mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-10 07:16:57 +07:00
Modern self-hosting framework, fully automated from empty disk to operating services with a single command.
ansibleargocddevopsdockerfedoragitopshelmhomelabk3sk8s-at-homekubernetesnetbootpxeself-hostingterraform
apps | ||
docs | ||
infra | ||
metal | ||
.gitignore | ||
LICENSE | ||
Makefile | ||
README.md |
Homelab
! WORK IN PROGRESS
Hardware
- 4 nodes of NEC SFF PC (Japanese version of the ThinkCentre M700)
- CPU: Intel Core i5-6600T
- RAM: 16GB
- SSD: 128GB
- TP-Link TL-SG108 switch
Architecture
Layer | Name | Description | Provisioner |
---|---|---|---|
0 | metal | Bare metal OS installation, LXD, Terraform state backend,... | Ansible, PXE server |
1 | infra | Kubernetes clusters, shared apps (Git, Vault, Argo...) | Terraform, Helm |
2 | apps | Argo |
Usage
Prerequisite
For the controller (to run Ansible, stateless PXE server, Terraform...):
- SSH keys in
~/.ssh/{id_rsa,id_rsa.pub}
- Docker with
host
networking driver (which means only Docker on Linux hosts)
For bare metal nodes:
- PXE IPv4 enabled
- Wake-on-LAN enabled
- Secure boot disabled (optional, depending on the OS)
Configurations
- Bare metal nodes settings (IP, MAC...)
- OS settings (PXE, network...)
Building
Open the tools container:
make
Then build each layer:
make metal
make infra
make apps
Roadmap
Released
None
Next
- First alpha:
- Bare metal provisioning with PXE
- LXD cluster
- Terraform state backend (etcd)
- Container registry (just pull through cache for faster cluster build time)
- RKE cluster
- Core services (Vault, Gitea, DroneCI, ArgoCD,...)
- Access the lab from the internet via VPN
- Public services to the internet (via port forwarding or Cloudflare Tunnel)
- First beta:
- Easy initial controller setup (with only Docker or Vagrant)
- Fast metal image preparation
- Mount metal image without
sudo
(7zip?) - Automated metal secrets generation and management
- Automated
./infra
authentication from./metal
(Terraform backend and provider) - Metal node automatic patching
- Seperate network
- VPN (Wireguard)
- Local DNS (PiHole?)
- Jump box (or HashiCorp Boundary?)
- Habor (private container registry for new applications)
- Self managed infrastucture
- Mirror all git repositories from GitHub automatically (with git hook for faster sync?)
- Monitoring and alerting
- Addition services (NextCloud, PeerTube, mailcow, Mattermost/Rocket Chat,...)
- Dashboard for services
- SSO
- Backup solution (3 copies, 2 seperate devices, 1 offsite)
- Automatic release
- Stable
1.0
:- 100% automated (including backups and secrets management, double check with a full rebuild)
- Cross platform inital controller support (Linux, macOS, Windows)
- HA for everything
- Backup encrytion
- Secure by default
- DRY (or rule of three)
- Complete documentation and architecture diagram (automated update if possible)
- Walkthrough building tutorial and feature demo
- Stable
1.1
:- Addition services
- TBD
- Backlog:
- Automated testing
- Security review/audit
- Migrate to RKE2 (new Terraform provider for RKE2 is not release yet)