homelab/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
config/README.md
Kalle Struik 4b5026d6fb Remove testing host
2025-04-11 12:26:38 +02:00

125 lines
4.1 KiB
Markdown
Raw Blame History

# Home lab configuration
The nix based configuration for my home lab.
## Deploying a new VM
1. Create a clone of the template VM in proxmox.
2. Change cloud-init config of the clone to contain the new IP address.
3. Create the configuration file in the `hosts/` folder.
4. Make sure the IPs match between the configuration file and the cloud-init config.
5. Create a secrets file with `sops edit secrets/HOSTNAME.yml` and put all required secrets in there.
6. Commit changes to git.
7. Start the VM.
8. Deploy the configuration with `colmena apply --on HOSTNAME`.
9. (Optional) If the VM requires an update to traefik run `colmena apply` to update all hosts.
## Updating packages
1. Run `nix flake update`.
2. Commit the changes to git.
3. Run `colmena apply`.
## File Organization
```
- hosts/ # Host definitions files
- roles/ # Role definition files
- secrets/ # Encrypted secrets for each host
- systems/base/ # Base system configuration shared by all hosts
- confgi.nix # Global configuration options
```
## IP ranges
```
192.168.10.1 -> Main router
192.168.10.2 -> Openwrt accesspoint
192.168.10.3 -> Proxmox 1
192.168.10.4 -> Media share (Deprecated)
192.168.10.5 -> Mini 1 (Proxmox)
192.168.10.6 -> Mini 2 (Proxmox) (To be deployed)
192.168.10.[10-50] -> VM hosts
10 -> Proxy
11 -> Git
192.168.10.[100-200] -> DHCP range
174 -> Bluesky PDS
188 -> Portainer (Deprecated)
189 -> Bastion
190 -> Wings 1
191 -> Adguard (Deprecated)
192 -> Home assistant
```
## Data storage guidance
There are three categories of data used by applications, each should be
stored in their own specific way to ensure minimal possibility of data loss.
**Nothing should be deployed if it doesn't follow these guidelines!**
**Runtime state:** Data that has to be persisted to disk, but is not required
to be present after a restart of the application. Things such as encoding caches
fall in this category. **This data should be stored on the ephemeral file system
only**.
**Long term state:** Data that is generated by the application that has uses
between restarts, but can be easily replaced if it is lost. This is things such
as SSL certificates for traefik, as re-requesting these might cause
rate-limiting related issues. **This data should be persisted to the
`/persistent` directory. Use nix-impermanence for this.**.
**Application/user data:** This is most data managed by the system. This is data
that can not easily be replaced, such as pictures, videos, and other user
uploaded files, but also databases which are not purely generated, such as
Immich's database. **This data should be persisted to the Ceph cluster.
Preferably in real-time, but if this is infeasible, for example, running
databases on top of ceph incurs a large performance hit, the data should be
persisted in an automated fashion, such as through a cron job making a backup
every x hours.
## TODO:
### Services
**For sure**:
- FreshRSS: RSS server/reader
- Gramps: Family tree
- hoarder: Bookmark manager
- immich: Photos
- Jellyfin: Watching media files
- Nextcloud: Files, contacts, calendar, etc
- Pterodactyl panel: Game servers
- Pterodactyl wings: Backend daemon for game servers
- Vaultwarden: Password manager
- Forgejo actions runner:
**Needs to run over VPN:**
- Prowlarr:
- Radarr:
- Lidarr:
- Sonarr:
- Transmission: Torrent clients (Different client maybe?)
**Websites**:
Might want to look at using something to host these + other self hosted projects like coolify on its own machine
- kallestruik.nl
- dchat.kallestruik.nl
- dconfig.kallestruik.nl
- shs.khs.li
- shs-gc.khs.li
**Maybe**:
- Hedgedoc: Shared markdown note editing
- Linkwarden: Shared link collections
- Mastodon: Federated social media
- Matrix: Federated chat
- Paperless: Document storage
- Stirling PDF: PDF tools
**Monitoring**:
Currently grafana for dashboard with other things supplying data into it. Might want to look at some options before using it again.
**Bastion**:
- VPN
- SSH jumphost to the rest of the network
Reference in a new issue View git blame Copy permalink