services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

remove orange

Browse Source
This commit is contained in:
Reese Wells
2024-06-25 14:22:54 -04:00
parent 4e51d263fb
commit d1afa569cc
14 changed files with 60 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@@ -10,7 +10,7 @@ A project to store homelab stuff.
- [Reverse Proxy](#reverse-proxy)
- [Service Mesh](#service-mesh)
- [Data Storage](#data-storage)
- [Order of Operations](#order-of-operations)
- [Adding a new host](#adding-a-new-host)
- [Components](#components)
- [CoreDNS](#coredns)
- [Metal LB](#metal-lb)
@@ -76,12 +76,21 @@ to the wireguard-assigned IP addresses.
All servers will use ISCSI.
## Order of Operations
## Adding a new host
1. Establish DNS records (`dns/`, `aws/`, `ddns/`)
2. Create reverse proxy(s) (`nginx/`)
3. Create service mesh (`mesh/`)
4. Install services
1. Set static IP in Unifi
2. Add to .ssh/config
3. Add to ansible inventory (`ansible/`)
4. Establish DNS records (`dns/`)
1. Both `-wg` records and `reeselink` records
5. Create reverse proxy(s) (`nginx/`)
1. (If removing) Delete any unused certs with `certbot delete`
2. Run the ansible certbot and nginx role
6. Create service mesh (`mesh/`)
1. Make sure to edit both `peers` and `ip` in `vars.yaml`
2. If you need to delete unused peers, add them to the `peers.yaml` delete job
7. Install services
8. Set up port forwarding in Unifi if applicable
## Components

16
ansible/inventory.yaml
View File

@@ -9,20 +9,10 @@ kubernetes:
colors:
hosts:
orange:
yellow:
nextcloud-aio:
unifi-external:
hardware:
hosts:
gamebox:
hass:
hosts:
homeassistant:
truenas:
hosts:
driveripper:
gamebox:
homeassistant:
driveripper:

104
dns/duconet-wg.txt
View File

@@ -1,104 +0,0 @@
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "yellow-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::1"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "orange-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::2"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "node1-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::3"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "node2-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::4"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "node3-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::5"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "driveripper-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::6"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "unifi-external-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::7"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "nextcloud-aio-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::8"
}
]
}
},

2
dns/ipv4.txt
View File

@@ -4,8 +4,6 @@ driveripper.reeselink.com
10.1.2.10
yellow.reeselink.com
10.1.203.197
orange.reeselink.com
10.1.200.253
node1.reeselink.com
10.1.2.13
node2.reeselink.com

4
dns/ipv6.txt
View File

@@ -4,8 +4,6 @@ driveripper.reeselink.com
2600:1700:1e6c:a81f:94bb:b8ff:fe9f:1c63
yellow.reeselink.com
2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4
orange.reeselink.com
2600:1700:1e6c:a81f:153e:9c35:8ff3:fa3
node1.reeselink.com
2600:1700:1e6c:a81f:2a0:98ff:fe6c:eca7
node2.reeselink.com
@@ -22,8 +20,6 @@ e3s1plus.reeselink.com
2600:1700:1e6c:a81f:19a4:37de:9672:1f76
yellow-wg.reeselink.com
fd00:fd41:d0f1:1010::1
orange-wg.reeselink.com
fd00:fd41:d0f1:1010::2
node1-wg.reeselink.com
fd00:fd41:d0f1:1010::3
node2-wg.reeselink.com

3
dns/reeseapps.json
View File

@@ -10,9 +10,6 @@
"ResourceRecords": [
{
"Value": "2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4"
},
{
"Value": "2600:1700:1e6c:a81f:153e:9c35:8ff3:fa3"
}
]
}

39
dns/reeselink.json
View File

@@ -79,32 +79,6 @@
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "orange.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "2600:1700:1e6c:a81f:153e:9c35:8ff3:fa3"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "orange.reeselink.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": "10.1.200.253"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
@@ -313,19 +287,6 @@
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "orange-wg.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "fd00:fd41:d0f1:1010::2"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {

22
k3s/orange_yellow.md
View File

@@ -1,22 +0,0 @@
# Orange and Yellow Servers
## Services
1. Both servers run all quadlets in `podman/`
2. Both servers run the same nginx config in `nginx/`
## VMs
1. Orange runs unifi-external
2. Yellow runs nextcloud-aio
## Pihole
- Orange is ad-blocking
- Yellow is caching
## Load Balancing
- Orange handles all traffic from outside the network
- Yellow handles all internal traffic
- Both are capable of handling all traffic, port forwarding rule determines which is up

6
mesh/README.md
View File

@@ -7,9 +7,9 @@
## Ansible
```bash
ansible-playbook -i ansible/inventory.yaml wireguard/keys.yaml
ansible-playbook -i ansible/inventory.yaml wireguard/wireguard.yaml
ansible-playbook -i ansible/inventory.yaml wireguard/peers.yaml
ansible-playbook -i ansible/inventory.yaml mesh/keys.yaml
ansible-playbook -i ansible/inventory.yaml mesh/interface.yaml
ansible-playbook -i ansible/inventory.yaml mesh/peers.yaml
```
## DNS Records

4
mesh/peers.yaml
View File

@@ -11,6 +11,10 @@
vars_files:
- vars.yaml
tasks:
- name: delete unused peers
shell: wg set duconet-wg peer {{ item }} remove
loop:
- "CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0="
- name: wg set peers
shell: >
wg set duconet-wg

6
mesh/vars.yaml
View File

@@ -6,9 +6,6 @@ peers:
- name: yellow
public_key: kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw=
endpoint: yellow.reeselink.com:51821
- name: orange
public_key: CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0=
endpoint: orange.reeselink.com:51821
- name: node1
public_key: 1K3CszRSSnUSWpgL7q57+LTgOEbIt8TonSK1gV/JnXE=
endpoint: node1.reeselink.com:51821
@@ -31,9 +28,6 @@ ip:
yellow:
address: fd00:fd41:d0f1:1010::1
hostname: yellow
orange:
address: fd00:fd41:d0f1:1010::2
hostname: orange
node1:
address: fd00:fd41:d0f1:1010::3
hostname: node1

20
nginx/vars.yaml
View File

@@ -57,16 +57,6 @@ http:
port: 9090
protocol: https
- external:
domain: orange
restricted: true
extra_http_ports: []
extra_https_ports: []
internal:
ip: "10.1.200.253"
port: 9090
protocol: https
- external:
domain: node1
restricted: true
@@ -142,16 +132,6 @@ http:
port: 8081
protocol: http
- external:
domain: pihole-orange
restricted: true
extra_http_ports: []
extra_https_ports: []
internal:
ip: "10.1.200.253"
port: 8081
protocol: http
- external:
domain: attmodem
restricted: true

6
podman/README.md
View File

@@ -7,7 +7,7 @@
- [pihole](#pihole)
- [Cloudflared](#cloudflared)
- [WG Easy (Deprecated - use Unifi)](#wg-easy-deprecated---use-unifi)
- [Update yellow/orange](#update-yelloworange)
- [Update yellow quadlets](#update-yellow-quadlets)
## Notes
@@ -87,6 +87,8 @@ podman run \
### WG Easy (Deprecated - use Unifi)
PASSWORD and PASSWORD_HASH env vars didn't work.
<https://github.com/wg-easy/wg-easy>
Note, to create PASSWORD_HASH run:
@@ -121,7 +123,7 @@ podman run \
ghcr.io/wg-easy/wg-easy:nightly
```
## Update yellow/orange
## Update yellow quadlets
```bash
ansible-playbook -i ./ansible/inventory.yaml podman/update-quadlets.yaml

31
shell/README.md Normal file
View File

@@ -0,0 +1,31 @@
# Shell
## ZSH
```bash
# Install git before running
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
```
Available prompt colors are red, blue, green, cyan, yellow, magenta, black, & white.
~/.zshrc
```bash
cat << EOF > ~/.zshrc
export ZSH="\$HOME/.oh-my-zsh"
plugins=(git)
source \$ZSH/oh-my-zsh.sh
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
autoload -Uz promptinit
promptinit
prompt fade
EOF
```
```bash
chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra
```