Ansible-Outlined Homelab

by Posted on

Overview

Spherical November of remaining year, I started a mission to wrangle my digital existence. Drained of haphazardly rising my subjectivity by trusting “free” web sites to supply various services, I wanted to wrest some decide an eye on over my web existence. I made a notion to self-host a whole lot of “severe” services on my dwelling community and take care of them for my fraction. In brief, I made a homelab.

To be frank, the first price web sites that I became beforehand dependent upon are positively more legitimate than my cobbled-together ardour mission of a homelab. Alternatively, on basic notion (and because it appeared cherish a enjoyable manner to learn some sysadmin / devops skills), I made this setup:

Homelab Network Diagram

As you can presumably also detect, I be pleased deployed just a few basic-cause compute platforms: 4 ESXi hypervisors, and a Kubernetes cluster. Moreover, there are a lot of VM-based mostly services: Nextcloud, Gitea, and Harbor. For records storage and backup, I take advantage of a Synology NAS. Sooner or later, a personalised OpenBSD-based mostly router affords web connectivity to every part. As a style to chop operational overhead, I crafted a collection of abode of Ansible scripts that deploy and configure all of these substances.

General, making this setup has been rather a hump. On this blog put up, I could list my uses for every of these services, fraction my thoughts and experiences to this point, and strive and relate my future development plans.

Motivation

After all, every part you detect above already exists as a carrier on the web. If my goal had been entirely the pinnacle characteristic set of abode, it can be pleased been notable more straightforward to pay for every carrier. In most instances, there are even “free” versions on hand. Shall we utter, if I handiest cared about having entry to an online-based mostly git repository UI, I could per chance per chance even be pleased signed up for a Github or Gitlab chronicle rather than pain constructing a Gitea VM on my dwelling community.

Alternatively, cherish most of my ardour projects, this endeavor became more referring to the hump than the plug design. By constructing these services on my dwelling community, I learned a bunch of priceless devops and sysadmin skills. Moreover, by running my be pleased services, I be pleased executed the philosophical goal of reducing my reliance on Third occasion services. Now, if any of the services that I rely on destroy, I’m empowered to repair them. I’m now no longer relying on the “opaque field” that is Google Power, for example.

Parts

So, with out additional ado, let’s dive into every of the substances that tag up my homelab. For every inform, I could list the foremost utility it affords me, why I selected it, and any extra commentary that would possibly be priceless.

Router

The foremost inform of my homelab is a personalised OpenBSD-based mostly router. It affords web connectivity and DHCP to every part on my dwelling community. Moreover, the tool serves as a caching DNS server and firewall. I could per chance per chance also write an total blog put up describing this router in excruciating inform. Truly, I already be pleased.

ESXi Hosts

In total, I take care of four physical ESXi hosts to form a platform for running digital machines on my community.

Three of the ESXi hosts are Intel NUCs (Machine76 Meerkats). These smaller machines speed the VMs that form my Kubernetes cluster.

The diversified ESXi host is a personalised machine built from spare parts. It for the time being runs three VM-based mostly HTTPS services: Nextcloud, Gitea, and Harbor. Because it handiest runs three (rather miniature) VMs, it has rather rather tons of spare compute energy leftover for future additions and/or non everlasting experiments.

I selected ESXi to speed my digital machines because or no longer it’s enterprise quality and free. There are rather tons of hypervisors available. For my recent use case, ESXi is supreme. Also, within the lengthy speed, I could per chance per chance also merely be pleased in thoughts rising my use of VMware merchandise by running vCenter to programmatically set of abode up digital machines, surroundings-up vSAN for shared storage, and potentially installing NSX if my networking requirements change into more refined. So, there’s room to grow.

Kubernetes Cluster

As neatly as to the VM-based mostly compute platform provided by ESXi, I speed Kubernetes to supply a container-based mostly compute platform. Though I discontinue no longer for the time being use my Kubernetes cluster for one thing, I be pleased plans to setup Argo CI/CD, experiment with kNative, get some operators, and presumably speed a factorio recreation server.

The Kubernetes cluster consists of 6 VMs running across 3 Intel NUCs. I selected to install Kubernetes on VMs with the ESXi hypervisor layer for ease of administration. Sooner or later, I’m definite to destroy things, want to reconfigure, and quite a bit of others. With the hypervisor, or no longer it’s more straightforward to compose these selection of adjustments. Moreover, one day within the lengthy speed, I could per chance per chance also merely switch to TKG, a vSphere-built-in distribution of Kubernetes.

Synology NAS

For backups and storing notable records, I take advantage of a Synology NAS. Though I did no longer if truth be told store around and compare NAS merchandise / vendors, I’m gratified with the Synology to this point. That being acknowledged, I would rating to get my be pleased NAS from scratch one day within the lengthy speed. Alternatively, the Synology product involves a whole lot of aspects “out-of-the-field” that might per chance per chance be potentially refined to replicate.

First, it has a straightforward-to-use application known as “Lively Backup for Replace” that can robotically take hang of backups of ESXi digital machines following configurable schedules and retention policies.

The VM backup application pairs effectively with the computerized cloud backup application, “Glacier Backup”. Each and every night, after the VMs are backed-up to the NAS, I replicate the backups to Amazon S3 Glacier. Confidently, this device I could per chance per chance also merely no longer ever lose records.

Sooner or later, the Synology has built-in UPS integration. If my UPS loses energy for greater than one minute, the NAS will cleanly shutdown, combating any records corruption that can be caused by an surprising energy loss.

Nextcloud VM

I take advantage of Nextcloud as my “deepest cloud”. I take advantage of it to store my notable files and photos. The desktop / mobile application synchronizes the files across all of my devices, allowing me to edit and stare my files from wherever.

Nextcloud also has the aptitude to install “apps” that supply extra functionality. On the second, I be pleased handiest installed one app, “Deck”. Deck is a Kanban-style mission administration and group tool. I take advantage of Deck to devise, set of abode up, and sage progress on my ardour projects.

Because it affords me the aptitude to install (and potentially get) apps, Nextcloud is an extensible platform. It’s open supply and beneath energetic building. Though the recent foremost version give a opt to became a cramped rocky (for me, no longer no longer up to), I’m gratified with Nextcloud and notion to follow it.

Gitea VM

After all, I would like a quandary to store my code. For that cause, I take advantage of Gitea. I rating Gitea to Gitlab because or no longer it’s lighter-weight. No longer like Gitlab, there will no longer be a million extra aspects bundled-in that add bloat (personally). Also, I rather rating the Gitea UI over the Gitlab UI.

There might per chance be if truth be told no longer notable else to utter about Gitea. It if truth be told works big for my capabilities. I push all of my code to the Gitea VM running on my dwelling community. Whenever I want to “put up” a mission or fraction it with the enviornment, I push my code to a public Github repo.

Harbor VM

To tag container photos on hand for running on my Kubernetes cluster, I would like a container registry. For this cause, I take advantage of Harbor, an open supply resolution that appears to be like to be the recent most traditional self-hosted container registry. As neatly as to providing a primitive API for pushing/pulling container photos, Harbor has the priceless functionality to scan container photos for known vulnerabilities.

Harbor has labored neatly for me to this point, but I be pleased no longer if truth be told placed it beneath a severe workload. Rapidly, I could launch the utilization of my Kubernetes cluster for various projects, that might per chance per chance also merely require pushing / pulling photos from Harbor on a conventional basis. Doubtless, one day within the lengthy speed, I will be pleased a more nuanced conception of Harbor.

Future Enhancements

Though I’m gratified with the recent setup, I continually gain myself coming up with tips for ability enhancements and additions to the homelab. Listed below are just a few the more neatly-defined tips.

First, I want to install Argo on the Kubernetes cluster to speed pipeline-based mostly workflows. Shall we utter, it would possibly be priceless to robotically speed assessments for every commit that will get pushed to my repositories on Gitea. Extra usually, I could per chance per chance also configure Argo to trigger a job for any arbitrary exterior match. It’ll be used to get a notification carrier. Or, it would possibly be used to come to a decision watch over heavy workloads. There are never-ending ability uses for a pipeline-based mostly workflow engine such as Argo.

2nd, I want to get a dashboard that affords a graphical representation of the location of every of my homelab substances the utilization of Grafana. The use of various open-supply instruments, I could per chance per chance also gain metrics and combination them. Then, the utilization of Grafana, I could per chance per chance also visualize the records. It’d be priceless to be in a design to instant ascertain the remark of my dwelling community services to be in a design to attain workloads, diagnose elements, and quite a bit of others.

Conclusion

With the work spanning a whole lot of months, creating my homelab has been rather a hump. Alongside the style, I started to grow weary, absorbing that I had signed myself up for the all-drinking process of working my homelab. With the overhead required to take care of the full various substances, how might per chance per chance also I ever be pleased time for the rest? Alternatively, I’m gratified to list that the Ansible script automation has proved priceless. Now, upgrades, configuration adjustments, and various “day 2” operations are rapid and simple. At this point, I’m making an try forward to transferring gears and engaged on one thing else for a while, the utilization of my homelab services as priceless instruments along the style.

  1. Homelab Ansible scripts: https://github.com/0xC45/homelab-setup
  2. “OpenBSD Home Router” blog put up: https://0xc45.com/blog/openbsd-dwelling-router/

Be taught Extra