127 lines
4.2 KiB
Markdown
127 lines
4.2 KiB
Markdown
# Home lab configuration
|
|
The nix based configuration for my home lab.
|
|
|
|
## Documentation
|
|
Documentation for each role is available at `docs/roles`. Similar documentation is
|
|
also available for each unmanaged host in `docs/hosts`.
|
|
|
|
## Deploying a new VM
|
|
1. Create a clone of the template VM in proxmox.
|
|
2. Change cloud-init config of the clone to contain the new IP address.
|
|
3. Create the configuration file in the `hosts/` folder.
|
|
4. Make sure the IPs match between the configuration file and the cloud-init config.
|
|
5. Create a secrets file with `sops edit secrets/HOSTNAME.yml` and put all required secrets in there.
|
|
6. Commit changes to git.
|
|
7. Start the VM.
|
|
8. Deploy the configuration with `colmena apply --on HOSTNAME`.
|
|
9. (Optional) If the VM requires an update to traefik run `colmena apply` to update all hosts.
|
|
|
|
|
|
## Updating packages
|
|
1. Run `nix flake update`.
|
|
2. Commit the changes to git.
|
|
3. Run `colmena apply`.
|
|
|
|
|
|
## File Organization
|
|
```
|
|
- hosts/ # Host definitions files
|
|
- roles/ # Role definition files
|
|
- secrets/ # Encrypted secrets for each host
|
|
- systems/base/ # Base system configuration shared by all hosts
|
|
|
|
- config.nix # Global configuration options
|
|
```
|
|
|
|
## IP ranges
|
|
```
|
|
192.168.10.1 -> Main router
|
|
192.168.10.2 -> Openwrt accesspoint
|
|
192.168.10.3 -> Proxmox 1
|
|
192.168.10.4 -> Media share (Deprecated)
|
|
192.168.10.5 -> Mini 1 (Proxmox)
|
|
192.168.10.6 -> Mini 2 (Proxmox) (To be deployed)
|
|
192.168.10.[10-50] -> VM hosts
|
|
10 -> Proxy
|
|
11 -> Git
|
|
12 -> Cloud
|
|
192.168.10.[100-200] -> DHCP range
|
|
174 -> Bluesky PDS
|
|
188 -> Portainer (Deprecated)
|
|
189 -> Bastion
|
|
190 -> Wings 1
|
|
191 -> Adguard (Deprecated)
|
|
192 -> Home assistant
|
|
```
|
|
|
|
## Data storage guidance
|
|
There are three categories of data used by applications, each should be
|
|
stored in their own specific way to ensure minimal possibility of data loss.
|
|
**Nothing should be deployed if it doesn't follow these guidelines!**
|
|
|
|
**Runtime state:** Data that has to be persisted to disk, but is not required
|
|
to be present after a restart of the application. Things such as encoding caches
|
|
fall in this category. **This data should be stored on the ephemeral file system
|
|
only**.
|
|
|
|
**Long term state:** Data that is generated by the application that has uses
|
|
between restarts, but can be easily replaced if it is lost. This is things such
|
|
as SSL certificates for traefik, as re-requesting these might cause
|
|
rate-limiting related issues. **This data should be persisted to the
|
|
`/persistent` directory. Use nix-impermanence for this.**.
|
|
|
|
**Application/user data:** This is most data managed by the system. This is data
|
|
that can not easily be replaced, such as pictures, videos, and other user
|
|
uploaded files, but also databases which are not purely generated, such as
|
|
Immich's database. **This data should be persisted to the Ceph cluster.
|
|
Preferably in real-time, but if this is infeasible, for example, running
|
|
databases on top of ceph incurs a large performance hit, the data should be
|
|
persisted in an automated fashion, such as through a cron job making a backup
|
|
every x hours.**
|
|
|
|
|
|
## TODO:
|
|
|
|
### Services
|
|
**For sure**:
|
|
- FreshRSS: RSS server/reader
|
|
- Gramps: Family tree
|
|
- hoarder: Bookmark manager
|
|
- immich: Photos
|
|
- Jellyfin: Watching media files
|
|
- Nextcloud: Files, contacts, calendar, etc
|
|
- Pterodactyl panel: Game servers
|
|
- Pterodactyl wings: Backend daemon for game servers
|
|
- Vaultwarden: Password manager
|
|
|
|
**Needs to run over VPN:**
|
|
- Prowlarr:
|
|
- Radarr:
|
|
- Lidarr:
|
|
- Sonarr:
|
|
- Transmission: Torrent clients (Different client maybe?)
|
|
|
|
**Websites**:
|
|
Might want to look at using something to host these + other self hosted projects like coolify on its own machine
|
|
|
|
- kallestruik.nl
|
|
- dchat.kallestruik.nl
|
|
- dconfig.kallestruik.nl
|
|
- shs.khs.li
|
|
- shs-gc.khs.li
|
|
|
|
**Maybe**:
|
|
- Hedgedoc: Shared markdown note editing
|
|
- Linkwarden: Shared link collections
|
|
- Mastodon: Federated social media
|
|
- Matrix: Federated chat
|
|
- Paperless: Document storage
|
|
- Stirling PDF: PDF tools
|
|
|
|
**Monitoring**:
|
|
Currently grafana for dashboard with other things supplying data into it. Might want to look at some options before using it again.
|
|
|
|
**Bastion**:
|
|
- VPN
|
|
- SSH jumphost to the rest of the network
|
|
|