Warning
Still In Progress
- Ubuntu Server 22.04 LTS
- First installation should be finished before this playbook to run
- Boot system and root in a dedicated SSD drive with the default ext4 partitioning and stores nothing but OS
- All other drives are formatted into ZFS pools
- a "fast" pool with 2 SSD in a mirror mode (~256Gb each)
- to store applications data, caches and other I/O demanded files
- a "slow" pool with 2 HDD in a mirror mode (~2Tb each)
- to store media files or other big amoung of applications data (like photos or documents)
- a "very big and slow" pool with 1 HDD in a stripe mode (~8Tb)
- to store big files that doesn't need to be redundant or backed up (for example, something that easily retractable from the internet)
- a "fast" pool with 2 SSD in a mirror mode (~256Gb each)
- Users
appsto run all non-priviliged contanershomesshto connect via sshsambashareto connect to SMB share via clients
- Variables
- with prefix
g_- described in
group_vars/all.yml - meant to be "global" across the whole homeserver
- to store all global values except passwords/secrets
- described in
- with prefix
v_- described in
vars/vault.yml - meant to store passwords and secrets
- encrypted with password written in
.vault_passfile - not supposed to be shared and should be stored only localy
- described in
- with prefix
p_- described in
main.yaml(the entrypoint-playbook) invarssection - meant to be playbook-run scoped variables
- described in
- another prefixes like
bkrs_- described in a dedicated role's
defaultsdirectory - meant to be a role-scoped variables aka "role's input parameters"
- described in a dedicated role's
- with prefix
- Permissions
0644- More relevant for files- Owner can read & write.
- Group and Other can only read
0754- More relevant for directories- Owner can everything
- Group can read and "open" directory (see what inside), but can't write
- Other can only see the directory, but can't "go inside" nor write.
- Directory structure
/only for OS/mnt/poolsto mount ZFS pools/mnt/pools/<fast|slow>/apps-data/<app's name>stores all stuff dedicated to the given app directly/mnt/pools/fast/docker/data-rootis dedicated to store all docker related stuff instead of/var/lib/docker
- Files Structure
{
"data-root": "/mnt/pools/fast/docker/data-root",
"storage-driver": "overlay2", // no needs to use zfs-driver since zfs 2.0
"log-driver": "json-file", // for 'promtail' and 'loki'
"log-opts": {
"max-size": "1m",
"max-file": "1"
},
"metrics-addr" : "0.0.0.0:9323", // for 'prometheus'
"experimental" : true
}- Configure observability
- Configure Docker containers observability with Loki/Prometheus/Grafana
- Configure internal bridges between Prometheus and apps that pushes metrics
- Fix docker metrics providing
- Fix immich metrics providing
- Configure host logs and metrics
- Install Promtail to push
/var/log/*logs to Loki - Push Storage/RAM/CPU of host machine to Prometheus
- Collect ZFS related metrics
- Error rate
- Datasets
- Snapshots
- Install Promtail to push
- Configure Samba
- Configure MacOS TimeMachine backup
- Configure reverse-proxy
- Configure HTTPS
- Configure backups
- Install backrest
- Schedule local backups
- Shedule remote backups
- WebDAV MailRu Cloud
- Google Drive
- Yandex.Disk
- Mega
- Backblaze B2 (?)
- Configure DB dumps
- Configure auto snapshoting
- Configure backuping from snapshots
- Configure remote access without public exposure
- Choose between Tailscale and Wireguard
- Configure local DNS
- Setup PiHole