Stores Ansible config for subract's homelab, to simplify management and enable easier service deployment.
Currently managing the following:
-
A primary application server
- Using ZFS and automated snapshots with Sanoid for functional immortality
- Automated backups to Backblaze B2 for disaster recovery
- ZFS-based full-disk encryption
- Tailscale for seamless remote access
- Docker [hosting the following](templates/cepheus
- Traefik - reverse proxy managing access to all web services.
- Providing TLS termination and automated certificates with Let's Encrypt
- Authelia - authentication and authorization server providing SSO
- Nextcloud - file storage and synchronization
- Immich - Google Photos replacement
- Gitea - lightweight Git hosting
- Drone - continuous integration platform handling deployments
- Home Assistant - smart home management
- Supported by Zigbee2MQTT and Mosquitto
- Node-RED - visual scripting for home automation and sundry other tasks
- CyberChef - "Cyber Swiss Army Knife" - handy for random operations
- it-tools - similar to CyberChef, but focused on a different set of sysadmin-y tasks
- Miniflux - minimalist RSS feed reader ingesting ~70 feeds
- Paperless-ngx - document management system to digitize documents
- Changedetection.io - monitors web pages for changes
- Pinchflat - archives YouTube channels
- Jellyfin - watch archived YouTube channels
- Bar Assistant - manage home bar and cocktail recipes
- Open WebUI - run chatbots with ollama
- Beaver Habit Tracker - simple, minimal habit tracking
- Homepage - simple, static, and secure dashboard
- Karakeep - bookmarks and read-it-later
- Traefik - reverse proxy managing access to all web services.
-
A cloud VPS hosting public services to the Internet
- Minecraft servers - a few different worlds for friends and family
- tModLoader - modded Terraria server
- AdGuard Home - tailnet-wide ad blocking and custom DNS
- Peertube - YouTube alternative platform that supports ActivityPub federation
- Cryptpad - Google Docs alternative with E2E encryption
- Ghost - personal blog
- immich-public-proxy - secure access to Immich photo/video shares
- ipinfo.tw - simple IP check
- Mastodon - (un)federated social media
- Vikunja - to-dos and project management
-
A couple of Arch workstations
- Managing packages, services, and sundry other configuration
- Using secure boot for boot integrity with full-disk encryption
This is a living repo, evolving as I add and manage additional services. As I tackle the challenges of managing additional systems, I'll expand this repo to include them.