+
Skip to content

bwees/homelab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

283 Commits
.github/workflows
.github/workflows
 
 
ansible
ansible
 
 
compose
compose
 
 
configs
configs
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
justfile
justfile
 
 
renovate.json
renovate.json
 
 

Repository files navigation

Homelab

This repository houses the infrastructure configuration files (docker-compose) for my homelab as well as deployment playbooks (ansible). Configuration files for individual apps (ie container persistent storage) are not housed in this repository. All compute machines (excluding appliance devices like NAS and Homelab Router) run on Ubuntu 24.04 and use Docker for application deployment.

Hosts

  • Lab (homelab-bwees)
    • This is my main homelab machine that self-hosts the majority of my applications.
  • Home (homelab-home)
    • This machine stays at my parent's house and provides Home Assistant, Jellyfin, and a few other services.
  • Linode (homelab-linode)
    • This is a Linode VPS (1 CPU, 1GB RAM) that provides a Tailscale Exit Node for the media stack and hosts some mission critical services.
  • NAS (bwees-nas)
    • This is my main TrueNAS SCALE server. This repo manages the docker containers that run via SCALE's app system.
    • Credentials are handled via Jinja2 templating instead of env variables since SCALE does not support docker-compose deployment.
  • Homelab Router (homelab-router)
    • This is a Unifi Express 7. Under the hood it runs debian and thus can be controlled quite easily with Ansible.

Tailscale

Tailscale is used for all private networking. The Ansible host inventory uses Tailscale for all communication in playbooks.

I have 2 domains that are routed over Tailscale (using custom split DNS servers):

  • *.bwees.lab - Personal Services
  • *.bwees.home - Family Services

These internal domains' DNS are served by 2 Bind DNS servers. One on homelab-linode, and one on homelab-home. They are configured in configs/dns/<host> and dynamically updated with just dns

Cloudflare Tunnels

Cloudflare tunnels is used to route any services that need to be publicly accessible on my domain. This simplifies a lot of firewall configuration and is rarely used since most traffic is routed through Tailscale.

Ansible

This year I decided to try and automate some of the tasks in my lab with Ansible. Ansible currently handles the following operations:

  • Deployment of Docker-compose files and related secrets to each machine
  • Secret Management
  • Installation of Beszel Agent
  • Updating Tailscale
  • DNS Configuration Deployment

Secret Management

Secrets are stored in 1Password, with their 1Password URIs configured in ansible/secrets.yml. Secrets are injected into the YAML with 1Password CLI, loaded into Ansible as a resource, and rendered out to individual env files for each host.

About

Configuration files for my homelab

Topics

ansible self-hosted homelab

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载