# Humble homelab [![Hippocratic License HL3-FULL](https://img.shields.io/static/v1?label=Hippocratic%20License&message=HL3-FULL&labelColor=5e2751&color=bc8c3d)](https://firstdonoharm.dev/version/3/0/full.html) [![Please don't upload to GitHub](https://nogithub.codeberg.page/badge.svg)](https://nogithub.codeberg.page) Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails. I also hope that sharing this can inspire others to try self-hosting as well. Services currently handled by this Ansible setup: - [code.on.nilsnh.no](https://code.on.nilsnh.no/) ## Getting started with local development Prerequisites: - [Ansible](https://www.ansible.com/) - [Vagrant](https://www.vagrantup.com/) - [Go](https://go.dev/) for building [Restic](https://restic.readthedocs.io/) from source. 1. Run `git clone git@code.on.nilsnh.no:nilsnh/ansible-homelab.git` to download this repo. 1. Start local Vagrant with `vagrant up --provision-with ansible`. - Use `vagrant destroy` to fully delete box. - Use `vagrant ssh` to ssh inside a running box. - Use `vagrant provision` to quickly re-run Ansible changes when developing. - You can use [Valet](https://cpriego.github.io/valet-linux/) to setup local SSL proxy and get URLs like `https://myniceservice.test`. :point_up: This will fail if you don't have configured [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) password. ## Deploying changes 1. First ensure that you have Ansible Vault correctly configured. See section below. 1. Call `ansible-playbook --become playbook.yml`. If you're deploying to a lot of different machines, you should consider a different deployment strategy. ## How-to setup Raspberry Pi to use SSD storage 1. Use [Raspberry Pi Imager](https://www.raspberrypi.com/software/). 1. Flash a new SSD - Use my default SSH public key. - Activate SSH login. - Skip configuring wi-fi, if you're relying on ethernet instead. ## Configuring Ansible Vault A `ansible.cfg` file in project root is configured to check `~/.vault_pass` for Vault password. To edit Vault entries run `ansible-vault edit group_vars/all/vault.yml`. ### Current Ansible Vault variables Credentials for accessing remote mailserver: - `vault_mta_user` - `vault_mta_user_pw` Credentials initially created by Forgejo and then stored here: - `vault_forgejo_lfs_secret` - `vault_forgejo_internal_token` - `vault_forgejo_jwt_secret` Credentials for accessing the Restic backup destination: - `vault_restic_url_jake` - `vault_restic_pw_jake` Private key for encrypting Wireguard traffic: - `vault_wireguard_private_key` ## License Unless otherwise specified the contents of this project is licensed under the [Hippocratic License](https://firstdonoharm.dev/), see [license](license.md). The [flower emoji](roles/forgejo/files/custom/public/assets/img/logo.png) comes from [the openemoji project](https://openmoji.org/), and is licensed under [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/#).