100daysofhomelab
Terraform Provider in Rust (Day 36-37)
From terragrunt hooks to a Rust Terraform provider to replace hacky workarounds for OIDC realm configuration in Proxmox.
Vince
100daysofhomelab
Proxmox OIDC integration and terragrunt hooks (Day 36)
Turns out the Telmate Proxmox provider doesn't have resource support for creating authentication realms or configuring OIDC. But since Proxmox has a REST API, I could work around the provider limitations, and so I ended up with: terraform { source = "." after_hook "create_realm" { commands
100daysofhomelab
Authentik OAuth2 with Terraform (Day 35)
I recently started using Authentik to provide auth for my services and applications in the homelab. Authentik is an open-source identity provider that supports OAuth2, SAML, and more, and comes with a Terraform provider, so naturally, I defaulted to managing everything that way. This means I no longer need to
100daysofhomelab
Talos extensions & Longhorn (Day 34)
I wanted to install Longhorn on my Talos cluster and found out how involved it can be, especially if you are not used to the whole immutable OS's. Longhorn needs iscsi-tools and util-linux-tools . This is how I ended up installing them Extensions 1. First create an extensions.yaml
100daysofhomelab
VLAN Trunking and Proxmox Clusters (Day 33)
Following the post systemd-and-proxmox-day-3, I eventually declustered my Proxmox nodes. Now with the addition of a new MinisForum MS01, I did some rebuilding and went back to Proxmox clusters. The current setup includes both PCs in a cluster, deliberately excluding the OPNsense Proxmox node, with the main advantage of clustering
100daysofhomelab
Setting up Talos in HA Mode (Day 32)
Setting up a high-availability Kubernetes cluster with Talos
100daysofhomelab
TIL: DNS Search Domains (Day 31)
What Are Search Domains? Search domains are DNS suffixes automatically appended to unqualified hostnames to help resolve local network resources. When you type server1instead of server1.home.network, your system will try both. The Problem When combined with wildcard DNS records (*.domain.tld), search domains can cause external domains to
100daysofhomelab
Automating Kubernetes Secrets with ArgoCD and SOPS (Day 30)
Automating Kubernetes secret management with ArgoCD, SOPS and helmfile for a fully GitOps-driven workflow.
100daysofhomelab
Chartmuseum Repository continued ... (Day 29)
Continuing from the previous ChartMuseum setup entry, today was about solving the DNS resolution and network connectivity issues (some of which had to do with my firewall blocking traffic across certain VLANs). The DNS Challenge Yesterday ended with this error: DEBUG Fetching chart list from storage ERROR RequestError: send request
100daysofhomelab
Private Helm Chart Repository with ChartMuseum (Day 28)
Setting up a self-hosted Helm chart repository with ChartMuseum and Minio.
100daysofhomelab
Installing CrowdSec on OPNsense (Day 27)
CrowdSec is a security tool that detects and blocks malicious IPs using a collaborative approach to share threat intelligence across users. I initially planned to run CrowdSec just on Traefik, but having it at the firewall level provides more protection for all devices on the network. Installation CrowdSec has a
100daysofhomelab
Secure Secret Management with SOPS, Age, and Bitwarden (Day 26)
Using SOPS with Age encryption for secret management, Bitwarden Secrets Manager for key storage, and integrating it all with Terragrunt for secure infrastructure as code.