{"id":21009890,"url":"https://github.com/39school/homelab_v1","last_synced_at":"2025-05-15T02:33:36.226Z","repository":{"id":57807213,"uuid":"523375182","full_name":"x86-39/homelab_v1","owner":"x86-39","description":"My homelab network. Kubernetes cluster deployed with Terraform and Ansible on TrueNAS SCALE w/ libvirt and Hetzner Cloud","archived":false,"fork":false,"pushed_at":"2022-12-27T16:24:17.000Z","size":83,"stargazers_count":12,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-08T10:54:53.688Z","etag":null,"topics":["ansible","ansible-k8s","ansible-kubernetes","hcloud","hetzner","k3s","kubernetes","libvirt","terraform","terraform-libvirt","terraform-libvirt-provider","truenas","truenas-scale","wireguard"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x86-39.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-08-10T14:25:53.000Z","updated_at":"2024-08-03T08:15:55.000Z","dependencies_parsed_at":"2023-01-31T04:45:57.352Z","dependency_job_id":null,"html_url":"https://github.com/x86-39/homelab_v1","commit_stats":null,"previous_names":["x86-39/homelab_v1"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x86-39%2Fhomelab_v1","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x86-39%2Fhomelab_v1/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x86-39%2Fhomelab_v1/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x86-39%2Fhomelab_v1/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x86-39","download_url":"https://codeload.github.com/x86-39/homelab_v1/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225324107,"owners_count":17456469,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-k8s","ansible-kubernetes","hcloud","hetzner","k3s","kubernetes","libvirt","terraform","terraform-libvirt","terraform-libvirt-provider","truenas","truenas-scale","wireguard"],"created_at":"2024-11-19T09:18:13.432Z","updated_at":"2025-05-15T02:33:30.806Z","avatar_url":"https://github.com/x86-39.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ARCHIVED\nThis was the first homelab setup I did where I used DevOps tooling to achieve my goals. \nI am trying something new, and archiving this repository in favour of [diademiemi/homelab_v2](https://github.com/diademiemi/homelab_v2)!  \n\n# Homelab setup from diademiemi\n\nThis is my homelab setup.  \nThe VMs are running on TrueNAS Scale with libvirt. A Hetzner VPS is also used to proxy traffic from a public IP to the cluster over a Wireguard VPN tunnel.\nTrueNAS Scale also acts as an NFS and iSCSI server for persistent storage on the Kubernetes containers.  \n\n## Terraform\n\nThe VMs are deployed with Terraform on libvirt alongside a VPS on Hetzner Cloud.\n\n### Libvirt\nTo connect to TrueNAS's libvirt socket, run:  \n`nc -kl -c 'ssh truenas \"nc -U /run/truenas_libvirt/libvirt-sock\"' 127.0.0.1 5000`  \n###### Replace truenas with your truenas host\n\nMake sure the following options are set in `/etc/libvirt/qemu.conf` on TrueNAS and restart libvirt (`systemctl restart libvirt`)  \n```bash\n# Not setting this will prevent Terraform from creating VM images.\nsecurity_driver = \"none\"\n\nuser = \"root\" # Or other user you are logging in as\ngroup = \"kvm\"\n```\n\nThe libvirt socket will then be accessible at [qemu+tcp://localhost:5000/system](qemu+tcp://localhost:5000/system).  \n\nYou can then view the changes that will be made with `terraform plan` and create them with `terraform apply` to roll out the VMs. Running `terraform destroy` will destroy the resources.  \n\nThe VMs will have an IP on an internal network `10.100.0.0/16` to access NFS and iSCSI. They will also get an IP in the range `192.168.100.150/25-192.168.100.153/25` which is accessible on VLAN 102 on the network.  \n\nThe VMs that are deployed will have the hostnames:  \n- `k3s-master`  \n- `k3s-worker01`  \n- `k3s-worker02`  \n- `k3s-worker03`  \n- `step01`\n\n### Hetzner\nA stepping stone / reverse proxy server is also deploye on Hetzner. This server proxies traffic from a public IP to the cluster through a Wireguard VPN.  \nCreate a project on hetzner and get an API token. Create a file `terraform/secrets.auto.tfvars` with the content:  \n```tfvars\nhcloud_token = \"xxx\"\nssh_pub_key = \"Your SSH public key\" # Used to log in\n```\n\nA VPS named `step02` will be created on Hetzner cloud.\n\n## Ansible\n\nAnsible uses inventory.ini to connect to the created virtual machines and VPS to:  \n- Set the root password\n- Update Cloudflare DNS records\n- Create Wireguard VPN tunnel between homelab VMs and VPS\n- Generate Wireguard configs for clients, if given, to access LAN from the internet\n- Set up Nginx traffic forwarder / proxy\n- Update packages\n- Install K3S\n- Set up a Kubernetes cluster\n- Deploy Kubernetes\n  - Ingress\n  - cert-manager\n  - Storage\n    - NFS\n    - iSCSI\n  - Various charts\n\nFiles in the `files/` directory are read as templates. This allows me to insert variables in a Jinja2 syntax. This way I can store variables like API keys, domain names and other secrets in Ansible Vault while still sharing my Kubernetes definitions for others to see.  \n\n## Kubernetes\n\nMetalLB will be used as a loadbalancer. Traefik and AdGuard Home will make use of this.\n\nAn instance of Traefik will be deployed for public-facing services. This will be available at `192.168.100.160`, I port forward this IP on ports 80/tcp and 443/tcp. Another will be deployed at `192.168.100.161` for services that should only be accessible on LAN.  \nAdGuard Home will listen on port 53/udp on `192.168.100.163`.  \n\nThese IPs are configurable in [group_vars/all/main.yml](group_vars/all/main.yml)  \n\n## Variables\nMost variables are set in [group_vars/all/main.yml](group_vars/all/main.yml) and [host_vars/localhost/main.yml](host_vars/localhost/main.yml).  \nI have encrypted my personal values with Ansible Vault and left them out of this repository.  \n\nIn `host_vars/localhost/main.yml`, change `letsencrypt_directory` to `https://acme-v02.api.letsencrypt.org/directory` to get a trusted SSL certificate.  \n\n## License\n\nThe files used to deploy my homelab are licensed under the [MIT License](./LICENSE).  \nI encourage you to take inspiration from my setup and learn wonderful tools like Ansible, Terraform and Kubernetes.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F39school%2Fhomelab_v1","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F39school%2Fhomelab_v1","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F39school%2Fhomelab_v1/lists"}