mirror of https://github.com/khuedoan/homelab.git synced 2024-12-22 20:44:33 +07:00

History

Khue Doan 5dc905be86 docs: update external resources instruction		2022-06-04 14:25:55 +07:00
..
modules/cloudflare	chore(deps): update all non-major dependencies helm releases	2022-03-23 15:07:13 +00:00
.gitignore	fix(external): fix wrong provider name for B2	2021-12-09 01:23:04 +07:00
main.tf	refactor(external)!: use separate modules for each provider	2022-03-14 23:21:28 +07:00
Makefile	build: set kubeconfig from global Makefile	2022-05-14 20:06:57 +07:00
namespaces.yml	feat(external): inject Backblaze secrets to k8up namespace	2021-12-25 20:18:45 +07:00
README.md	docs: update external resources instruction	2022-06-04 14:25:55 +07:00
terraform.tfvars.j2	refactor(external): remove Backblaze B2	2022-03-14 23:07:59 +07:00
tfvars.yml	refactor(external): remove Backblaze B2	2022-03-14 23:07:59 +07:00
variables.tf	refactor(external): remove Backblaze B2	2022-03-14 23:07:59 +07:00
versions.tf	chore(deps): update all non-major dependencies helm releases	2022-03-23 15:07:13 +00:00

README.md

External resources

WIP documents

These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup

Although I try to keep the amount of external resources to the minimum, there's still need for a few of them. Below is a list of external resources and why we need them (also see some alternatives below).

Terraform Cloud:
- Workspace to store the state for external resources
Cloudflare:
- DNS
- DNS-01 challenge for Let's Encrypt
- Tunnel to public services to the internet without port-forwarding
Minio:
- S3 compatible storage for onsite backup
AWS:
- S3 Glacier for offsite backup

This layer will:

Create external resources
Add external secrets to namespaces

Prerequisites

Create Terraform workspace

Terraform is stateful, which means it needs somewhere to store its state. Terraform Cloud is one option for a state backend with a generous free tier, perfect for a homelab.

Sign up for a Terraform Cloud account
Create a workspace named homelab-external, this is the workspace where your homelab state will be stored.
Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the terraform plan rather than the cloud runners.

If you decide to use a different Terraform backend, you'll need to edit the external/versions.tf file as required.

Cloudflare

Buy a domain and transfer it to Cloudflare if you haven't already
Get Cloudflare email and account ID
Global API key: https://dash.cloudflare.com/profile/api-tokens

Create Minio keys

TODO: skip this for now

Create AWS API key

TODO: skip this for now

Deploy

Apply Terraform (you will be prompted to log in to Terraform Cloud and enter API keys from the previous steps):

# From the project root
make external

Alternatives

Terraform Cloud: any other Terraform backends
Cloudflare Tunnel: you can create a small VPS in the cloud and utilize Wireguard and HAProxy to route traffic via it, or just use simple port-forwarding if it's available (see also awesome tunneling)
Minio and S3 Glacier: any S3 compatible object storage, such as Backblaze B2, Minio...