This repository hosts all the playbooks required to deploy and run my homelab. You have to bring your own hardware, Linux operating system, configuration secrets and data though.
My homelab is a single-node x64 (previously ARM) machine, and applications are deployed containerized via Hashicorp Nomad. Tailscale takes care of all the networking required for administration and deployments. Cloudflare Tunnels help in exposing the services to the internet.
App | Purpose | Project homepage |
---|---|---|
MySQL | Database (common dependency for multiple apps) | https://dev.mysql.com/downloads/mysql/ |
Firefly-III | Personal finance | https://www.firefly-iii.org/ |
Bookstack | Documentation & Diary | https://www.bookstackapp.com/ |
Vikunja | Todo list | https://vikunja.io/ |
Nextcloud | Google Drive alternative | https://nextcloud.com/ |
Webtrees | Family tree (genealogy) | https://www.webtrees.net/index.php/en/ |
Photoprism | Google Photos alternative | https://photoprism.app/ |
Audiobookshelf | Audiobook server (Audible alternative) | https://www.audiobookshelf.org/ |
Kavita | Ebook reader (think Apple Books on the web) | https://www.kavitareader.com/ |
Duplicati | Encrypted, incremental backups | https://www.duplicati.com/ |
NTFY | Push Notifications REST service | https://ntfy.sh/ |
Cronicle | Powerful cron scheduler | http://cronicle.net/ |
Mailpile | Web archive for email | https://www.mailpile.is/ |
Miniflux | RSS reader | https://miniflux.app/ |
Metabase | SQL / analytics interface | https://www.metabase.com/ |
n8n | Scheduled and on-demand DAGs and workflows | https://n8n.io/ |
Monica | Daily journalling and relationship manager | https://www.monicahq.com/ |
Immich | Google Photos alternative | https://immich.app/ |
Snibox | Snippets organizer | https://github.com/MohamedElashri/Snibox |
Memoet | Modern spaced repetition system | https://github.com/memoetapp/memoet |
Hashicorp Nomad is undoubtedly a very good orchestrator of services and the declarative design of deployments make it even easier to administer. I also have setup a Caddy webserver as an ingress gateway. There's one Cloudflare Tunnel for each application, and that channels the requests to directly hit the Caddy endpoints. A simple diagram to illustrate the lifecycle of requests is:
The way the Ansible playbook is structured makes it super-easy to onboard a new application. Look at some of the past pull-requests to understand how it's only about copy-pasting, filling up templates and adding some secrets.
The project was born as a hobby idea to organize knowledge. The core idea is to own the data and build amazing integrations that make everyday easy. As already mentioned, the homelab today hosts financial data lake, documentation & notetaking software, powerful to-do-listing tools, eBook and audiobook readers, file cloud, photo gallery, smart reminder & notification systems and so on!
Deployments happen whenever a PR gets merged to the main
branch. GitHub CI is used for all deployments and the secrets are kept in Bitwarden (non self-hosted). Whenever there's code merged, the CI instance boots up, joins my Tailscale network, picks up the Bitwarden secrets, runs the Ansible playbook and goes away once successful. Needless to say, idempotence is therefore a strict requirement here.
All the application containers are mapped to a persistent storage location in the mounted HDD. And this giant data directory is being backed up to object storage (Backblaze B2 in my case). Encrypted, incremental backups - thanks to Duplicati.
Yeah I'm a one-machine fan.
- 1GB DigitalOcean droplet
- The now-archived repository used to deploy applications natively (non-containerized) and given memory was limited, very few applications were deployed.
- Since DO droplets have dedicated IPv4, exposing services publicly was not at all a concern.
- Raspberry Pi 4
- The Raspberry Pi performed really well in the initial 3 months of setting up, until summer heat waves spoiled the party.
- Pis being single-board computers tend to get very hot when overworking.
- The Pi (ARM) setup was very efficient on power and had an external USB-connected HDD for storage.
- The Pi ran DietPi - a stripped down Debian-based operating system. With 8GB of memory, it ran a large number of applications really well, although response times were quite high on average.
- Dell Latitude E6400
- Migrating to a x64 (AMD64) old laptop was mostly trivial. The Dell machine runs Ubuntu server.
- CPU, in comparison to the Pi is way more faster and resulted to slightly better response times.
- Being a laptop, the machine provides battery backup to some extent and also a screen for urgent debugging.
- However the laptop being decade-old, it tends to heat up a lot and needs active environmental cooling.
- ASUS Desktop (gaming PC)
- The second-hand-purchased gaming desktop sports i5 7th generation and 16GB RAM (early 2018 model).
- Has powerful motherboard with efficient cooling and power unit.
- Nextcloud, Photoprism, Duplicati performance has clear visible improvements upon migration to this desktop homelab.
Oracle Cloud offers high-spec ARM machines at free tier, I'm yet to explore if that offering can be put to good use. With that in mind, I'm also looking into distributed deployments. One of the main challenges in that is exposing a distributed interface for storage (like Ceph, SeaweedFS etc). Another point of future focus would be good metric collection and monitoring setup.