Hello, how do you document your home lab? Whether it’s a small server or a big one with firewall and more nodes. I have a small pc with Proxmox and there I have a VM with OpnSense. After I’ve entered my VPN as a interface in OpenSense, I noticed that I slowly lose the overview with the different rules that I have built in my firewall. And I know that my setup is relatively easy in comparison to others here in this community. I want to have a quick Overview at the various VMs, like the Lxc container, Docker containers that I have in this and the IP addresses that I have assigned to them. I search for a simple an intuitiv way for beginners.
You must log in or register to comment.
Obsidian synced via git.
🧠 + a few slapdash notes in a password manager. It’s very organic, very human.
Occasionally leads to situations like this.
I build my infrastructure with the terraform, Ansible and helm charts. The code is it’s own documentation as well as comments in that code explaining why I’ve done things if it’s not obvious.
This really is the way.
It goes beyond documentation too - it allows me to migrate to new hosts or to easily automate upgrading the OS release version.
I have a docusaurus site for my homeland and I have ansible and terraform generate files for the docs so I don’t have to record anything. Some of the stuff I note down:
- DNS leases
- General infra diagrams
- IP info
- Host info
I had that same problem, then I saw some YouTube videos where the guy recommended using Ansible to do stuff and it’s been night and day, not only it’s reproducible so if I ever want to move a service to another machine all I have to do is move a couple of roles around and possibly copy stuff over to keep the data but also it acts as documentation, because if I ever forget something I can look at the code.
Also I decided to write the roles myself instead of relying on pre-existing ones, so there’s some logic to how my stuff gets deployed and it’s easy to extend for any new stuff I want to add.
I am the note taking king probably. I worked in the construction industry for 20 years. The rule was, ‘if you didn’t write it down, it didn’t happen.’ That has just carried over to every other aspect of my life including selfhosting. Whenever I sit down to my terminal to do anything, I open Notepad++ and a regular windows notepad session. The windows notepad session is a little script I came up with that opens windows notepad with 1000 empty lines. It’s one of the many quirks I have, but I hate having to hit the enter key to start a new line. I like to be able to click on a new line for a new line of thought and start typing.
@echo off (for /l %%i in (1,1,1000) do echo.) > empty_lines.txt start notepad empty_lines.txt(Save as a bat link on desktop)
Anyways, the Notepad ++ session is for after things get worked out, I make an official entry into the Notepad++. The windows notepad session is just a scratch pad or ‘thinking paper’ from which I transfer to the Notepad ++ doc. Convoluted, no? LOL You asked, and I just pulled back the curtain for you a bit. Careful what you ask for, could stain your brain.
I try to document everything. I feel like, if I’m going to take the time to learn something, I might as well write it down. I take my Grok sessions and distill them down if I found the info relevant. I also do all of this because after my TBI which gave me a seizure condition as well as other mental/neuro issues, my memory is shit, even for someone of my age bracket. But I can stand up a server and secure it, just from my notes in a step by step manner conducive to my limited mental acuity. I’ve often wondered if anyone would be interested in my notes, like maybe some newcomer to selfhosting wouldn’t have to reinvent the wheel since I have a penchant for fucking things up.
Secrets go in Keepass.
For server configs, a LibreOffice Writer file per machine (except for RPs, I only have one for those), written as a didactic manual explaining how to install and configure everything (I work on bare metal still). I started that way since diving into self-hosting was also a way to learn Linux, Sys-Admin and web-hosting. I don’t do anything without updating the relevant chapters, or creating new ones. Not gonna lie: it’s tedious. But also a life-saver, and the rationals for my choices remain available years later, which is priceless in many ways.
Once upon a time I had neat network gear running, and I mostly YOLO-ed the doc for those, relying instead on the firmware/config backups. I had to put those devices away, but when I finally get to play with them again, I’m going to suffer re-learning and re-discovering everything.
Recently, I got to hack and old console, and just did a chronological log-file with actions taken and URLs to guides, instead of writing down everything myself. It got me thinking I might add a simple log-file to track my actions, on top of my usual guides.
Or not. Having a life is nice too 😅
If it need documentation means things are over the line when comes to complexity and I should scale down / simplify. :)
Complexity and over-engineering are a serious problem, I really try to keep it as simple as possible so I don’t have to waste time managing it, dealing with updates and potential security issues. Simple code/infrastructure breaks less and has less potential insecure points.
There’s no such thing as too simple to document. If you spent time learning how to install it, you’ll need to relearn it if you want to make any changes in the future. If you don’t leave at least some notes as to why you make some decisions, you’ll have to redo your work.
It’s also good to make notes on every configuration setting. That forces you to understand why the settings are the way they are. If you have a -f in a docker config and you don’t have any understanding of why that’s there, you might not know if it’s a development flag for getting things set up, or if it’s a critical part of your environment.
It is especially important if any of those parts are exposed to the public Internet. You might have a config set to allow unauthenticated connections and not know it.
i mean charitably you could say that your code / architecture should be self documenting, versus having to rely on READMEs / wikis
in effect, if you change the code you are by definition also changing the documentation, since the file names/function names/hierarchy is clear and unambiguous
It’s also good to make notes on every configuration setting.
I do save my settings for the various programs in a git repository…
I tried since the very beginning to build everything in ansible and terraform, so everything is in the code or in its associated README files.
But apart from that I have a hodge podge of dozens of note documents in Obsidian.
NixOS’s declarative configurations basically document themsleves: add some comments and you’re good to go and can back then up to wherever whenever
Lol.
Here: https://wiki.gardiol.org/
Based on Dokuwiki and my own experience. Mostly started to track what and why I do stuff, and published because I truly believe in a free internet.
In gitlab.
In the terraform project that builds it. Or in the cinc.sh config that makes it go.
MD lets me add diagrams.
I’m curious how everyone documents their core/critical configs to allow the non-technical in our homes work with it if needed. For instance if I’m on work travel and the Pi-hole goes down for whatever reason my wife wouldn’t be able to use pretty much anything online. I can remote in and fix it but that could be hours/a day or two later. Same then for the proxmox stack that everything runs on.
Along the same lines, how are folks documenting for EOL? It may not be a happy thought but we are all going to go someday, so what is your plan and how have you ensured loved ones can access/save important data?
It’s not just for my home server but for EOL or other issues I used bitwarden emergency access options for passwords. Of anything happens to me my wife can request access to my vault and if I don’t deny it in a certain timeframe she will have full access to it.
I did that after my brother in law got in an accident and fell into a coma. I’m very grateful he had all his password saved in chrome on his unlocked laptop because if not it would have made the period insanely more difficult for my sister.
Simple things like paying the bills would I been insanely more difficult and stressful and you don’t need extra stress in this period.
My solution is other people in the house don’t rely on anything in my setup, other than the router which runs some basic telemetry and fraud/phishing domain blocking but that’s all.
The Ansible playbooks I use to deploy it are the documentation.
Every time I set up anything, I do one of two things:
-
If it’s container based, it gets a commented docker compose file in my custom orchestration
-
If it’s on a host system, the changes are scripted and commented in a setup script, which are run on new machines. If the acrit is specific to one machine, it is configured as such
I find in-setup docs to be best for a home lab, plus if I have to replace hardware, it’s fast.
Fun fact, I do it for laptops and desktops, too.
this is basically what i ended up doing to - glad to see my approach verified somewhat ha ha!
but yeah, in general whenever i make a change / add new service, i always try and add those steps to some sort of setup.sh / docker-compose
Yea comes in super handy when you always want dropbear SSH for remote unlock, or making sure both RAID disks boot, etc.
I do it for all my software setup, too. A shell script for each, then a for loop that asks to run each. But I also made https://github.com/fmstrat/gam, so maybe I just like overkill bash.
-
