73 lines
No EOL
2.9 KiB
Markdown
73 lines
No EOL
2.9 KiB
Markdown
# My homelab documentation
|
|
|
|
[![Please don't upload to GitHub](https://nogithub.codeberg.page/badge.svg)](https://nogithub.codeberg.page)
|
|
|
|
Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.
|
|
|
|
I also hope that sharing this can inspire others to try self-hosting as well.
|
|
|
|
Services currently handled by this Ansible setup:
|
|
|
|
- [code.on.nilsnh.no](https://code.on.nilsnh.no/)
|
|
|
|
## Getting started with local development
|
|
|
|
Prerequisites:
|
|
- [Ansible](https://www.ansible.com/)
|
|
- [Vagrant](https://www.vagrantup.com/)
|
|
- [Go](https://go.dev/) for building [Restic](https://restic.readthedocs.io/) from source.
|
|
|
|
1. Run `git clone --recurse-submodules git@code.on.nilsnh.no:nilsnh/ansible-homelab.git` to download this repo including any git submodules.
|
|
1. Run `./scripts/build.sh` to build binaries from source.
|
|
1. Start local Vagrant with `vagrant up --provision-with ansible`.
|
|
- Use `vagrant destroy` to fully delete box.
|
|
- Use `vagrant ssh` to ssh inside a running box.
|
|
- Use `vagrant provision` to quickly re-run Ansible changes when developing.
|
|
- You can use [Valet](https://cpriego.github.io/valet-linux/) to setup local SSL proxy and get URLs like `https://myniceservice.test`.
|
|
|
|
:point_up: This will fail if you don't have configured [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) password.
|
|
|
|
## Deploying changes
|
|
|
|
1. First ensure that you have Ansible Vault correctly configured. See section below.
|
|
1. Call `ansible-playbook --become playbook.yml`.
|
|
|
|
If you're deploying to a lot of different machines, you should consider a different deployment strategy.
|
|
|
|
## How-to setup Raspberry Pi to use SSD storage
|
|
|
|
1. Use [Raspberry Pi Imager](https://www.raspberrypi.com/software/).
|
|
1. Flash a new SSD
|
|
- Use my default SSH public key.
|
|
- Activate SSH login.
|
|
- Skip configuring wi-fi, if you're relying on ethernet instead.
|
|
|
|
## Configuring Ansible Vault
|
|
|
|
A `ansible.cfg` file in project root is configured to check `~/.vault_pass` for Vault password.
|
|
|
|
To edit Vault entries run `ansible-vault edit group_vars/all/vault.yml`.
|
|
|
|
### Current Ansible Vault variables
|
|
|
|
Credentials for accessing remote mailserver:
|
|
|
|
- `vault_mta_user`
|
|
- `vault_mta_user_pw`
|
|
|
|
Credentials initially created by Forgejo and then stored here:
|
|
|
|
- `vault_forgejo_lfs_secret`
|
|
- `vault_forgejo_internal_token`
|
|
- `vault_forgejo_jwt_secret`
|
|
|
|
Credentials for accessing the Restic backup destination:
|
|
|
|
- `vault_restic_url_jake`
|
|
- `vault_restic_pw_jake`
|
|
|
|
## License
|
|
|
|
Unless otherwise specified the contents of this project is licensed under the [Hippocratic License](https://firstdonoharm.dev/), see [license](license.md).
|
|
|
|
Any code in the `vendor/` sub-directory come with its own respective licensing, and is not covered by the Hippocratic License. |