michael d8d2a8c85f | ||
---|---|---|
backup | ||
cuddlefish | ||
rocktiplex | ||
thonkpad | ||
.gitignore | ||
README.md |
README.md
Michael's Homelab
Welcome to the container farm...
Host List
Devices
Host | OS | Purpose / Services |
---|---|---|
Thonkpad (portable) | Misc. Projects | |
Cuddlefish | Gitea | |
Rocktiplex | Fathom, Status Proxy, RSF Analytics, ytpod | |
Cloud8 (under repair) | NextCloud |
Virtualized Hosts
VM | Kind | Access | Machine | OS | Purpose / Services |
---|---|---|---|---|---|
NixHost | KVM | SSH | Thonkpad | NixOS Testbed | |
WinHost | KVM | RDP | Thonkpad | Altium Designer |
Off-site
Host | Provider | OS | Purpose / Services |
---|---|---|---|
Backup1 | TNAHosting | Docker Volume Backups |
Docker
Most services are run as Docker containers.
Volume Permission Notes
In a standard setup, we will have a docker
usergroup. To make a user-created directory usable as a volume, run the following:
sudo chown -R my-user:docker my-dir
SELinux Notes
Docker volumes violate some SELinux policies. Use setenforce 0
to disable it temporarily, or make the following permanent change to /etc/sysconfig/selinux
:
# SELINUX=enforcing
SELINUX=permissive
Dockerized Cloudflared Notes
If a docker-compose file looks like this:
services:
gitea-server:
image: gitea/gitea:1.19.3
# ...
gitea-cloudflared:
image: cloudflare/cloudflared
# ...
Then in this case the name of the target service is gitea-server
, and (per Docker's networking shenanigans), should be specified directly by service name, e.g.
https://git.michaellisano.com -> http://gitea-server:3000
Backups
Everything is encrypted with age.
All keys are generated using age-keygen and stored in a text file, e.g.
backup-key.txt
# created: 2023-06-24T18:01:36-07:00
# public key: age12345...
AGE-SECRET-KEY-xyz123...
Decrypting a file:
age -d -i backup-key.txt -o NAME.tar.gz NAME.tar.gz.enc