2.9 KiB
My homelab documentation
Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.
I also hope that sharing this can inspire others to try self-hosting as well.
Services currently handled by this Ansible setup:
Getting started with local development
Prerequisites:
- Run
git clone --recurse-submodules git@code.on.nilsnh.no:nilsnh/ansible-homelab.git
to download this repo including any git submodules. - Run
./scripts/build.sh
to build binaries from source. - Start local Vagrant with
vagrant up --provision-with ansible
.- Use
vagrant destroy
to fully delete box. - Use
vagrant ssh
to ssh inside a running box. - Use
vagrant provision
to quickly re-run Ansible changes when developing. - You can use Valet to setup local SSL proxy and get URLs like
https://myniceservice.test
.
- Use
☝️ This will fail if you don't have configured Ansible Vault password.
Deploying changes
- First ensure that you have Ansible Vault correctly configured. See section below.
- Call
ansible-playbook --become playbook.yml
.
If you're deploying to a lot of different machines, you should consider a different deployment strategy.
How-to setup Raspberry Pi to use SSD storage
- Use Raspberry Pi Imager.
- Flash a new SSD
- Use my default SSH public key.
- Activate SSH login.
- Skip configuring wi-fi, if you're relying on ethernet instead.
Configuring Ansible Vault
A ansible.cfg
file in project root is configured to check ~/.vault_pass
for Vault password.
To edit Vault entries run ansible-vault edit group_vars/all/vault.yml
.
Current Ansible Vault variables
Credentials for accessing remote mailserver:
vault_mta_user
vault_mta_user_pw
Credentials initially created by Forgejo and then stored here:
vault_forgejo_lfs_secret
vault_forgejo_internal_token
vault_forgejo_jwt_secret
Credentials for accessing the Restic backup destination:
vault_restic_url_jake
vault_restic_pw_jake
License
Unless otherwise specified the contents of this project is licensed under the Hippocratic License, see license.
Any code in the vendor/
sub-directory come with its own respective licensing, and is not covered by the Hippocratic License.