mirror of https://github.com/khuedoan/homelab.git synced 2025-01-19 08:48:05 +07:00

Khue Doan 1405fadf1a refactor(docs): apply the Diátaxis framework

Squashed commit of the following:

commit 257867f196376df55fa0f57edbdf33967b1da04e
Author: Khue Doan <mail@khuedoan.com>
Date:   Sun Sep 18 16:45:42 2022 +0700

    refactor(docs): apply the Diátaxis framework

2022-09-19 02:40:07 +07:00

4.7 KiB

Raw Blame History

External resources

!!! info

These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup

Although I try to keep the amount of external resources to the minimum, there's still need for a few of them. Below is a list of external resources and why we need them (also see some alternatives below).

Provider	Resource	Purpose
Terraform Cloud	Workspace	Terraform state backend
Cloudflare	DNS	DNS and DNS-01 challenge for certificates
Cloudflare	Tunnel	Public services to the internet without port forwarding
ZeroTier	Virtual network	Use as VPN to access home network from anywhere (with UDP hole punching)

Create credentials

You'll be asked to provide these credentials on first build.

Create Terraform workspace

Terraform is stateful, which means it needs somewhere to store its state. Terraform Cloud is one option for a state backend with a generous free tier, perfect for a homelab.

Sign up for a Terraform Cloud account
Create a workspace named homelab-external, this is the workspace where your homelab state will be stored.
Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the terraform plan rather than the cloud runners.

If you decide to use a different Terraform backend, you'll need to edit the external/versions.tf file as required.

Cloudflare

Buy a domain and transfer it to Cloudflare if you haven't already
Get Cloudflare email and account ID
Global API key: https://dash.cloudflare.com/profile/api-tokens

ZeroTier

Create a ZeroTier account https://my.zerotier.com
Generate a new API Token at https://my.zerotier.com/account

Alternatives

To avoid vendor lock-in, each external provider must have an equivalent alternative that is easy to replace:

Terraform Cloud:
- Any other Terraform backends
Cloudflare DNS:
- Update cert-manager and external-dns to use a different provider
- Alternate DNS setup
Cloudflare Tunnel:
- Use port forwarding if it's available
- Create a small VPS in the cloud and utilize Wireguard and HAProxy to route traffic via it
- Access everything via VPN
- See also awesome tunneling
ZeroTier virtual network:
- Host your own ZeroTier
- Tailscale (closed source, but you can use Headscale to host your own Tailscale control server)
- Netmaker (there's no hosted version, you'll need to host your own server)
- Wireguard server (requires port forwarding)

4.7 KiB Raw Blame History