnh.no:nilsnh/ansible-homelab.git` to download this repo.
:tada: initial commit 2024-01-18 21:29:44 +01:00			1. Start local Vagrant with `vagrant up --provision-with ansible`.
			- Use `vagrant destroy` to fully delete box.
			- Use `vagrant ssh` to ssh inside a running box.
			- Use `vagrant provision` to quickly re-run Ansible changes when developing.
			- You can use [Valet](https://cpriego.github.io/valet-linux/) to setup local SSL proxy and get URLs like `https://myniceservice.test`.

			`:point_up: This will fail if you don't have configured [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) password.`

			`## Deploying changes`

			`1. First ensure that you have Ansible Vault correctly configured. See section below.`
			1. Call `ansible-playbook --become playbook.yml`.

			`If you're deploying to a lot of different machines, you should consider a different deployment strategy.`

			`## How-to setup Raspberry Pi to use SSD storage`

			`1. Use [Raspberry Pi Imager](https://www.raspberrypi.com/software/).`
			`1. Flash a new SSD`
			`- Use my default SSH public key.`
			`- Activate SSH login.`
			`- Skip configuring wi-fi, if you're relying on ethernet instead.`

			`## Configuring Ansible Vault`

			A `ansible.cfg` file in project root is configured to check `~/.vault_pass` for Vault password.

			To edit Vault entries run `ansible-vault edit group_vars/all/vault.yml`.

			`### Current Ansible Vault variables`

			`Credentials for accessing remote mailserver:`

			- `vault_mta_user`
			- `vault_mta_user_pw`

			`Credentials initially created by Forgejo and then stored here:`

			- `vault_forgejo_lfs_secret`
			- `vault_forgejo_internal_token`
			- `vault_forgejo_jwt_secret`

			`Credentials for accessing the Restic backup destination:`

			- `vault_restic_url_jake`
			- `vault_restic_pw_jake`

update readme 2024-03-20 16:47:13 +01:00			`Private key for encrypting Wireguard traffic:`

			- `vault_wireguard_private_key`

:tada: initial commit 2024-01-18 21:29:44 +01:00			`## License`

			`Unless otherwise specified the contents of this project is licensed under the [Hippocratic License](https://firstdonoharm.dev/), see [license](license.md).`

specify where flower emoji is 2024-03-20 16:49:27 +01:00			`The [flower emoji](roles/forgejo/files/custom/public/assets/img/logo.png) comes from [the openemoji project](https://openmoji.org/), and is licensed under [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/#).`