Intro
I have been working on my home mesh network. The SD card in my rpi3 died, so I had to recreate the home network. I did not have any backup of the system setup, so this time I wanted to create it with IaC in mind. This way next time I do not have to start over from zero.
I wanted a solution which is self-hosted, secure, fast and easy to setup. It has to be open source as well.
WARNING: Please note that I am not an expert in this field, I do not even have a CS degree or anything. I am just a mechanical engineer having fun while tinkering with these things. Thank You!
Stack
If You find asking Yourself if IaC for a home network worth it or not, them my answer is probably not. However while doing this I was having fun and learned the following basics of:
What is the goal?
I want a home network, which is unreachable from the internet. Computers on the home
network can reach services unconditionally. I have a HTPC which serves the home network.
I use docker containers for running services: Adguard DNS, sonarr, radarr, nfs:// share etc.
I want to reach the home network from outside securely. Netmaker (WireGuard) helps me with that. Other popular alternative is Tailscale, but You need an account for that and I wanted full control over my infrastructure. Unlike Tailscale, Netmaker uses the kernel implementation of WireGuard, which makes it much faster. (Not that I need that, but does not hurt.)
Tried, but ditched
Things I have tried to use, but dropped them in the process:
- Nomad: I have thought that I need something to orchestrate my containers, but docker-compose gives me everything I need right now and is easier to setup.
- Packer: Initially I have tried to use packer for
creating Alpine Linux tailored for my needs, but
it has two drawbacks in my case:
- special images have additional costs (at least on Linode)
- using Terraform and Ansible is more flexible: You do not have to create, upload, deploy the image all the time you want to change something.
After this short into, letâs get started!
All the code for this setup is publicly available here.
References:
- https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/
- https://geekflare.com/dns-caa-record/
- https://mickael.kerjean.me/2017/12/26/getting-started-with-selfhosting-episode-1/
- https://www.digitalocean.com/community/tutorials/how-to-use-ansible-with-terraform-for-configuration-management