michael
d67c60524f
|
||
|---|---|---|
| backup1 | ||
| cuddlefish | ||
| rocktiplex | ||
| thonkpad | ||
| .gitignore | ||
| README.md | ||
README.md
Michael's Homelab
Welcome to the container farm...
Host List
Devices
| Host | OS | Purpose / Services |
|---|---|---|
| Thonkpad (portable) |  |
Misc. Projects |
| Cuddlefish |  |
Gitea |
| Rocktiplex |  |
Fathom, Status Proxy, RSF Analytics, ytpod |
| Cloud8 (under repair) | |
NextCloud |
Virtualized Hosts
| VM | Kind | Access | Machine | OS | Purpose / Services |
|---|---|---|---|---|---|
| NixHost | KVM | SSH | Thonkpad |  |
NixOS Testbed |
| WinHost | KVM | RDP | Thonkpad |  |
Altium Designer |
Off-site
| Host | Provider | OS | Purpose / Services |
|---|---|---|---|
| Backup1 | TNAHosting |  |
Docker Volume Backups |
Docker
Most services are run as Docker containers.
Volume Permission Notes
In a standard setup, we will have a docker usergroup. To make a user-created directory usable as a volume, run the following:
sudo chown -R my-user:docker my-dir
SELinux Notes
Docker volumes violate some SELinux policies. Use setenforce 0 to disable it temporarily, or make the following permanent change to /etc/sysconfig/selinux:
# SELINUX=enforcing
SELINUX=permissive
Dockerized Cloudflared Notes
If a docker-compose file looks like this:
services:
gitea-server:
image: gitea/gitea:1.19.3
# ...
gitea-cloudflared:
image: cloudflare/cloudflared
# ...
Then in this case the name of the target service is gitea-server, and (per Docker's networking shenanigans), should be specified directly by service name, e.g.
https://git.michaellisano.com -> http://gitea-server:3000
Backups
Everything is encrypted with age.
All keys are generated using age-keygen and stored in a text file, e.g.
backup-key.txt
# created: 2023-06-24T18:01:36-07:00
# public key: age12345...
AGE-SECRET-KEY-xyz123...
Decrypting a file:
age -d -i backup-key.txt -o NAME.tar.gz NAME.tar.gz.enc