I am working on setting up a home server but I want it to be reproducible if I need to make large changes, switch out hardware, or restore from a failure. What do you use to handle this?

    • xyx@sh.itjust.worksEnglish
      0·
      4 months ago

      Out of curiosity: Are you running nix-ops with nix-secrets or how did you cover orchestration & credentials?

      • adf@lemmy.worldEnglish
        0·
        4 months ago

        I use flakes and all hosts are configured from a single flake, where each host has its own configuration. I have some custom modules and even custom package in the same flake. I also use home manager. I have 4 hosts managed in total: home server, laptop, gaming PC, and a cloud server. All hosts were provisioned using nixos-anywhere + disko, except for the first one which was installed manually. For secrets I use sops-nix, encrypted secrets are stored in the same flake/repo.

  • irmadlad@lemmy.worldEnglish
    0·
    4 months ago

    I use snapshots, once a month an image is made of the entire drive, and I have Duplicati that backs up to cloud. Whatever choice you make tho, remember 3,2,1, and backups are useless unless tested on a regular basis. The test portion always gives me anxiety.

    • MonkeMischief@lemmy.todayEnglish
      0·
      4 months ago

      I’d really like to know if there’s any practical guide on testing backups without requiring like, a crapton of backup-testing-only drives or something to keep from overwriting your current data.

      Like I totally understand it in principle just not how it’s done. Especially on humble “I just wanna back up my stuff not replicate enterprise infrastructure” setups.

  • paris@lemmy.blahaj.zoneEnglish
    0·
    4 months ago

    Recently switched to ucore. While I cannot for the life of me get SELinux to let my containers run without Permissive mode (my server was previously Endeavour OS and either didn’t have it or I disabled it long ago), I’ve otherwise had great success.

    The config is a single yaml file that gets converted into a json file for Ignition, which sets everything up on first boot. It’s an OCI-based immutable distro with automatic updating, so I can mostly just leave it to its own devices and everything has been smooth for the first week I’ve been using it.

    My Docker root directory is on a separate drive with plenty of space, so setting up involves directing Docker to that new root directory and basically being done (which my Ignition config handles for me).

  • relaymoth@sh.itjust.worksEnglish
    0·
    4 months ago

    I went the nuclear option and am using Talos with Flux to manage my homelab.

    My source of truth is the git repo with all my cluster and application configs. With this setup, I can tear everything down and within 30 min have a working cluster with everything installed automatically.

      • moonpiedumplings@programming.devEnglish
        0·
        4 months ago

        I have a similar setup, and even though I am hosting git (forgejo), I use ssh as a git server for the source of truth that k8s reads.

        This prevents an ouroboros dependency where flux is using the git repo from forgejo which is deployed by flux…

  • emerald@lemmy.blahaj.zoneEnglish
    0·
    4 months ago

    How do you manage your home server configuration

    Poorly, which is to say that I just let borgmatic back up all my compose files and hope for the best

  • dontsayaword@piefed.socialEnglish
    0·
    4 months ago

    I used to have a fille with every cli command and notes on how each thing was set up. When I had to reinstall it from scratch it took all day going through lots of manual steps and remembering how it should all go.

    Recently I converted the whole thing to Ansible. Now I could rebuild my entire system on a brand new OS installation with one command that completes in minutes. It’s all modular and I can add new services easily whether they are docker containers or scripts or whatever. If I ever break anything, it will reset everything to its intended state and leave it alone otherwise. And it’s free and pretty easy to learn and start using.

    Plus I use git along with it for version control, so I can always revert to any previous configuration instantly.

  • atzanteol@sh.itjust.worksEnglish
    0·
    4 months ago

    Terraform and ansible. Script service configuration and use source control. Containerize services where possible to make them system agnostic.

      • atzanteol@sh.itjust.worksEnglish
        0·
        4 months ago

        They’re good at different things.

        Terraform is better at “here is a configuration file - make my infrastructure look like it” and Ansible is better at “do these things on these servers”.

        In my case I use Terraform to create proxmox VMs and then Ansible provisions and configures software on those VMs.

  • thirdBreakfast@lemmy.worldEnglish
    0·
    4 months ago

    Proxmox on the metal, then every service as a docker container inside an LXC or VM. Proxmox does nice snapshots (to my NAS) making it a breeze to move them from machine to machine or blow away the Proxmox install and reimport them. All the docker compose files are in git, and the things I apply to every LXC/VM (my monitoring endpoint, apt cache setup etc) are all applied with ansible playbooks also in git. All the LXC’s are cloned from a golden image that has my keys, tailscale setup etc.

    • eli@lemmy.worldEnglish
      0·
      4 months ago

      This is pretty much my setup as well. Proxmox on bare metal, then everything I do are in Ubuntu LXC containers, which have docker installed inside each of them running whatever docker stack.

      I just installed Portainer and got the standalone agents installed on each LXC container, so it’s helped massively with managing each docker setup.

      Of course you can do whatever base image you want for the LXC container, I just prefer Ubuntu for my homelab.

      I do need to setup a golden image though to make stand-ups easier…one thing at a time though!

        • eli@lemmy.worldEnglish
          0·
          4 months ago

          Yes, essentially I have:

          Proxmox Baremetal
    ↪LXC1
        ↪Docker Container1
    ↪LXC2
        ↪Docker Container2
    ↪LXC3
        ↪Docker Container 3

          Or using real services:

          Proxmox Baremetal
    ↪Ubuntu LXC1 192.168.1.11
        ↪Docker Stack ("Profana")
            ↪cadvisor
              grafana
              node_exporter
              prometheus
    ↪Ubuntu LXC2 192.168.1.12
        ↪Docker Stack ("paperless-ngx")
            ↪paperless-ngx-webserver-1
              apache/tika
              gotenberg
              postgresdb
              redis
    ↪Ubuntu LXC3 192.168.1.13
        ↪Docker Stack ("teamspeak")
            ↪teamspeak
              mariadb

          I do have a AMP game server, which AMP is installed in the Ubuntu container directly, but AMP uses docker to create the game servers.

          Doing it this way(individual Ubuntu containers with docker installed on each) allows me to stop and start individual services, take backups via proxmox, restore from backups, and also manage things a bit more directly with IP assignment.

          I also have pfSense installed as a full VM on my Proxmox and pfSense handles all of my firewall rules and SSL cert management/renewals. So none of my ubuntu/docker containers need to configure SSL services, pfSense just does SSL offloading and injects my SSL certs as requests come in.

  • Nibodhika@lemmy.worldEnglish
    0·
    4 months ago

    Ansible.

    I use docker for most of the services and Ansible to configure them. In the future I’ll migrate the server system to NixOS and might slowly migrate my Ansible to NixOS, but for the time being Ansible is working with relative ease.