And done with another homelab all-service update. Nothing interesting besides the Grafana Canvas beta.

#homelab #100DaysOfHomelab #selfhosted #selfhosting

Backups. This morning, I thought: Alright, a couple of bash scripts and a couple of Nomad jobs and everything is going to be peachy.

I've just finished setting up a Python project, added CI jobs for linting and unit testing as well as a Docker container.

Send help. 😬

#homelab #selfhosted #100DaysOfHomelab

Just bough a "tower" style power strip, in the hopes that it would reduce the problem of large power plugs blocking neighbouring sockets.
It worked partially, at least now a big power plug only blocks a single neighbouring socket instead of (potentially) two on a long horizontal power strip.

Still, not entirely happy with the solution.

What are you guys all doing for power strips when you've got a lot of large power plugs?

#homelab #100DaysOfHomelab

Yes, my Udoo X86 now successfully netboots. 🎉

#homelab #100DaysOfHomelab

Successfully set up the Netbooting with syslinux/pxelinux for my newest cluster host. This needed a (partially) new setup, because my previous Raspberry Pi netboot setup did not need syslinux, due to the fact that the Pis already come with a netboot bootloader able to load kernel and initrd.
Last step remaining is to put it all into Ansible.

#100DaysOfHomelab #homelab

Alright, next milestone reached: My new host is getting the syslinux.efi file from the Bootserver. Now to actually configure it.

Also: Far too much time spend fighting a permission problem thinking it was NFS, though it actually was the mount directory itself having the wrong perms. 🤦‍♂️

#100DaysOfHomelab #homelab #syslinux

Finally, success! My Packer Ubuntu Image creation works. The fix was switching to SFTP instead of SCP for file transfers in Ansible. I currently think that the SSH Proxy Packer uses by default is at fault somehow.

Now researching how generic netbooting works to configure my Udoo x86 II with it. Seems it is a bit different than the Raspberry Pi netboot I've already set up.

#homelab #selfhosted #100DaysOfHomelab

CrowdSec introduction put on ice, because I've just ordered an Udoo X86 II Ultra which will serve as the x86 node in my Raspberry Pi cluster.

I've finished the basic planning and already decided that I will netboot the Udoo with a Ceph RBD root disk.

Now I just need to figure out how to best provision the Machine. Packer, which I'm already using for my Pi nodes, looks like it might be good for image creation here too.

#homelab #selfhosted #100DaysOfHomelab

Started reading up on CrowdSec. I like the idea of "Distributed thread intelligence". It also already has a plugin for my OPNsense firewall.

Only problem is getting logs into it from my Fluentd/Loki stack. I would like to avoid pushing all logs from everywhere to disk, just so that CrowSec can read them.

#100DaysOfHomelab #homelab #selfhosted

Trying to set up my new Vault based Homelab TLS certificates. I think Ansible is sensing that I'm no longer using its Certificate facilities. It is resisting.

Tonight, the field belongs to Ansible. But while I might be short a couple of strands of my sanity, I yet stand. Onwards tomorrow. 🤕

#100DaysOfHomelab #homelab #selfhosted

OpenWRT is trying to fight me when installing a certificate generated from my Vault CA.

When installing the Cert via LuCI, Firefox spits angry "no cipher overlap" errors. Which I don't get. With the self-signed OpenWRT cert, it's showing me TLS 1.3 ciphers being used. 🤔

#OpenWRT #homelab #selfhosted #100DaysOfHomelab

Finished the next step in the Vault homelab CA setup: Distributed the new CA certificate to all #Ansible controlled hosts.

Next step: The manually administered hosts and testing whether certs signed by the CA properly validate.

#homelab #100DaysOfHomelab #selfhosted

Worked on migrating my TLS certificate setup from Ansible to Hashicorp Vault.

I think I might actually getting the hang of certificates now.

#100DaysOfHomelab #homelab #selfhosted

I really should continue writing a blog post on Linux' initramfs. Instead, I'm browsing #100DaysOfHomelab on Twitter.
Thank's, brain! 🤦

Ha! Finally figured out what the problem with my #fluentd logs were: I had an infinite loop in there.

I basically had a math on "service1.task1.**" which added different tags to different log types like this:

tag += "typeA"

Those then ended up as "service1.task1.typeA". Which means: They fit the initial "service1.task1.**" filter again. Which produced infinite recursion and stack overflow.

One more bug fixed. 🎉

#homelab #100DaysOfHomelab #selfhosted

#100DaysOfHomelab Day 43: PowerDNS successfully set up. Works perfectly with the powerdns #terraform provider found here: https://github.com/pan-net/terraform-provider-powerdns

Only one problem: PowerDNS' locking of the DB doesn't seem to work properly. When Terraform tries to create multiple records, it errors out because the database is locked: https://github.com/pan-net/terraform-provider-powerdns/issues/75

Oh well, running Terraform with "-parallelism=1" fixes that.

#homelab #selfhosted

Alright, PowerDNS it is. Mainly because it has HTTP API with a corresponding Terraform Provider which is able to create both, zones and resource records.

#homelab #selfhosted #100DaysOfHomelab

Well, that was fail. Perhaps I should have checked first whether OPNsense's BIND plugin supports dynamic DNS updates.

Hint: It does not. 😭

So now, new plan for the weekend: Reading up on DNS servers and deploying one on my cluster-master for purely local use.

#homelab #selfhosted #100DaysOfHomelab

Mostly spend the evening trying to get familiar with OAuth2/SAML/OIDC. I'm still a bit uncomfortable with it, but as it looks like a nice addition to the homenet, I think I will book setting up a keycloak server for this weekend.

#homelab #100DaysOfHomelab #selfhosted