Hi There 👋

This is Part 1 of a 3-part series: “GitOps for Homeservers” Part 1: My Homeservers, Ansible, and the Pain Points (You are here) Part 2: Searching for the Right Tool — Komodo, Dockhand, and Beyond Part 3: ComposeFlux — A Lightweight GitOps Tool for Docker Compose Also read: How I Manage My Homeservers with GitOps and Docker Compose on Medium. Introduction I have been managing 2 homeservers and 5 virtual machines in the cloud for almost 2 years. As my enthusiasm grows to self-host software — both for fun and actual use — my docker-compose files and stacks keep growing too. Deploying and managing them became painful over time. ...

This is Part 2 of a 3-part series: “GitOps for Homeservers” Part 1: My Homeservers, Ansible, and the Pain Points Part 2: Searching for the Right Tool — Komodo, Dockhand, and Beyond (You are here) Part 3: ComposeFlux — A Lightweight GitOps Tool for Docker Compose Also read: How I Manage My Homeservers with GitOps and Docker Compose on Medium. Introduction In Part 1, I covered my homeserver setup, the Ansible-based deployment workflow, and the problems that came with it — slow deployments, no selective deployment, manual triggers, and the fact that it was never true GitOps. ...

This is Part 3 of a 3-part series: “GitOps for Homeservers” Part 1: My Homeservers, Ansible, and the Pain Points Part 2: Searching for the Right Tool — Komodo, Dockhand, and Beyond Part 3: ComposeFlux — A Lightweight GitOps Tool for Docker Compose (You are here) Introduction In Part 1, I covered my homeserver setup and the Ansible-based deployment workflow along with its pain points. In Part 2, I evaluated alternatives like Komodo and Dockhand — solid tools, but none fully fit my needs. ...

This is a how-to guide inspired by “Quick and Easy SSL Certificates for Your Homelab!”" focus on Traefik reverse proxy server. Although this guide focuses on DuckDNS, a similar configuration can apply to any DNS provider. The trick is by setting private IP for the domain name you own, in my case DuckDNS. Get DuckDNS Sub-Domain Sign-up an account in duckdns.org, choose a sub-domain(As I choose a dummy sub-domain lser.duckdns.org) and add your home server IP address(In my case 192.168.0.120) ...

Introduction One of the services I always wanted to have on my raspberry pi home server is VPN and BitTorrent, which basically, route all BitTorrent traffic through a VPN container. Then I saw Wolfgang’s “Set Up Your Own Wireguard VPN Server with 2FA in 5 Minutes!” on Youtube, which inspired me to set up my own VPN server. I quickly created an instance on Oracle Cloud and ran the ansible playbook to deploy the wireguard VPN. After I tested a few months on Mobile and PC, I’m comfortable setting up server and client. So, I decided to use the Wireguard in my raspberrypi-homeserver project. ...

Previously in part 1, we have deployed the qBittorrent with Wireguard VPN on docker swarm. In this part, we will test the deployment, configure qBittorrent and finish the blog with the kill switch configuration Testing Below are the tests to make sure qBittorrent has access to the Internet through Wireguard VPN ➡️Make sure Wireguard and qBittorrent containers are up and running. ➡️Check you are able to ping Wireguard container from qBittorrent ...

Introduction I have been working on my home server setup on Raspberry Pi 4. I’d like to deploy all of my services/tools in docker containers, and for that, I need a nice and fancy container management tool I want to have on my home server. I had checked multiple sources, and finally picked two; they are Portainer and Yacht. Portainer is a well-known container management tool and Yacht is fairly new. In this post, I would like to give my thoughts on both tools. ...

There is a cool feature in docker called userns-remap, discovered while doing my RaspberryPi home server project; 15#issuecomment-1296311979, I can just enable userns-remap and docker does all remapping of uid and gid inside docker container to a non-root user on the host. https://docs.docker.com/engine/security/userns-remap/ How to enable *It is better to reinstall docker and remove all existing docker volumes Add below /etc/docker/daemon.json { "userns-remap": "default" } Restart the docker daemon $ sudo systemctl restart docker Ansible automation here In-Action # Run the Nginx container $ docker run -it -d nginx # Inside, the process thinks it is running as root! veerendra@atom:~$ docker exec -it nginx whoami root # But outside(on host namespace), the process running it as non-root user veerendra@atom:~$ ps aux | grep nginx 165536 350093 0.0 0.0 6320 4688 ? Ss 03:21 0:00 nginx: master process nginx -g daemon off; 165637 350208 0.0 0.0 6788 4288 ? S 03:21 0:01 nginx: worker process 165637 350209 0.0 0.0 6784 4284 ? S 03:21 0:00 nginx: worker process 165637 350210 0.0 0.0 6784 4284 ? S 03:21 0:01 nginx: worker process 165637 350212 0.0 0.0 6784 4284 ? S 03:21 0:01 nginx: worker process veerend+ 937492 0.0 0.0 6420 1844 pts/0 S+ 16:22 0:00 grep --color=auto nginx As you can see I have not specified any user while deploying the container, but the user inside the container is isolated i.e remapped to a non-root user(uid:165637, gid:165637) on the host ...

Introduction I have been working on a RaspberryPi home server project for quite some time. The project is a collection of applications to run on RaspberryPi and all applications are deployable with docker-compose files and ansible automation. One of the applications I was configuring is Pi-hole, a network-wide ad-blocker. I decided to use Pi-hole as also DHCP server for my LAN. When I look into docs, it says it has to be run as network_mode: host, because it allows Pi-hole to listen to DHCP broadcast packets. If the Pi-hole is deployed in bridge mode, there is a Linux bridge(Think of it as a router for a second!) which won’t allow broadcast packets. ...

Introduction Hello my dear fellow humans, hope you are having a great day. Today’s guide is on how to recover from a disaster for Strimzi Kafka with Velero. First of all, what is Strmzi Kafka? https://strimzi.io Strimzi provides a way to run an Apache Kafka cluster on Kubernetes in various deployment configurations. Back in a while, I worked on Strimzi Kafka deployment on Openshift, very easy to set up and manage production-level Kafka cluster on Kubernetes, I have to give credit to the Strimzi project team, did a great job on documentation, support on Github discussions and active developments. ...