khuedoan-homelab/README.md

Homelab

! WORK IN PROGRESS

Hardware

• 4 nodes of NEC SFF PC (Japanese version of the ThinkCentre M700)
  • CPU: Intel Core i5-6600T
  • RAM: 16GB
  • SSD: 128GB
• TP-Link TL-SG108 switch

Architecture

Layer	Name	Description	Provisioner
0	metal	Bare metal OS installation, LXD, Terraform state backend,...	Ansible, PXE server
1	infra	Kubernetes clusters, shared apps (Git, Vault, Argo...)	Terraform, Helm
2	apps		Argo

Usage

Prerequisite

For the controller (to run Ansible, stateless PXE server, Terraform...):

• SSH keys in ~/.ssh/{id_rsa,id_rsa.pub}
• Docker with host networking driver (which means only Docker on Linux hosts)

For bare metal nodes:

• PXE IPv4 enabled
• Wake-on-LAN enabled
• Secure boot disabled (optional, depending on the OS)

Configurations

• Bare metal nodes settings (IP, MAC...)
• OS settings (PXE, network...)

Building

Open the tools container:

make

Then build each layer:

make metal
make infra
make apps

Release notes

None

Roadmap

• 0.0.1-alpha:
  • Bare metal provisioning with PXE
  • LXD cluster
  • Terraform state backend (etcd)
  • RKE cluster
  • Core services (Vault, Gitea, DroneCI, ArgoCD,...)
  • Public services to the internet (via port forwarding or Cloudflare Tunnel)
• 0.0.2-alpha:
  • VPN (Wireguard)
  • Access the lab from the internet via VPN
  • Container registry (just pull through cache for faster cluster build time)
• 0.1.0-beta:
  • Easy initial controller setup (with only Docker or Vagrant)
  • Fast metal image preparation
  • Mount metal image without sudo (7zip?)
  • Automated metal secrets generation and management
  • Automated ./infra authentication from ./metal (Terraform backend and provider)
  • Metal node automatic patching
  • Seperate network
  • Local DNS (PiHole?)
  • Jump box (or HashiCorp Boundary?)
  • Habor (private container registry for new applications)
  • Self managed infrastucture
  • Mirror all git repositories from GitHub automatically (with git hook for faster sync?)
  • Monitoring and alerting
  • Addition services (NextCloud, PeerTube, mailcow, Mattermost/Rocket Chat,...)
  • Dashboard for services
  • SSO
  • Backup solution (3 copies, 2 seperate devices, 1 offsite)
  • Automatic release
• 1.0.0:
  • 100% automated (including backups and secrets management, double check with a full rebuild)
  • Cross platform inital controller support (Linux, macOS, Windows)
  • HA for everything
  • Backup encrytion
  • Secure by default
  • DRY (or rule of three)
  • Complete documentation and architecture diagram (automated update if possible)
  • Walkthrough building tutorial and feature demo
• 1.0.1:
  • Bug fixes (TBD)
• 1.1.0:
  • Addition services (TBD)
• Backlog:
  • Automated testing
  • Security review/audit
  • Migrate to RKE2 (new Terraform provider for RKE2 is not release yet)

You can also checkout the TODO list.

Acknowledgments

• Fix nf_conntrack hash size fix for Kubernetes on LXD
• Humble project
• Kubernetes on LXD issue with BTRFS
• LXD container profile for Kubernetes
• Make LXD containers get IP addresses from LAN
• Minio Ansible role
• Some device mount for Kubernetes on LXD