nilsnh/humble-homelab
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
An Ansible-powered homelab setup containing a git server, and probably some other services in the future.
22 commits 2 branches 0 tags 167 KiB
Jinja 67.7%
Shell 32.3%
Go to file
Nils Norman Haukås 25929a4ada simplify restic script
2024-02-25 07:28:55 +01:00
group_vars/all add firewall support 2024-02-22 18:40:27 +01:00
inventory download restic binary, validate shasum and unzip it 2024-02-10 22:03:09 +01:00
roles :UP: upgrade restic to 0.16.4 2024-02-25 07:28:44 +01:00
scripts simplify restic script 2024-02-25 07:28:55 +01:00
.gitignore 🎉 initial commit 2024-01-18 21:29:44 +01:00
ansible.cfg 🎉 initial commit 2024-01-18 21:29:44 +01:00
license.md 🎉 initial commit 2024-01-18 21:29:44 +01:00
playbook-vagrant.yml clarify variable purpose by renaming to sendmail_hostname 2024-01-30 12:08:09 +01:00
playbook.yml support enable/disable timed backups 2024-02-23 12:07:16 +01:00
readme.md 🔥 remove restic submodule 2024-02-22 18:50:18 +01:00
Vagrantfile 🎉 initial commit 2024-01-18 21:29:44 +01:00

readme.md

Humble homelab

Hippocratic License HL3-FULL Please don't upload to GitHub

Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.

I also hope that sharing this can inspire others to try self-hosting as well.

Services currently handled by this Ansible setup:

Getting started with local development

Prerequisites:

  1. Run git clone git@code.on.nilsnh.no:nilsnh/ansible-homelab.git to download this repo.
  2. Start local Vagrant with vagrant up --provision-with ansible.
    • Use vagrant destroy to fully delete box.
    • Use vagrant ssh to ssh inside a running box.
    • Use vagrant provision to quickly re-run Ansible changes when developing.
    • You can use Valet to setup local SSL proxy and get URLs like https://myniceservice.test.

☝️ This will fail if you don't have configured Ansible Vault password.

Deploying changes

  1. First ensure that you have Ansible Vault correctly configured. See section below.
  2. Call ansible-playbook --become playbook.yml.

If you're deploying to a lot of different machines, you should consider a different deployment strategy.

How-to setup Raspberry Pi to use SSD storage

  1. Use Raspberry Pi Imager.
  2. Flash a new SSD
  • Use my default SSH public key.
  • Activate SSH login.
  • Skip configuring wi-fi, if you're relying on ethernet instead.

Configuring Ansible Vault

A ansible.cfg file in project root is configured to check ~/.vault_pass for Vault password.

To edit Vault entries run ansible-vault edit group_vars/all/vault.yml.

Current Ansible Vault variables

Credentials for accessing remote mailserver:

  • vault_mta_user
  • vault_mta_user_pw

Credentials initially created by Forgejo and then stored here:

  • vault_forgejo_lfs_secret
  • vault_forgejo_internal_token
  • vault_forgejo_jwt_secret

Credentials for accessing the Restic backup destination:

  • vault_restic_url_jake
  • vault_restic_pw_jake

License

Unless otherwise specified the contents of this project is licensed under the Hippocratic License, see license.

Any code in the vendor/ sub-directory come with its own respective licensing, and is not covered by the Hippocratic License.

The flower emoji comes from the openemoji project, and is licensed under CC BY-SA 4.0.