Homelab planning and DNS Focus
Dahux December 31, 2024 #Incus #Opentofu #Ansible #PowerDNS #UnboundMy Homelab/IT infrastructure covers my personal and mom-and-pop business needs. It consists at its core of:
- An Incus cluster with two mini-PCs on premises and one dedicated Hetzner server off-premises
- Two IPv4 addresses (one at home, one at Hetzner)
- Three IPv6 prefix (One /48 at home and two /64 at Hetzner)
OpenTofu creates my Incus instances and other related resources, while Ansible populates those resources and maintains them.
Ansible will not allow me to rebuild the full infrastructure from scratch, and therefore it is not full automation. I am using “incremental automation” principles as described in this Dead Code podcast episode 18.
In Ansible, I store:
- secrets using sops and age (I love
sops edit foobar.sops.ymlparadigm) - configuration files (mostly as templates)
- update management tasks (
apt-get update,apt-get upgrade)
In Ansible, I do not store:
- data
- backup restoration logic
My current task is to straighten out my DNS. I will soon rely on two Authoritative PowerDNS servers with Postgres backends (one for each IPv4).
Ansible install PowerDNS and Postgress. I create and populate the zones manually.
I will then deploy unbound for DNS recursion and ad-blocking.