My home service stack running on a Beelink EQ12 with Fedora IoT. Applications are run as podman containers and managed by systemd to support my home infrastructure.
- direnv: Update environment per working directory.
- podman: A tool for managing OCI containers and pods with native systemd integration.
- renovate: Universal dependency automation tool.
- sops: Manage secrets which are commited to Git using Age for encryption.
- task: A task runner / simpler Make alternative written in Go.
-
Install required system deps and reboot
sudo rpm-ostree install --idempotent --assumeyes git go-task sudo systemctl reboot
-
Make a new SSH key, add it to GitHub and clone your repo
export GITHUB_USER="rkoosaar" curl https://github.com/$GITHUB_USER.keys > ~/.ssh/authorized_keys sudo install -d -o $(logname) -g $(logname) -m 755 /var/opt/home-service git clone [email protected]:$GITHUB_USER/home-service.git /var/opt/home-service/.
-
Install additional system deps and reboot
cd /var/opt/home-service go-task deps sudo systemctl reboot -
Create an Age public/private key pair for use with sops
age-keygen -o /var/opt/home-service/age.key
Note
I am using ipvlan to expose most containers on their own IP addresses on the same network as this here device, the available addresses are mentioned in the --ip-range flag below. Beware of IP addressing and interface names.
-
Create the podman
containernetnetworksudo podman network create \ --driver=ipvlan \ --ipam-driver=host-local \ --subnet=10.1.0.0/24 \ --gateway=10.1.0.1 \ --ip-range=10.1.0.171-10.1.0.199 \ containernet -
Setup the currently used interface with
systemd-networkd๐ Setting the DNS server to a container used on this system might make dragons appear ๐.
sudo bash -c 'cat << EOF > /etc/systemd/network/enp6s18.network [Match] Name = enp6s18 [Network] DHCP = yes DNS = 1.1.1.1 DNS = 1.0.0.1 IPVLAN = containernet [DHCPv4] UseDNS = false'
-
Setup
containernetwithsystemd-networkdsudo bash -c 'cat << EOF > /etc/systemd/network/containernet.netdev [NetDev] Name = containernet Kind = ipvlan' sudo bash -c 'cat << EOF > /etc/systemd/network/containernet.network [Match] Name = containernet [Network] IPForward = yes Address = 10.1.0.170/24'
-
Disable
networkmanager, the enable and startsystemd-networkdsudo systemctl disable --now NetworkManager sudo systemctl enable systemd-networkd sudo systemctl start systemd-networkd
Tip
To encrypt files with sops replace the public key in the .sops.yaml file with your Age public key. The format should look similar to the one already present.
View the apps directory for documentation on configuring an app container used here, or setup your own by reviewing the structure of this repository.
Using the included Taskfile there are helper commands to start, stop, restart containers and more. Run the command below to view all available tasks.
go-task --listTip
๐ fish is awesome, you should try fish!
chsh -s /usr/bin/fish
# IMPORTANT: Log out and log back in
go-task dotfilesTip
โ You can also update /etc/chrony.conf with custom NTP servers.
sudo sed -i 's/^#allow .*/allow all/g' /etc/chrony.conf
sudo systemctl restart chronydsudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
sudo systemctl rebootsudo systemctl disable --now firewalld.service| Name | Subnet | DHCP range | ARP reserved |
|---|---|---|---|
| LAN | 192.168.1.0/24 | 150-254 | 171-199 |
| TRUSTED | 192.168.10.0/24 | 150-254 | - |
| SERVERS | 192.168.42.0/24 | 150-254 | 120-149 |
| GUESTS | 192.168.50.0/24 | 150-254 | - |
| IOT | 192.168.70.0/24 | 150-254 | - |
| WIREGUARD | 192.168.80.0/28 | - | - |
- bjw-s/nix-config: NixOS driven configuration for running a home service machine, a nas or nix-darwin using deploy-rs and home-manager.
- truxnell/nix-config: NixOS driven configuration for running your entire homelab.
- joryirving/home-service: Docker-compose implementation of this repository.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent