mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-13 00:04:46 +07:00
2cd8a249b6
- Tailscale UX is better, and the Headscale control server is also easier to self-host than ZeroTier (although Headscale is not the official control server, the author now works at Tailscale) - Wireguard is also added as an alternative to avoid relying on a third-party service, however it requires port-forwarding
4.5 KiB
4.5 KiB
External resources
!!! info
These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup
Although I try to keep the amount of external resources to the minimum, there's still need for a few of them. Below is a list of external resources and why we need them (also see some alternatives below).
Provider | Resource | Purpose |
---|---|---|
Terraform Cloud | Workspace | Terraform state backend |
Cloudflare | DNS | DNS and DNS-01 challenge for certificates |
Cloudflare | Tunnel | Public services to the internet without port forwarding |
ntfy | Topic | External notification service to receive alerts |
Create credentials
You'll be asked to provide these credentials on first build.
Create Terraform workspace
Terraform is stateful, which means it needs somewhere to store its state. Terraform Cloud is one option for a state backend with a generous free tier, perfect for a homelab.
- Sign up for a Terraform Cloud account
- Create a workspace named
homelab-external
, this is the workspace where your homelab state will be stored. - Change the "Execution Mode" from "Remote" to "Local". This will ensure your local machine, which can access your lab, is the one executing the terraform plan rather than the cloud runners.
If you decide to use a different Terraform backend, you'll need to edit the external/versions.tf
file as required.
Cloudflare
- Buy a domain and transfer it to Cloudflare if you haven't already
- Get Cloudflare email and account ID
- Global API key: https://dash.cloudflare.com/profile/api-tokens
ntfy
- Choose a topic name like https://ntfy.sh/random_topic_name_here_a8sd7fkjxlkcjasdw33813 (treat it like you password)
Alternatives
To avoid vendor lock-in, each external provider must have an equivalent alternative that is easy to replace:
- Terraform Cloud:
- Any other Terraform backends
- Cloudflare DNS:
- Update cert-manager and external-dns to use a different provider
- Alternate DNS setup
- Cloudflare Tunnel:
- Use port forwarding if it's available
- Create a small VPS in the cloud and utilize Wireguard to route traffic via it
- Access everything via VPN
- See also awesome tunneling
- ntfy: