Homelab - Find my website here!
- Terraform: https://developer.hashicorp.com/terraform/install
- Terragrunt: https://terragrunt.gruntwork.io/docs/getting-started/install/
- Docker: https://docs.docker.com/engine/install/
- Cloudflare Tunnels + Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/
- Snort (IDPS): https://www.snort.org/
- Get a domain name. https://porkbun.com/ has some cheap ones!
Key Requirements:
- Update the environment files for env-vars and global-vars
- Update .env for firefly and immich in infra-modules
- Update the caddyfile (in volumes/caddy/caddystuff) as per below:
<YOUR_DOMAIN> {
file_server
}
https://subdomain.{domain_name} {
reverse_proxy {local_ip:port}
}
...
You may have to automatically upgrade insecure headers because of http / https differences when going from cloudflare tunnel to reverse proxy to app.
sudo terragrunt run-all apply
cloudflared tunnel --config server_config.yml run <tunnel UUID>
-
Secure all "private" exposed services with sensitive data using MFA - TOTP, OIDC etc...
- An example with immich: https://immich.app/docs/administration/oauth/
- I did not get authelia to work...
-
Install an IDPS like snort (intrustion detection prevention system) to sniff out unwanted snooping/intrusions and take action with cloudflare dashboard
-
If possible, host this on a "clean" host machine with no other sensitive data to be compromised
-
There are many terragrunt.hcl in infra-live which I commented out because I just found better apps (e.g. syncthing, donetick) or did not like the security vulnerability (e.g. watchtower). You can still uncomment the terragrunt.hcl, and ensure *.tf infra-modules are uncommented and it should work!
- Coming Soon!
TODO: update with gnupg instructions