My personal setup for homelab, just a bunch of services deployed with docker-compose and make
Follow guide on Installing fedora CoreOS on Bare Metal
- Download FCOS ISO
podman run --security-opt label=disable --pull=always --rm -v .:/data -w /data \
quay.io/coreos/coreos-installer:release download -s stable -p metal -f isoBurn ISO to USB drive or mount it via piKVM to server
- Install FCOS
Reboot server and boot from USB drive
Run following command to install FCOS
sudo coreos-installer install --ignition-url https://github.com/xtruder/homelab/raw/main/ignition/jarvis.ign /dev/sdX- Reboot server
Reboot server to apply changes
sudo rebootAfter reboot the server will automatically be rebased to ucore server image, this will cause server to restart twice.
- Enroll ublue secure boot keys
sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der
sudo rebootDuring reboot you will be asked to enroll secure boot keys, select enroll and enter password.
- Create host ssh key and add it as deploy key to github:
ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pubAdd key to: https://github.com/xtruder/homelab/settings/keys
- Clone and apply dotfiles
git clone git@github.com:xtruder/homelab.git ~/homelab
chezmoi init --apply --sourceDir ~/homelab- Reload systemd daemon and enable linger
systemctl --user daemon-reload
sudo loginctl enable-linger coreTo pause automatic deployments create .working file and it will docker reloads
- Setup tailscale
tailscale up
- Setup firewall
firewall-cmd --zone=trusted --change-interface=incusbr
firewall-cmd --zone=FedoraServer --add-interface=tailscale0
firewall-cmd --add-port=80/tcp
firewall-cmd --add-port=443/tcp
firewall-cmd --add-port=8080/tcp
firewall-cmd --add-port=8443/tcp
firewall-cmd --runtime-to-permanent
- Configure DNS entries for docker-compose stacks