this post was submitted on 28 Oct 2023
3 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Just posting here cause I have been a lurker for a long time and wanted to share the latest version of my Kubernetes based homelab !

When finally all of it is in one place !

Services Details:

  • Authentik: Authentication SSO for all services (The UI you see here)
  • Adguard: DNS server for the homelab as well as DNS blocker
  • ArgoCD: Applications to deploy apps to Kubernetes
  • Gitea: Git source code version control
  • Longhorn: Storage for the Kubernetes cluster
  • MinIO: Backup storage for the Kubernetes cluster
  • DSM: Synology NAS main UI
  • Traefik: Reverse proxy for the homelab
  • TrueNAS (Scale): Main NAS
  • Unifi: Unifi UI homepage
  • Vault: Secret storage for the Kubernetes cluster
  • Wireguard: VPN to access services from outside
  • Grafana: Dashboards for the homelab
  • Graphite: Exporter to retrieve external metrics to feed them back to Prometheus
  • Prometheus: Metrics DB to feed Grafana
  • FlareSolverr: Bypass cloudflare protection
  • Gotenberg: Convert files (Word, excel, etc)
  • Prowlarr: Serves as a discovery server for Radarr and Sonarr
  • Radarr: Handles movies
  • Sonarr: Handles TV Shows
  • Sunshine: Selfhosted cloud gaming PC UI
  • Syncthing: Handles files synchronization between devices
  • Transmission: Handles P2P Files
  • Immich: Google photo replacement
  • Libreddit: Access reddit without reddit
  • Overseerr: Movies and TV Shows request management
  • PaperlessNGX: Stores all documents
  • Plex: Personal netflix
  • Tandoor: Recipes management
  • SearxNG: Selfhosted search engine

Any question or feedback is welcome !

you are viewing a single comment's thread
view the rest of the comments
[–] akram_boutou@alien.top 1 points 1 year ago (1 children)

Thank you for sharing, looks great. I wonder how you configured access to the Kubernetes services. You mentioned you leverage WIreguard VPN but is it possible to configure SSL certificates for the VPN services?

[–] Unsaddle5359@alien.top 1 points 1 year ago (1 children)

I have added an edit but before you posted this so let me answer here (you can check the edit also if you feel like it)

Basically I use traefik and cert manager to retreieve star SSL certs (*.domain.com) for all the domains I own, as those are done via DNS-01 challenges you don't need your server to be accessible via internet.

The VPN is then pointing at adguard for its DNS and adguard points my star domains to traefik which then redirect to each services with the star certificate

EDIT: external services such as the VPN itself is also redirected via Traefik using external services objects so my VPN can sit outside the cluster (in my trueNAS machine) but still have an SSL cert

[–] akram_boutou@alien.top 1 points 1 year ago (1 children)

Thanks, indeed you are right using DNS 01 challenge can be appropriate for this. Btw do you use a VPN for transmission. I mean, for egress traffic, I have been trying to figure out how to set it up without any luck.

[–] Unsaddle5359@alien.top 1 points 1 year ago

I don't require it as it's allowed where I live for personal use ^^

But you would require a sidecar pod from whatever vpn and use a given config by your vpn provider then redirect all pod traffic through your sidecar but I think some images of transmission have it all included.