| docs | ||
| hosts | ||
| roles | ||
| secrets | ||
| systems | ||
| .gitignore | ||
| .sops.yaml | ||
| authorized_keys | ||
| config.nix | ||
| example_secrets.yaml | ||
| flake.lock | ||
| flake.nix | ||
| hosts.nix | ||
| README.md | ||
| utils.nix | ||
Home lab configuration
The nix based configuration for my home lab.
Deploying a new VM
- Create a clone of the template VM in proxmox.
- Change cloud-init config of the clone to contain the new IP address.
- Create the configuration file in the
hosts/folder. - Make sure the IPs match between the configuration file and the cloud-init config.
- Create a secrets file with
sops edit secrets/HOSTNAME.ymland put all required secrets in there. - Commit changes to git.
- Start the VM.
- Deploy the configuration with
colmena apply --on HOSTNAME. - (Optional) If the VM requires an update to traefik run
colmena applyto update all hosts.
Updating packages
- Run
nix flake update. - Commit the changes to git.
- Run
colmena apply.
File Organization
- hosts/ # Host definitions files
- roles/ # Role definition files
- secrets/ # Encrypted secrets for each host
- systems/base/ # Base system configuration shared by all hosts
- confgi.nix # Global configuration options
IP ranges
192.168.10.1 -> Main router
192.168.10.2 -> Openwrt accesspoint
192.168.10.3 -> Proxmox 1
192.168.10.4 -> Media share (Deprecated)
192.168.10.5 -> Mini 1 (Proxmox)
192.168.10.6 -> Mini 2 (Proxmox) (To be deployed)
192.168.10.[10-50] -> VM hosts
10 -> Proxy
11 -> Git
192.168.10.[100-200] -> DHCP range
174 -> Bluesky PDS
188 -> Portainer (Deprecated)
189 -> Bastion
190 -> Wings 1
191 -> Adguard (Deprecated)
192 -> Home assistant
Data storage guidance
There are three categories of data used by applications, each should be stored in their own specific way to ensure minimal possibility of data loss. Nothing should be deployed if it doesn't follow these guidelines!
Runtime state: Data that has to be persisted to disk, but is not required to be present after a restart of the application. Things such as encoding caches fall in this category. This data should be stored on the ephemeral file system only.
Long term state: Data that is generated by the application that has uses
between restarts, but can be easily replaced if it is lost. This is things such
as SSL certificates for traefik, as re-requesting these might cause
rate-limiting related issues. This data should be persisted to the
/persistent directory. Use nix-impermanence for this..
Application/user data: This is most data managed by the system. This is data that can not easily be replaced, such as pictures, videos, and other user uploaded files, but also databases which are not purely generated, such as Immich's database. **This data should be persisted to the Ceph cluster. Preferably in real-time, but if this is infeasible, for example, running databases on top of ceph incurs a large performance hit, the data should be persisted in an automated fashion, such as through a cron job making a backup every x hours.
TODO:
Services
For sure:
-
FreshRSS: RSS server/reader
-
Gramps: Family tree
-
hoarder: Bookmark manager
-
immich: Photos
-
Jellyfin: Watching media files
-
Nextcloud: Files, contacts, calendar, etc
-
Pterodactyl panel: Game servers
-
Pterodactyl wings: Backend daemon for game servers
-
Vaultwarden: Password manager
-
Forgejo actions runner:
Needs to run over VPN:
- Prowlarr:
- Radarr:
- Lidarr:
- Sonarr:
- Transmission: Torrent clients (Different client maybe?)
Websites: Might want to look at using something to host these + other self hosted projects like coolify on its own machine
- kallestruik.nl
- dchat.kallestruik.nl
- dconfig.kallestruik.nl
- shs.khs.li
- shs-gc.khs.li
Maybe:
- Hedgedoc: Shared markdown note editing
- Linkwarden: Shared link collections
- Mastodon: Federated social media
- Matrix: Federated chat
- Paperless: Document storage
- Stirling PDF: PDF tools
Monitoring: Currently grafana for dashboard with other things supplying data into it. Might want to look at some options before using it again.
Bastion:
- VPN
- SSH jumphost to the rest of the network