Files for homelab provisioning and maintenance operations of my personal proxmox cluster for self-hosted services, application deployment environment and playhouse :)
The machine runs proxmox cluster with vms. The main purpose of the server is to expose web interfaces of docker containers for some services that i use every day
---
title: torterra
---
flowchart LR
subgraph web_services
direction TB
A[(wailord)]
B{staraptor}
B --http requests--> A
end
subgraph dns_servers
direction TB
C[espeon]
D[umbreon]
C ~~~ D
end
web_services --dns queries--> dns_servers
some services are exposed to the internet via HTTPS reverse proxy with nginx
flowchart LR
A((Internet))
B{staraptor}
C[nextcloud]
D[...]
C & D --> B
B --> A
some other services are exposed through port forwarding on the router
flowchart LR
A((Internet))
B{router\n port forwarding}
C[wireguard]
C --> B
B --> A
Containers and virtual machines's rootfs disk is located in the local-lvm volume on the nvme disk. all the volumes are backuped in the other hard drive from pbs
flowchart
subgraph data disks
direction TB
subgraph nvme
A[container rootfs]
end
end
subgraph backupdisks
direction TB
subgraph HD2
direction LR
C[backup volume]
end
end
A -- backup on --> C
Backups are made with the use of PBS in snapshot mode, every night at 21:00 for all containers and virtual machines, one of the 2 hard drives is dedicated to this purpose
- clone repository inside the proxmox host
cd /usr/local
git clone https://github.com/carnivuth/labcraft- create venv and install dependencies
cd labcraft
python -m venv env
source env/bin/activate
pip install -r requirements.txt- install ansible collections and roles
source env/bin/activate
ansible-galaxy collection install -r collections/requirements.yml
ansible-galaxy role install -r roles/requirements.yml-
add secrets folowing this guide
-
create terraform vars file following the vars declaration in
terraform/variables.tf -
create a proxmox admin token for terraform
-
create templates for vms and containers following this
-
run terraform to deploy vms and add one of the dns servers to
/etc/hosts -
run preflight playbook for provisioning
ansible-playbook -i inventory/prod.proxmox.yml carnivuth.labcraft.preflightSensitive informations are stored inside an encrypted vault file generated with ansible-vault, in order to create it do the following:
- create a sample with the following command:
grep -e 'vault_[a-z_]*' playbooks/group_vars/all/vars.yml inventory/inventory.proxmox.yml -ho > sample.yml- create a file to store the vault password
pwgen -N 1 64 > passfile && chmod 600 passfile- set vault pass file in
ansible.cfg
[defaults]
host_key_checking = False
vault_password_file=/usr/local/labcraft/passfile- add variables and encrypt the file with ansible vault
ansible-vault encrypt sample.yml- move the file to the
group_varsfolder
mv sample.yml playbooks/group_vars/all/vault.ymlHost backups are done trough the use of borg and a cronjob script, after running the configure_proxmox.yml playbook configure ssh authentication to storage box
To avoid having to run ansible manually every time there is an update do the following
- add the
scripts/update_labcraft.shto cron:
* * * * * /usr/local/labcraft/update_labcraft.sh > /dev/null 2>&1Then link scripts/post-merge to the git hooks dir (more on the topic here) as follows
cd .git/hooks
ln -fs ../../scripts/post-merge post-mergeSo every time a commit is pushed to remote cron will pull the repo and the hook will run ansible
---
title: UPDATE WORKFLOW
---
sequenceDiagram
participant dev_machine
participant github_repo
participant torterra
dev_machine ->> github_repo: push chainges
loop every x minutes
torterra ->> github_repo: fetch changes
alt changes
torterra ->> torterra: run ansible
end
end