fpallas/lab
1
0
Fork 0
Code Activity
No description
57 commits 1 branch 0 tags 142 KiB
Find a file
Exact
Florian Pallas 8597df67e4 add minecraft
2026-05-16 02:18:30 +02:00
playbooks persist unprivileged port binding config across reboots 2026-05-03 13:28:08 +02:00
roles add minecraft 2026-05-16 02:18:30 +02:00
.gitignore add inventory 2026-02-02 23:25:54 +01:00
ansible.cfg switch to ansible roles 2026-02-02 23:16:14 +01:00
inventory.ini add inventory 2026-02-02 23:25:54 +01:00
LICENSE add services 2025-12-21 16:29:08 +01:00
README.md expose crowdsec lapi to host 2026-04-09 21:15:09 +02:00

README.md

Homelab

Things I need to survive, hosted locally.

Services

  • Adguard
  • Forgejo
  • FreshRSS
  • Home Assistant
  • Immich
  • PocketId
  • Portfolio
  • Woodpecker CI
  • CrowdSec

Updates

Services are automatically kept up-to-date using the podman auto update service within their specified tags. This allows for time-critical non-intrusive updates to be applied automatically without user intervention.

Backups

All stateful services are backed up automatically and regularly. By using restic snapshots, it is possible to restore services to a desired point of time, without requiring excessive storage.

Security

Instead of docker, which requires a rootful daemon, podman is used. This allows each service to be run under their own user on the host. Those users do not have root permissions, making it much harder for attackers to access files from other services, even if they can break container isolation.

While this is not as secure as separate VMs or machines, it provides a good balance between practicality and security.