nilsnh/humble-homelab
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
humble-homelab/readme.md
Nils Norman Haukås 546b52b806 🎉 initial commit
2024-01-18 21:29:44 +01:00

2.7 KiB
Raw Blame History

My homelab documentation

Servers tend to get weird over time. Hence, I maintain this overview to remind myself of all the stuff running various places. This makes it easier to get everything back up and running when the hardware eventually fails.

I also hope that sharing this can inspire others to try self-hosting as well.

Services currently handled by this Ansible setup:

Getting started with local development

Prerequisites:

  1. Run git clone --recurse-submodules git@code.on.nilsnh.no:nilsnh/ansible-homelab.git to download this repo including any git submodules.
  2. Run ./scripts/build.sh to build binaries from source.
  3. Start local Vagrant with vagrant up --provision-with ansible.
    • Use vagrant destroy to fully delete box.
    • Use vagrant ssh to ssh inside a running box.
    • Use vagrant provision to quickly re-run Ansible changes when developing.
    • You can use Valet to setup local SSL proxy and get URLs like https://myniceservice.test.

☝️ This will fail if you don't have configured Ansible Vault password.

Deploying changes

  1. First ensure that you have Ansible Vault correctly configured. See section below.
  2. Call ansible-playbook --become playbook.yml.

If you're deploying to a lot of different machines, you should consider a different deployment strategy.

How-to setup Raspberry Pi to use SSD storage

  1. Use Raspberry Pi Imager.
  2. Flash a new SSD
  • Use my default SSH public key.
  • Activate SSH login.
  • Skip configuring wi-fi, if you're relying on ethernet instead.

Configuring Ansible Vault

A ansible.cfg file in project root is configured to check ~/.vault_pass for Vault password.

To edit Vault entries run ansible-vault edit group_vars/all/vault.yml.

Current Ansible Vault variables

Credentials for accessing remote mailserver:

  • vault_mta_user
  • vault_mta_user_pw

Credentials initially created by Forgejo and then stored here:

  • vault_forgejo_lfs_secret
  • vault_forgejo_internal_token
  • vault_forgejo_jwt_secret

Credentials for accessing the Restic backup destination:

  • vault_restic_url_jake
  • vault_restic_pw_jake

License

Unless otherwise specified the contents of this project is licensed under the Hippocratic License, see license.

Any code in the vendor/ sub-directory come with its own respective licensing, and is not covered by the Hippocratic License.