
Show HN: HomelabOS – Ansible scripts to deploy self hosted cloud services - NickBusey
https://gitlab.com/NickBusey/HomelabOS
======
giobox
Interesting. Those that decide to self-host this stuff, do you ever worry
about the maintenance burden? While obviously this doesn’t help privacy
concerns and I’m sure certain other things, for those of us with less serious
OpSec needs this looks like a _lot_ of stack to update, patch against
vulnerabilities etc.

For me personally, I’m happy to cede some small degree of control and whatever
else to a good quality third party provider who has a team that is paid to
actively maintain and secure the product, leaving me to spend more of my
limited free time with my family rather than debug why the letsencrypt
certificate for my self hosted mail server/VPN/cloud store/whatever hasn’t
auto-renewed correctly etc.

I’m sure there will be plenty of “i’ve ran my own mailserver since the 90s and
nothing has ever broken” wizards here, but everything works until such time as
it doesn’t. I’d be curious to hear from people who have had trouble.

~~~
mStreamTeam
I'm a developer who's been taking a crack at the convenience problem of
selfhosting. I've been hosting my own services with various success for the
last few years, and maintenance has never been an issue. Once the software is
running, it's pretty trivial to update it.

The biggest pain point is installation. Most selfhosted software has a ton of
dependencies to install first. And after that there's usually some
configuration that has to be done before it will work. A complicated
installation is enough to drive even tech savy users away.

I've had some luck with my own software by targeting Windows users as well.
Most people don't want to setup a linux box just to selfhost a single piece of
software.

~~~
orange222
Why not just go with a docker image, no manual installation of individual
dependencies necessary.

~~~
weberc2
Most interesting apps run as multiple containers (e.g., a database) and then
you need to provision volumes for application's data and configuration files.
It doesn't seem clear to me that this is a strictly simpler state of affairs
than local installation.

The real wins from Docker (for this use case) are:

1\. Docker is a better process supervisor than systemd and friends

2\. Simple, fast deployment (no manage ansible scripts or rebuild/reboot a
machine image)

3\. Built-in, standard logging

~~~
orange222
I think helm (helm.sh) solves that problem. Helm is basically package manager
of kubernetes. So to install any app, as long as there is a helm chart for
that app, you simply do: helm install myapp and helm will install the app on
your kubernetes cluster.

~~~
weberc2
Right, but now you're running Kubernetes for a single server, which is the
very definition of overkill. Installing Kubernetes isn't easy, at least not
when you consider DNS, ingres/load balancing, logging, etc.

~~~
orange222
Scenario #1: Installing kubernetes, helm and then installing your app

1\. Spend maybe 2-3 full days install kubernetes, helm

2\. Spend maybe 3-4 hours installing your app through helm because you're new
to installing things in kubernetes.

3\. The next app that you want to install on your server is only 20 minutes
away, now that you understand how kube and helm work.

Scenario #2:

1\. Install app directly on server, hunt down dependencies and other weird
things, probably takes 1 day at least, to do the whole installation.

2\. The next app that you want to install will take the same amount of time
again.

I'd go with Scenario #1 as it is more scalable if I want to install more apps
on my server.

~~~
berti
> Install app directly on server, hunt down dependencies and other weird
> things, probably takes 1 day at least, to do the whole installation.

What distro are you running? Either I am very spoilt with Arch (+AUR) or this
is way off the mark.

~~~
snazz
Really depends on the package. I’ve had programs that take about a day to
install, because the source wasn’t really portable and I really needed to get
it to build, and I’ve had programs that are just five commands and it runs.
It’s more work if you get the source from upstream than if you get it from
ports or Portage or the AUR.

------
davestephens
This is awesome!

I run a similar project called Ansible-NAS, which was borne out of FreeNAS
being a pain in the ass to manage and upgrade.
[https://github.com/DaveStephens/ansible-
nas](https://github.com/DaveStephens/ansible-nas)

~~~
barrystaes
Do you know of Unraid? Webinterface for NAS and installing dockers in just a
few clicks. Simple and versatile. And no need for raid shenanigans - hence the
name.

------
mnutt
This is an interesting effort and reminds me a bit of
[https://github.com/sovereign/sovereign](https://github.com/sovereign/sovereign),
though HomelabOS has significantly more apps and sovereign hasn't been touched
in a while.

~~~
NickBusey
I used Sovereign for a while before making this. It just didn’t scratch my
particular set of itches.

------
INTPenis
I was more interested in the list of software than the ansible playbooks.
Minio was especially interesting as I just started doing cloud development and
have yet to figure out how to do it offline since my app fully integrates into
S3.

~~~
FooHentai
Minio is a really interesting piece of software to play with. The docs have
some fairly important pieces missing, and the scale-out/resiliency
capabilities are mostly missing (deliberately I think, guided by the way the
authors describe it's intended uses). As a result it ends up more of a toy/dev
tool than something to rely on for persistent 'home production' backing of
services.

That said, for transient development purposes it's perfect. As an on-prem
replica of object storage/S3, it's tantalizingly close but not quite there.
Maybe it's improved in the last year or so since I last used it...

~~~
INTPenis
Unfortunately it does not mirror the S3 admin API which I need for my app
because I let users create their own credentials.

I'm going to try Zenko next.

------
etbusch
This looks really nice, and is similar to my homelab, except that mine took
many tens of hours to setup and tune.

------
alaq
Super interested in this, will try it out. Thank you for building it.

A couple of questions: \- Can I deploy this to a Digital Ocean droplet or
similar? (I am assuming it's the case, but just checking). \- There's openvpn,
and there is pi-hole. Can I assume that if I connect a device to the VPN, I'll
also get ad blocking via pi-hole as a bonus, or do I have to edit my DNS
servers on the device separately.

A couple of software suggestions: \- I'd love to see Wireguard instead of
openvpn. The setup/speed is just amazing. \- I'd love to have Matrix
([https://matrix.org/blog/home/](https://matrix.org/blog/home/)) as a
messaging option

~~~
NickBusey
You can definitely deploy this to a DO droplet.

Pi-hole out of the box support is a bit wonky at the moment, I've been working
on it, but it's not quite to the point you described just yet. Contributions
encouraged!

Those both sound great to me, and again, Merge Requests are highly encouraged.
:)

------
foolinaround
This is an interesting effort, How can this be compared with the Sandstorm
project? TIA!!

~~~
NickBusey
I have actually used the hosted version of Sandstorm in the past with some
success, but did not realize at the time that they also offered self-hosting
for it.

In general though it looks like they are taking a very different approach to
deployments as a whole. They describe some of those differences here:
[https://sandstorm.io/news/2014-08-19-why-not-run-docker-
apps](https://sandstorm.io/news/2014-08-19-why-not-run-docker-apps)

While I won't get into the specifics of the pros and cons of each of their
bullet points, I will say HomelabOS arose (as some of the other commenters
have pointed out) as a way for people interested in this sort of thing to
experiment with it. Sandstorm looks more geared toward being usable by
'anyone', which is an admirable goal, if perhaps a bit ambitious in my mind.

------
neuromantik8086
Maybe I'm being obtuse, but doesn't using a configuration management tool to
deploy black-box Docker containers eliminate many of the advantages of using
config management in the first place?

~~~
NickBusey
So you’re asking why not simply use Ansible to deploy all this software?
Because that would be anything but simple and would negate almost all the
benefits of docker like easy updates and immutability. This is the best of
both worlds in my opinion. Ansible handles deploying the configuration that
docker then uses.

Additionally the plan is to move to Kubernetes soon for multiple node
deployment, and that wouldn’t really be possible without Docker.

And to be clear, some software is installed directly by Ansible, where it
makes sense to do so.

------
indigodaddy
Can't get to the URL (Gitlab appears down?), however does this support, or
preferably incorporate, a reverse proxy like HAProxy or Nginx to handle SSL
(auto/LE preferably) and domain/ACL based back-ends?(eg, instead of having a
bunch of different front-end ports with a single-domain entry-point)

~~~
dsumenkovic
Some users may had issues connecting to GitLab due to an issue with our
upstream provider's IP addresses being routed to other service providers. More
info can be found at [https://status.cloud.google.com/incident/cloud-
networking/18...](https://status.cloud.google.com/incident/cloud-
networking/18018).

~~~
NickBusey
How often do the GitLab trending repositories update? HomelabOS has doubled
from 130 to 260 stars in under a day, but the 'Trending' page mostly shows a
bunch of repos with 10-30 stars.

~~~
dsumenkovic
That's a really interesting question. However, I think that's not something
regular, so there's no fixed multiplication. It may double or multiply even
more, there's no rule :-).

------
joh6nn
Interesting. Does this handle SSO at all, and if so how? Semi-relatedly, does
it support multiple users?

~~~
NickBusey
Not yet. The plan is to use LDAP for this, but it hasn't been tackled yet.
[https://gitlab.com/NickBusey/HomelabOS/issues/20](https://gitlab.com/NickBusey/HomelabOS/issues/20)

Regarding multiple users, it really just sets up an admin user for most
services. Any multiple user support is then up to each service individually.
But if you're asking if it does automated separate instances of services for
different users, then no, it does not do that.

------
sigstoat
related, i’d like to see some software which could configure aws services to
implement zapier like functionality for you.

and/or implement/deploy simple personal web services (rss reader, wiki, maybe
even webmail?) on top of apigw/lambda+other services as necessary.

------
barrystaes
For getting started with dockers on your home server, try Unraid OS. Its
terrific and takes all the pain away. I consider myself a docker power user
now, but i still use Unraid at home because it works great.

------
alexnewman
I'm curious what the largest installation of nodes which used ansible. Every
time I've tried using it at scale it was incredibly difficult vs k8s,
cfengine, salt

------
sudovancity
Awesome this is what I have been looking for!

