7.0 KiB
Homelab
A project to store homelab stuff.
Just here for the Arch distoolbox?
Table of Contents
Fun Facts
Keyboard Shortcuts
On linux, ctrl+shift+u, then, while holding ctrl+shift, typing b+0 will type a ° (degree) symbol. Also you can enter any unicode symbol this way.
In vim: esc + o will take you to the end of a file and insert a new line.
SSH Setup
export REMOTE_USER=${USER}
export REMOTE_HOST=something.com
export REMOTE_PORT=22
# The following is generated by the above variables. No tweaks necessary.
export KEY_NAME=~/.ssh/id_${REMOTE_USER}_${REMOTE_HOST}
export KEY_COMMENT="${USER}@${HOSTNAME}:${REMOTE_USER}@${REMOTE_HOST}"
# Pick one of the below key types
# ed25519
ssh-keygen -C ${KEY_COMMENT} -f ${KEY_NAME} -t ed25519
# rsa 4096
ssh-keygen -C ${KEY_COMMENT} -f ${KEY_NAME} -t rsa -b 4096
cat <<EOF >> ~/.ssh/config
Host ${REMOTE_HOST}
Hostname ${REMOTE_HOST}
IdentityFile ${KEY_NAME}
User ${REMOTE_USER}
Port ${REMOTE_PORT}
EOF
# Copy the generated key to the server using password auth. Assumes password auth enabled.
ssh-copy-id -o PubkeyAuthentication=no -i ${KEY_NAME} ${REMOTE_USER}@${REMOTE_HOST}
# Log into the server with your key
ssh -i ${KEY_NAME} ${KEY_COMMENT}
# Copy authorized_keys to root
sudo cp ~/.ssh/authorized_keys /root/.ssh/authorized_keys
exit
# login and disable password auth
ssh ${REMOTE_HOST}
echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/01-prohibit-password.conf
systemctl restart sshd
# OPTIONAL: Disable sudo password
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/01-nopasswd-wheel
exit
# Test if you can SSH with a password
ssh -o PubkeyAuthentication=no ducoterra@${SSH_HOST}.reeselink.com
# Test that you can log into the server with ssh config
ssh $SSH_HOST
Important Dates and Times
| Time | Day | Description |
|---|---|---|
| 00:00 | All | Automated builds |
| 00:00 | All | NAS Snapshots |
| 02:00 | All | Backups |
| 04:00 | Saturday | Server Hardware Updates |
| 05:00 | Saturday | Server VM Updates |
| 05:00 | All | Unifi Protect Firmware Updates |
| 06:00 | All | Unifi Network Firmware Updates |
| 06:00 | Saturday | Truenas Disk Scrub |
Project Lifecycle
Projects will either be active or retired.
Active projects are being actively developed. They are in-use, stable, and production ready. Active projects should meet and track the active project requirements
Retired projects are no longer in use or recommended. They are kept for reference. Retired projects must meet the retirement requirements
You'll notice that most of the active projects have scripts or examples that
use the active path as part of their install process. When moved outside the
active directory their scripts and examples break. This is intentional. If
you want a retired project to work again, bring it back to the active
directory.
Project Types
All projects will be prefixed with one of the following categories:
device_os_cloud_systemd_podman_docker_kubernetes_
Note, some projects will be named with just the prefix. These are projects for
configuring the underlying technology. The podman project, for example, will
tell you how to configure and install podman so it works correctly.
device_ will prefix projects that relate to specific machines or equipment.
3D printers, Raspberry Pis, and other IOT devices qualify as specialized
hardware that needs documentation and configuration. This is not limited to
computer equipment. The furnace is an important part of the homelab. the Air
Conditioner is integral to the homelab's function. These projects will also be
documented.
os_ will contain projects that set up operating systems. These include best
practices, backups, updates, default software, etc.
cloud_ projects are for specific cloud providers. This will contain
documentation and errata for things like AWS IAM, Route53, etc. Note these will
be prefixed with the cloud's name, not the word "cloud". So AWS services will
be prefixed with aws_ and azure would be azure_. This should make them more
searchable.
systemd_ projects are designed to be installed with ansible and run via
systemd on a linux VM or other linux hardware.
podman_ projects are either designed to be run as quadlets or as podman
containers outright.
docker_ projects are either docker-compose or some form of docker run
command.
kubernetes_ projects are helm, kustomize, kubectl, or some other kubernetes
compliant deployment.
Active Project Requirements
- Installation is documented
- Installation configuration examples are provided
- Hardening guidelines are documented
- Upgrade procedures are documented
- Maintenance procedures are documented
- Uninstall procedures are documented
- Backup and restore procedures are documented and tested
Retirement Requirements
- A reason for retirement is documented
- If applicable, a replacement has been identified and documented
- If applicable, backup data locations are documented
Project Structure
All projects will have, at minimum.
- A README named
project-name.md - A directory called
secretswhich will be gitignored.
Creating a Project
Assuming your project name is my-project and it runs on podman
- Create a new directory called
podman_my-projectunder theactivedirectory - Copy the readme template:
cp project_readme_template.md active/podman_my-project/my-project.md - Populate
my-project.mdas you work through the install process - Create a directory called
secretsinpodman_my-project. This will be automatically gitignored. Put all secrets here. - Push the changes when you have a working product
Order of Operations
- Configure cloud providers. These usually have no dependencies and typically provide critical services to other projects (DNS, email notifications, etc.)
- Install infrastructure projects. Usually these only have dependencies on cloud services.
- Install systemd, kubernetes, docker, podman, and other services.