homelab
/
config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
73 Commits
1 Branch
0 Tags
220 KiB
Nix 100%
 
Go to file
kalle d779caea87 Cleanup 2025-02-14 21:41:31 +01:00
hosts Add postgres role 2025-02-12 01:02:15 +01:00
roles Cleanup 2025-02-14 21:41:31 +01:00
secrets Add postgres role 2025-02-12 01:02:15 +01:00
systems Cleanup old stuff 2025-02-05 20:10:24 +01:00
.gitignore This should fix it I hope 2024-12-26 20:48:00 +01:00
.sops.yaml Add PC secret keys 2025-02-06 18:54:24 +01:00
README.md Update README 2025-02-11 01:04:40 +01:00
authorized_keys Add PC to authorized keys 2025-02-03 16:58:21 +01:00
config.nix Add non managed hosts 2025-02-05 16:27:50 +01:00
example_secrets.yaml Add postgres role 2025-02-12 01:02:15 +01:00
flake.lock Add sops-nix 2024-12-26 19:41:49 +01:00
flake.nix Add postgres role 2025-02-12 01:02:15 +01:00
hosts.nix Add non managed hosts 2025-02-05 16:27:50 +01:00
utils.nix Add non managed hosts 2025-02-05 16:27:50 +01:00

README.md

Home lab configuration

The nix based configuration for my home lab.

Deploying a new VM

  1. Create a clone of the template VM in proxmox.
  2. Change cloud-init config of the clone to contain the new IP address.
  3. Create the configuration file in the hosts/ folder.
  4. Make sure the IPs match between the configuration file and the cloud-init config.
  5. Create a secrets file with sops edit secrets/HOSTNAME.yml and put all required secrets in there.
  6. Commit changes to git.
  7. Start the VM.
  8. Deploy the configuration with colmena apply HOSTNAME.
  9. (Optional) If the VM requires an update to traefik run colmena apply to update all hosts.

Updating packages

  1. Run nix flake update.
  2. Commit the changes to git.
  3. Run colmena apply.

File Organization

- hosts/        # Host definitions files
- roles/        # Role definition files
- secrets/      # Encrypted secrets for each host
- systems/base/ # Base system configuration shared by all hosts

- confgi.nix    # Global configuration options

Roles

Traefik

HTTP reverse proxy.

Authentik

SSO for almost everything running.

TODO:

  • Docker/podman images are currently not persisted, maybe they should be.

Services

For sure:

  • Forgejo: Git server
  • FreshRSS: RSS server/reader
  • Gramps: Family tree
  • hoarder: Bookmark manager
  • immich: Fotos
  • Jellyfin: Watching media files
  • Nextcloud: Files, contacts, calendar, etc
  • Pterodactyl panel: Game servers
  • Pterodactyl wings: Backend daemon for game servers
  • Vaultwarden: Password manager

Needs to run over VPN:

  • Prowlarr:
  • Radarr:
  • Lidarr:
  • Sonarr:
  • Transmission: Torrent clients (Different client maybe?)

Websites: Might want to look at using something to host these + other self hosted projects like coolify on its own machine

  • kallestruik.nl
  • dchat.kallestruik.nl
  • dconfig.kallestruik.nl
  • shs.khs.li
  • shs-gc.khs.li

Maybe:

  • Hedgedoc: Shared markdown note editing
  • Linkwarden: Shared link collections
  • Mastodon: Federated social media
  • Matrix: Federated chat
  • Paperless: Document storage
  • Stirling PDF: PDF tools

Monitoring: Currently grafana for dashboard with other things supplying data into it. Might want to look at some options before using it again.

Bastion:

  • VPN
  • SSH jumphost to the rest of the network

Unmanaged hosts

These need to have traefik configs created for them without being managed by the config.

  • Bluesky PDS
  • Home Assistant