services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2015e2c718874a60c839aa0b7c9360fb2ab1181
homelab/stories/docs/10-fedora_server_admin.md
ducoterra f2015e2c71
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 1m3s
Details
checkpoint commit
2026-05-05 06:26:40 -04:00

93 lines
4.1 KiB
Markdown
Raw Blame History

# I want to build the perfect homelab server
Date Written: 02/11/26
Fedora Version: 43
## Intro
And it will run Fedora. Backstory: I ran Truenas for a long time. I started with
Freenas, got confused by jails, switched to this new thing called Truenas,
learned about ZFS, watched "Apps" come into existence, watched Kubernetes
support rise and fall, watched the disaster that was Incus container/VM support
and the subsequent "rollback" to traditional VMs, and got really tired of lack
of control.
App backup and restore was never, and still isn't, well supported. Taking
snapshots of your apps pool and then sending those snapshots to a backup drive
un-hid the ix-systems directory (which would frequently have thousands of
snapshots due to Truenas's liberal use of subvolumes and would slow down the UI
immensely). App data was intentionally hidden from the user for some reason.
Migrating between Docker, then kubernetes, then Incus was never fully planned.
The Truenas Charts app market was awesome, but building a Truenas Chart was
complex and required duplicating all `values.yaml` configurable parameters into
a new yaml file that the UI could use for form-fill. They got rid of Truenas
Charts regardless so you just have to hope that your favorite app supporter is
comfortable rewriting their app in the new format and supporting some kind of
migration strategy. Every six months I would expect some kind of downtime
because Truenas would change something critical and it would inevitably impact
my workflow.
So, if I'm going to be subject to the whims of a changing platform anyway (given
Truenas is supposed to be based on Debian, aka the *stable* choice), and if I'm
going to suffer breaking changes every 6 months no matter what I choose, then I
may as well have the latest and greatest via a rolling kernel distro.
So why not Arch? Simply: SELinux. SELinux is currently not officially supported
in Arch linux. Plus Fedora Server comes with a lot built in that I like.
Cockpit, Firewalld, Podman, SELinux, OSBuild, and RPM support all work out of
the box. These are, imo, the "bare bones" requirements for a server exposed to
the internet that will run homelab services.
So let's get started configuring an awesome Fedora server to keep your data safe
and run your Homelab services with minimal downtime.
## Installation
When installing Fedora from the ISO, take some time at the installation menu to
configure some basics.
Don't worry about RAID for now, we can convert a single disk into a RAID 1 array
later.
If you don't have an SSH key already, generate one for yourself so you can log into the server. On your local machine:
```bash
# Generate the key
# Save it to the default location (~/.ssh/id_ed25519)
# Please please please encrypt it with a password. Something memorable. Write it down. Friends don't let friends have naked SSH keys.
ssh-keygen -t ed25519
```
1. Configure the network
1. Set a hostname
2. Disable ipv6 privacy extensions
2. Configure software selection
1. Choose anything you'd like preinstalled
3. Create a non-root user
1. Set a simple password for easy login, we'll change it later
4. Configure your disk partitioning
1. Select manual (blivet) partitioning
2. Create a 1GB EFI system partition and mount it at `/boot/efi`
3. Create a 1GB btrfs partition and mount it at `/boot`
4. Create an encrypted btrfs volume with the remaining data and name it something unique, do not mount it
5. Create a btrfs subvolume called "root" and mount it at `/`
6. Create a btrfs subvolume called "home" and mount it at `/home`
7. Create any other btrfs subvolumes you might need (`/var`, for example)
5. Take note of the ipv4 and ipv6 address. Update any DNS records at this time.
6. Install and reboot
## Configuration
Once your server boots up we'll follow a basic playbook:
1. Change your password
2. Configure automatic decryption for your encrypted drives at boot with TPM2
3. Configure the package manager and apply updates
4. Secure SSH with Fail2Ban
5. Install Snapper for automatic snapshots to prevent accidental file deletion
6. Install BorgBackup for automatic backups
7. Install VM support
8. Build some images
9. Run some VMs
Reference in New Issue View Git Blame Copy Permalink