4 minutes
My Homelab Repo
This post is part of the Homelab Repo and Homelab series.
I have recently rebuilt my homelab, moving from old enterprise hardware to modern hardware that is much more compact. At the heart of this is a MS01 and a custom built HL15. I’ll post more about the hardware in other posts, but for now I want to focus on the management of the homelab.
Previously, I had a number of Git Repos, one for each service I was running on the homelab. This worked well, but it resulted in a lot of switching between repos, and repos that contained very little. I decided to go for a single repo this time around, containing everything code based for the homelab, this includes:
- Terraform IaC
- DNS IaC
- Ansible Playbooks
- Kubernetes services
- Diagrams
- anything else that makes sense
My hope is that I will be able to keep the repo public by utilizing secret management systems, and by not committing any secrets to the repo. There may however be some services I decide not to include in the homelab repo such as beta services, or services that are not ready for public consumption.
The repo is hosted on GitLab (can be found here), and is mirrored to GitHub (can be found here).
DevContainer
I like to use a DevContainer in most of my projects, it vastly simplifies the setup process of a project and ensures that I have a consistent environment for the project. My homelab repo is no exception, and I have a DevContainer setup for it.
To start, you need a .devcontainer folder in the root of the repo. In this folder, you will need a devcontainer.json file, which instructs VSCode (Or Cursor) on how to rune the container. For my repo, I have the following:
{
"name": "homelab",
"build": {
"dockerfile": "Dockerfile",
"args": {
"BASE_IMAGE": "ubuntu:latest",
"DNSCONTROL_VERSION": "4.15.5"
}
},
"containerEnv": {
"GIT_EDITOR": "vim"
},
"features": {
"ghcr.io/itsmechlark/features/1password:1": {}
}
}
There are four main sections to this file:
name: The name of the container, this is used to identify the container in the VSCode DevContainer extension.build: This section is used to build the container, it tells the DevContainer extension to use the Dockerfile in the repo to build the container.containerEnv: This section is used to set environment variables in the container.features: This section is used to install features in the container. In this case, I am using the 1Password feature to install the 1Password CLI.
I set the GIT_EDITOR environment variable to vim, as I prefer to use vim when making commits from the command line. I also have the 1Password feature installed, which will allow me to use the 1Password CLI to manage secrets.
The second important file is Dockerfile, this is a standard Dockerfile that instructs Docker on how to build the container. By default, I use the ubuntu:latest image, but this can be overridden in the devcontainer.json file.
For my repo, I have the following Dockerfile:
ARG BASE_IMAGE=ubuntu:latest
FROM ${BASE_IMAGE}
ARG DNSCONTROL_VERSION=4.15.5
RUN apt-get update && apt-get install -y traceroute dnsutils ca-certificates wget curl make git zsh unzip sudo pipx vim build-essential
RUN apt update && apt install software-properties-common -y && add-apt-repository --yes --update ppa:ansible/ansible && apt install ansible -y
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
RUN wget https://github.com/StackExchange/dnscontrol/releases/download/v${DNSCONTROL_VERSION}/dnscontrol-${DNSCONTROL_VERSION}.arm64.deb && dpkg -i dnscontrol-${DNSCONTROL_VERSION}.arm64.deb
RUN wget --secure-protocol=TLSv1_2 --https-only https://get.opentofu.org/install-opentofu.sh -O install-opentofu.sh
RUN chmod +x install-opentofu.sh && ./install-opentofu.sh --install-method standalone --skip-verify && rm install-opentofu.sh
RUN useradd -m -s /bin/zsh lab
RUN usermod -aG sudo lab
USER lab
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/home/lab/.cargo/bin:${PATH}"
RUN cargo install just git-cliff
The Dockerfile mostly just installs tools, and then creates a lab user with sudo access. The tools that this image currently installs are:
- Traceroute
- DNSUtils
- CA Certificates
- wget
- curl
- make
- git -zsh
- unzip
- sudo
- pipx
- vim
- build-essential
- tzdata
- ansible
- dnscontrol
- opentofu
- cargo
- just
- git-cliff
It’s likely that I will add more tools to the container as the Homelab evolves, but this is a solid starting point.
In the next post, I will be getting Terraform set up in the repo with a cloud backend, ready to start provisioning VMs.