mirror of https://github.com/khuedoan/homelab.git synced 2024-12-23 01:04:32 +07:00

Modern self-hosting framework, fully automated from empty disk to operating services with a single command.

ansible argocd devops docker fedora gitops helm homelab k3s k8s-at-home kubernetes netboot pxe self-hosting terraform

Go to file

Khue Doan b7aabba637 Add roadmap		2021-04-19 21:41:25 +07:00
apps	Clean up	2021-02-08 08:52:53 +07:00
infra	Fix incorrect IP after first apply	2021-04-19 02:02:48 +07:00
metal	Add missing lib for Ansible	2021-04-18 22:20:12 +07:00
.gitignore	Remove test environent	2021-04-18 23:53:19 +07:00
LICENSE	Create LICENSE	2021-02-12 21:29:21 +07:00
Makefile	Rename tools container and add Makefile	2021-03-11 01:43:34 +07:00
README.md	Add roadmap	2021-04-19 21:41:25 +07:00

README.md

Homelab

! WORK IN PROGRESS

Hardware

4 nodes of NEC SFF PC (Japanese version of the ThinkCentre M700)
- CPU: Intel Core i5-6600T
- RAM: 16GB
- SSD: 128GB
TP-Link TL-SG108 switch

Architecture

Layer	Name	Description	Provisioner
0	metal	Bare metal OS installation, LXD, Terraform state backend,...	Ansible, PXE server
1	infra	Kubernetes clusters, shared apps (Git, Vault, Argo...)	Terraform, Helm
2	apps		Argo

Usage

Prerequisite

For the controller (to run Ansible, stateless PXE server, Terraform...):

SSH keys in ~/.ssh/{id_rsa,id_rsa.pub}
Docker with host networking driver (which means only Docker on Linux hosts)

For bare metal nodes:

PXE IPv4 enabled
Wake-on-LAN enabled
Secure boot disabled (optional, depending on the OS)

Configurations

Bare metal nodes settings (IP, MAC...)
OS settings (PXE, network...)

Building

Open the tools container:

make

Then build each layer:

make metal
make infra
make apps

Roadmap

Released

None

First alpha:
- Bare metal provisioning with PXE
- LXD cluster
- Terraform state backend (etcd)
- Container registry (just pull through cache for faster cluster build time)
- RKE cluster
- Core services (Vault, Gitea, DroneCI, ArgoCD,...)
- Access the lab from the internet via VPN
- Public services to the internet (via port forwarding or Cloudflare Tunnel)
First beta:
- Easy initial controller setup (with only Docker or Vagrant)
- Fast metal image preparation
- Mount metal image without sudo (7zip?)
- Automated metal secrets generation and management
- Automated ./infra authentication from ./metal (Terraform backend and provider)
- Metal node automatic patching
- Seperate network
- VPN (Wireguard)
- Local DNS (PiHole?)
- Jump box (or HashiCorp Boundary?)
- Habor (private container registry for new applications)
- Self managed infrastucture
- Mirror all git repositories from GitHub automatically (with git hook for faster sync?)
- Monitoring and alerting
- Addition services (NextCloud, PeerTube, mailcow, Mattermost/Rocket Chat,...)
- Dashboard for services
- SSO
- Backup solution (3 copies, 2 seperate devices, 1 offsite)
- Automatic release
Stable 1.0:
- 100% automated (including backups and secrets management, double check with a full rebuild)
- Cross platform inital controller support (Linux, macOS, Windows)
- HA for everything
- Backup encrytion
- Secure by default
- DRY (or rule of three)
- Complete documentation and architecture diagram (automated update if possible)
- Walkthrough building tutorial and feature demo
Stable 1.1:
- Addition services
- TBD
Backlog:
- Automated testing
- Security review/audit
- Migrate to RKE2 (new Terraform provider for RKE2 is not release yet)