michaelnet/README.md

# Michael's Homelab

## Host List

### Devices

| Host | OS   | Purpose / Services |
| :--- | :--- | :----------------- |
| [Thonkpad](thonkpad/) (portable) | ![Fedora](https://img.shields.io/badge/Fedora_37-294172?style=for-the-badge&logo=fedora&logoColor=white) | Misc. Projects |
| [Cuddlefish](cuddlefish/) | ![CentOS](https://img.shields.io/badge/centos_7-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea |
| [Rocktiplex](rocktiplex/) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom, Status Proxy, RSF Analytics |
| Cloud8 (under repair) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud |

### Virtualized Hosts

| VM   | Kind | Machine | OS   | Purpose / Services |
| :--- | :--- | :------ | :--- | :----------------- |
| [NixHost](thonkpad/nixhost/) | KVM | Thonkpad | ![NixOS](https://img.shields.io/badge/NIXOS-5277C3.svg?style=for-the-badge&logo=NixOS&logoColor=white) | NixOS Testbed |

### Off-site

| Host | Provider | OS   | Purpose / Services |
| :--- | :------- | :--- | :----------------- |
| Backup1 | [TNAHosting](https://tnahosting.net/) | ![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04_LTS-E95420?style=for-the-badge&logo=ubuntu&logoColor=white) | Docker Volume Backups |

## Docker 

Most services are run as Docker containers.

### SELinux Notes

Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it temporarily, or make the following permanent change to `/etc/sysconfig/selinux`:

```bash
# SELINUX=enforcing
SELINUX=permissive
```

### Dockerized Cloudflared Notes

If a docker-compose file looks like this:

```yaml
services:
  gitea-server:
    image: gitea/gitea:1.19.3
    # ...
  gitea-cloudflared:
    image: cloudflare/cloudflared
    # ...
```

Then in this case the name of the target service is `gitea-server`, and (per Docker's networking shenanigans), should be specified **directly by service name,** e.g.

```
https://git.michaellisano.com -> http://gitea-server:3000
```

## Backups

Everything is encrypted with [age](https://github.com/FiloSottile/age).

All keys are generated using age-keygen and stored in a text file, e.g.

**backup-key.txt**

```
# created: 2023-06-24T18:01:36-07:00
# public key: age12345...
AGE-SECRET-KEY-xyz123...
```

Decrypting a file:

```
age -d -i backup-key.txt -o NAME.tar.gz NAME.tar.gz.enc
```
info 2023-05-26 12:15:42 -07:00			`# Michael's Homelab`
initial commit 2023-05-26 12:05:53 -07:00
more nix stuff 2023-10-01 08:45:16 -07:00			`## Host List`
initial commit 2023-05-26 12:05:53 -07:00
more nix stuff 2023-10-01 08:45:16 -07:00			`### Devices`
initial commit 2023-05-26 12:05:53 -07:00
more nix stuff 2023-10-01 08:45:16 -07:00			`\| Host \| OS \| Purpose / Services \|`
			`\| :--- \| :--- \| :----------------- \|`
			`\| [Thonkpad](thonkpad/) (portable) \| ![Fedora](https://img.shields.io/badge/Fedora_37-294172?style=for-the-badge&logo=fedora&logoColor=white) \| Misc. Projects \|`
			`\| [Cuddlefish](cuddlefish/) \| ![CentOS](https://img.shields.io/badge/centos_7-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) \| Gitea \|`
			`\| [Rocktiplex](rocktiplex/) \| ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) \| Fathom, Status Proxy, RSF Analytics \|`
			`\| Cloud8 (under repair) \| ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) \| NextCloud \|`

			`### Virtualized Hosts`

			`\| VM \| Kind \| Machine \| OS \| Purpose / Services \|`
			`\| :--- \| :--- \| :------ \| :--- \| :----------------- \|`
			`\| [NixHost](thonkpad/nixhost/) \| KVM \| Thonkpad \| ![NixOS](https://img.shields.io/badge/NIXOS-5277C3.svg?style=for-the-badge&logo=NixOS&logoColor=white) \| NixOS Testbed \|`

			`### Off-site`

			`\| Host \| Provider \| OS \| Purpose / Services \|`
			`\| :--- \| :------- \| :--- \| :----------------- \|`
			`\| Backup1 \| [TNAHosting](https://tnahosting.net/) \| ![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04_LTS-E95420?style=for-the-badge&logo=ubuntu&logoColor=white) \| Docker Volume Backups \|`

			`## Docker`

			`Most services are run as Docker containers.`

			`### SELinux Notes`
doc update 2023-07-27 23:50:53 -07:00
			Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it temporarily, or make the following permanent change to `/etc/sysconfig/selinux`:

			```bash
			`# SELINUX=enforcing`
			`SELINUX=permissive`
			```
dockerize cloudflared on cuddlefish + ssh proxying test 2023-06-19 11:27:48 -07:00
more nix stuff 2023-10-01 08:45:16 -07:00			`### Dockerized Cloudflared Notes`
dockerize cloudflared on cuddlefish + ssh proxying test 2023-06-19 11:27:48 -07:00
			`If a docker-compose file looks like this:`

			```yaml
			`services:`
			`gitea-server:`
			`image: gitea/gitea:1.19.3`
more nix stuff 2023-10-01 08:45:16 -07:00			`# ...`
dockerize cloudflared on cuddlefish + ssh proxying test 2023-06-19 11:27:48 -07:00			`gitea-cloudflared:`
			`image: cloudflare/cloudflared`
more nix stuff 2023-10-01 08:45:16 -07:00			`# ...`
dockerize cloudflared on cuddlefish + ssh proxying test 2023-06-19 11:27:48 -07:00			```

merge cuddlefish changes 2023-06-19 11:33:40 -07:00			Then in this case the name of the target service is `gitea-server`, and (per Docker's networking shenanigans), should be specified directly by service name, e.g.
dockerize cloudflared on cuddlefish + ssh proxying test 2023-06-19 11:27:48 -07:00
			```
			`https://git.michaellisano.com -> http://gitea-server:3000`
			```
initial commit 2023-05-26 12:05:53 -07:00
more nix stuff 2023-10-01 08:45:16 -07:00			`## Backups`
backup host + tweaks 2023-06-25 09:25:32 -07:00
			`Everything is encrypted with [age](https://github.com/FiloSottile/age).`

			`All keys are generated using age-keygen and stored in a text file, e.g.`

			`backup-key.txt`

			```
			`# created: 2023-06-24T18:01:36-07:00`
			`# public key: age12345...`
			`AGE-SECRET-KEY-xyz123...`
			```

			`Decrypting a file:`

			```
			`age -d -i backup-key.txt -o NAME.tar.gz NAME.tar.gz.enc`
			```