homelab/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
config/README.md
Kalle Struik 1a4ca1fc60 Update readme
2025-04-12 00:35:38 +02:00

4.4 KiB
Raw Blame History

Home lab configuration

The nix based configuration for my home lab.

Documentation

Documentation for each role is available at docs/roles. Similar documentation is also available for each unmanaged host in docs/hosts.

Deploying a new VM

  1. Create a clone of the template VM in proxmox.
  2. Change cloud-init config of the clone to contain the new IP address.
  3. Create the configuration file in the hosts/ folder.
  4. Make sure the IPs match between the configuration file and the cloud-init config.
  5. Create a secrets file with sops edit secrets/HOSTNAME.yml and put all required secrets in there.
  6. Commit changes to git.
  7. Start the VM.
  8. Deploy the configuration with colmena apply --on HOSTNAME.
  9. (Optional) If the VM requires an update to traefik run colmena apply to update all hosts.

Updating packages

  1. Run nix flake update.
  2. Commit the changes to git.
  3. Run colmena apply.

File Organization

- hosts/        # Host definitions files
- roles/        # Role definition files
- secrets/      # Encrypted secrets for each host
- systems/base/ # Base system configuration shared by all hosts

- config.nix    # Global configuration options

IP ranges

192.168.10.1 -> Main router
192.168.10.2 -> Openwrt accesspoint
192.168.10.3 -> Proxmox 1
192.168.10.4 -> Media share (Deprecated)
192.168.10.5 -> Mini 1 (Proxmox)
192.168.10.6 -> Mini 2 (Proxmox) (To be deployed)
192.168.10.[10-50] -> VM hosts
            10     -> Proxy
            11     -> Git
            12     -> Cloud
192.168.10.[100-200] -> DHCP range
            174      -> Bluesky PDS
            188      -> Portainer (Deprecated)
            189      -> Bastion
            190      -> Wings 1
            191      -> Adguard (Deprecated)
            192      -> Home assistant

Data storage guidance

There are three categories of data used by applications, each should be stored in their own specific way to ensure minimal possibility of data loss. Nothing should be deployed if it doesn't follow these guidelines!

Runtime state: Data that has to be persisted to disk, but is not required to be present after a restart of the application. Things such as encoding caches fall in this category. This data should be stored on the ephemeral file system only.

Long term state: Data that is generated by the application that has uses between restarts, but can be easily replaced if it is lost. This is things such as SSL certificates for traefik, as re-requesting these might cause rate-limiting related issues. This data should be persisted to the /persistent directory. Use nix-impermanence for this.

Application/user data: This is most data managed by the system. This is data that can not easily be replaced, such as pictures, videos, and other user uploaded files, but also databases which are not purely generated, such as Immich's database. This data should be persisted to the Ceph cluster. Preferably in real-time, but if this is infeasible, for example, running databases on top of ceph incurs a large performance hit, the data should be persisted in an automated fashion, such as through a cron job making a backup every x hours.

TODO:

  • Write automation to notify me of outdated docker images in dockerImages.nix.
  • Automatic backup of postgres data (yes, I know this should have been done before deploying).

Services

For sure:

  • Gramps: Family tree
  • hoarder: Bookmark manager
  • immich: Photos
  • Jellyfin: Watching media files
  • Nextcloud: Files, contacts, calendar, etc
  • Pterodactyl panel: Game servers
  • Pterodactyl wings: Backend daemon for game servers
  • Vaultwarden: Password manager

Needs to run over VPN:

  • Prowlarr:
  • Radarr:
  • Lidarr:
  • Sonarr:
  • Transmission: Torrent clients (Different client maybe?)

Websites: Might want to look at using something to host these + other self hosted projects like coolify on its own machine

  • kallestruik.nl
  • dchat.kallestruik.nl
  • dconfig.kallestruik.nl
  • shs.khs.li
  • shs-gc.khs.li

Maybe:

  • Hedgedoc: Shared markdown note editing
  • Linkwarden: Shared link collections
  • Mastodon: Federated social media
  • Matrix: Federated chat
  • Paperless: Document storage
  • Stirling PDF: PDF tools

Monitoring: Currently grafana for dashboard with other things supplying data into it. Might want to look at some options before using it again.

Bastion:

  • VPN
  • SSH jumphost to the rest of the network