{"id":17561615,"url":"https://github.com/nitestack/raspberry-pi-5","last_synced_at":"2026-04-10T15:50:05.342Z","repository":{"id":258768483,"uuid":"875193761","full_name":"Nitestack/raspberry-pi-5","owner":"Nitestack","description":"Ansible Home Server Configuration for Raspberry Pi 5","archived":false,"fork":false,"pushed_at":"2024-10-21T19:20:04.000Z","size":27,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-21T21:56:17.240Z","etag":null,"topics":["ansible","caddy","docker","home-server","nextcloud","pivpn","raspberry-pi","vaultwarden"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Nitestack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-19T10:41:03.000Z","updated_at":"2024-10-21T19:20:07.000Z","dependencies_parsed_at":"2024-10-21T21:05:34.857Z","dependency_job_id":null,"html_url":"https://github.com/Nitestack/raspberry-pi-5","commit_stats":null,"previous_names":["nitestack/raspberry-pi-5"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitestack%2Fraspberry-pi-5","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitestack%2Fraspberry-pi-5/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitestack%2Fraspberry-pi-5/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitestack%2Fraspberry-pi-5/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Nitestack","download_url":"https://codeload.github.com/Nitestack/raspberry-pi-5/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246177479,"owners_count":20735978,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","caddy","docker","home-server","nextcloud","pivpn","raspberry-pi","vaultwarden"],"created_at":"2024-10-21T12:06:34.968Z","updated_at":"2025-12-30T23:19:07.202Z","avatar_url":"https://github.com/Nitestack.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003ch1\u003e\n  🍓 Raspberry Pi 5\n  \u003cbr/\u003e\n  Home Server\n  \u003cbr/\u003e\n  \u003csup\u003e\n    \u003csub\u003ePowered by \u003ca href=\"https://www.ansible.com/\" target=\"_blank\"\u003eAnsible\u003c/a\u003e\u003c/sub\u003e\n  \u003c/sup\u003e\n\u003c/h1\u003e\n\n![Latest Commit](https://img.shields.io/github/last-commit/Nitestack/raspberry-pi-5?style=for-the-badge)\n![GitHub Repo Stars](https://img.shields.io/github/stars/Nitestack/raspberry-pi-5?style=for-the-badge)\n![Github Created At](https://img.shields.io/github/created-at/Nitestack/raspberry-pi-5?style=for-the-badge)\n\n[Features](#-features) • [Requirements](#️-requirements) • [Getting Started](#-getting-started) • [Port Forwarding](#-port-forwarding) • [Environment Variables](#-environment-variables) • [Security](#-security) • [License](#-license)\n\n_This [Ansible](https://www.ansible.com) configuration automates the setup of a Raspberry Pi Home Server running [Raspberry Pi OS](https://www.raspberrypi.com/software). It deploys essential services, enhances security, and ensures consistency across the server environment._\n\n\u003cp\u003e\n  \u003cstrong\u003eIf you find this repository useful, please \u003ca href=\"#\" title=\"star\"\u003e⭐️\u003c/a\u003e or fork it!\u003c/strong\u003e\n\u003c/p\u003e\n\u003c/div\u003e\n\n## 🚀 Features\n\n\u003e [!Warning]\n\u003e This setup requires your domain to be fully managed by Cloudflare DNS.\n\n- **Automated Docker installation**\n- **Vaultwarden deployment** for secure password management\n- **Cloudflare DDNS updater** for dynamic IP management\n- **PiVPN (WireGuard)** configuration for secure remote access\n- **NextCloud** for file synchronization and sharing\n- **Immich** for media synchronization with fast-upload speeds\n- **Home Assistant** for home automation and IoT management\n\n## ⚙️ Requirements\n\n1. **Raspberry Pi OS Lite (64-bit)**: Ensure your Raspberry Pi is running the latest version.\n2. **Ansible**: Install Ansible on your local machine.\n3. **Cloudflare-managed domain**: Required for dynamic DNS updates and subdomain routing.\n4. **Ethernet connection**: Use a wired connection for your Raspberry Pi to ensure stable performance.\n\n\u003e [!Important]\n\u003e When flashing your SD card, enable SSH and select the `Use password authentication` option.\n\n\u003e [!Note]\n\u003e If you choose a custom hostname or user, remember to update the `inventory.ini` file accordingly.\n\n5. **Static IPv4 configuration**: Your Raspberry Pi should have a static IP on your local network. To set the IP to `192.168.2.210`, use:\n\n   ```sh\n   sudo nmcli con mod \"Wired connection 1\" ipv4.addresses \"192.168.2.210/24\" \\\n     ipv4.gateway \"192.168.2.1\" \\\n     ipv4.dns \"192.168.2.1\" \\\n     ipv4.method manual \u0026\u0026 \\\n   sudo nmcli con up \"Wired connection 1\"\n   ```\n\n   This is a one-time setup. The Ansible playbook will manage IP persistence afterward.\n\n\u003e [!Note]\n\u003e Ensure Avahi is installed and running for `.local` domain resolution. Alternatively, access the Pi using its IP address directly.\n\n## 🏁 Getting Started\n\n1. **Clone the repository**:\n\n   ```sh\n   git clone https://github.com/Nitestack/raspberry-pi-5.git ~/raspberry-pi-5\n   ```\n\n2. **Install required Ansible Galaxy collections**:\n\n   ```sh\n   ansible-galaxy install -r requirements.yml --force # to ensure the latest versions\n   ```\n\n3. **Run the playbook**:\n\n   ```sh\n   ansible-playbook -i inventory.ini playbook.yml\n   ```\n\n\u003e [!IMPORTANT]\n\u003e This only works if you have set up password-less authentication on your Raspberry Pi. Please look at the [Security](#-security) section for more details.\n\n## 🔌 Port Forwarding\n\nTo ensure remote access and proper functionality of the services, configure the following port forwarding rules on your router:\n\n```plaintext\n# PiVPN (WireGuard)\n# PIVPN_PORT is an environment variable configurable in `secrets.yml`. The default value is `51820`.\npublic:${PIVPN_PORT}/tcp -\u003e local:${PIVPN_PORT}/tcp\n\n# Caddy (handling all the websites)\npublic:443/tcp -\u003e local:443/tcp\npublic:443/udp -\u003e local:443/udp\n\n# SSH (optional, if you want to access the Raspberry Pi remotely without WireGuard)\npublic:22/tcp -\u003e local:22/tcp\n```\n\n## 🛠️ Environment Variables\n\nTo securely configure sensitive data, create a `secrets.yml` file in the root directory. Copy the `secrets.example.yml` file and populate the fields as required.\n\n### Cloudflare DDNS Updater\n\nEnsure that an `A` record for your domain is set up, initially pointing to a placeholder IP (e.g., `8.8.8.8`). The DDNS script will update it with your public IP. Define the record name in `secrets.yml` under `CLOUDFLARE_RECORD_NAME`.\n\n### PiVPN Configuration\n\nAdd a `CNAME` record for your PiVPN subdomain, pointing it to the value in `CLOUDFLARE_RECORD_NAME`. Update the `PIVPN_DOMAIN` variable in `secrets.yml` with the correct domain.\n\n### Vaultwarden Settings\n\nCreate a `CNAME` record for your Vaultwarden subdomain, directing it to the value specified in `CLOUDFLARE_RECORD_NAME`. Set the `VAULTWARDEN_URL` variable in `secrets.yml` to your Vaultwarden URL.\n\n### NextCloud Settings\n\nCreate a `CNAME` record for your NextCloud subdomain, directing it to the value specified in `CLOUDFLARE_RECORD_NAME`. Set the `NEXTCLOUD_URL` variable in `secrets.yml` to your NextCloud URL.\n\n### Immich Settings\n\nCreate a `CNAME` record for your Immich subdomain, directing it to the value specified in `CLOUDFLARE_RECORD_NAME`. Set the `IMMICH_URL` variable in `secrets.yml` to your Immich URL. In addition to that, please set your timezone id (TZ identifier) with `TIMEZONE` (check this [Wikipedia article](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List)). You also have to set a database password with `IMMICH_DB_WORD` (only use the characters `A-Za-z0-9`, without special characters or spaces).\n\n### Home Assistant Settings\n\nCreate a `CNAME` record for your Home Assistant subdomain, directing it to the value specified in `CLOUDFLARE_RECORD_NAME`. Set the `HOME_ASSISTANT_URL` variable in `secrets.yml` to your Home Assistant URL.\n\n## 🛡️ Security\n\n### 1. Add Your Host to Authorized Keys on the Raspberry Pi\n\nTo enable secure SSH access, copy your public key to the Raspberry Pi:\n\n```sh\nssh-copy-id nhan@raspberrypi.local\n```\n\n### 2. Update SSH Configuration\n\nEdit the `/etc/ssh/sshd_config` file on the Raspberry Pi to strengthen security. Update the following settings:\n\n```plaintext\nPasswordAuthentication no\nUsePAM no\n```\n\n### 3. Reload the SSH Service\n\nApply the changes by reloading the SSH service:\n\n```sh\nsudo systemctl reload ssh\n```\n\n## 📝 License\n\nThis project is licensed under the Apache-2.0 license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnitestack%2Fraspberry-pi-5","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnitestack%2Fraspberry-pi-5","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnitestack%2Fraspberry-pi-5/lists"}