Hello, how do you document your home lab? Whether it’s a small server or a big one with firewall and more nodes. I have a small pc with Proxmox and there I have a VM with OpnSense. After I’ve entered my VPN as a interface in OpenSense, I noticed that I slowly lose the overview with the different rules that I have built in my firewall. And I know that my setup is relatively easy in comparison to others here in this community. I want to have a quick Overview at the various VMs, like the Lxc container, Docker containers that I have in this and the IP addresses that I have assigned to them. I search for a simple an intuitiv way for beginners.

    • foggy@lemmy.worldEnglish
      235·
      12 days ago

      I operate on the philosophy that it is better for me to relearn things than lean on old documentation that may no longer be accurate/relevant.

      The best way to implement a safe connection to my home lab today might not be the safest way tomorrow.

      Old dog, new tricks, etc.

      Also! Your documentation is an attackers wet dream.

      NB: this philosophy doesn’t scale.

      • Unforeseen@sh.itjust.worksEnglish
        2·
        12 days ago

        I do this continually for work as well, I approach every new project assuming best practice or approach options have changed. It doesn’t matter how experienced I am in what I’m doing, I still loop back and check.

        It’s such an automatic thing I don’t even think about it, but honestly not sure if it’s because of interest or because of fear of being called out for doing something wrong lol

      • CapitalNumbers@lemm.eeEnglish
        1·
        9 days ago

        while security might be compromised if an attacker found your documentation, it could equally be compromised by having zero documentation

        the easier it is for you to get things back up and running in the event of a data loss / corrupted hard drive / new machine / etc, the less likely you are to forget any crucial steps (eg setting up iptables or ufw)

        • foggy@lemmy.worldEnglish
          1·
          7 days ago

          Having 0 documentation doesn’t mean you have no DLP strategy. That’s amateur hour.

          And again, NB: this does not scale.

    • nfreak@lemmy.mlEnglish
      5·
      10 days ago

      My wife was mentioning the other day that if something happened to me she’d have absolutely no idea how to work any of this shit and that convinced me to actually start documenting it LMAO

      Good time to start doing it too. Aside from setting up a NAS this weekend and figuring out an audiobook solution (not something I’ve ever dabbled with but I really should start reading some communist theory), I’ve got this project right where I want it for a long while.

    • redlemace@lemmy.worldEnglish
      4·
      12 days ago

      Guilty too. There are names on router- and switch interfaces. Servers get fixed IP from dhcp so is in the note field there too. That’s about it

  • nagaram@startrek.websiteEnglish
    55·
    12 days ago

    I download the YouTube tutorials I followed, upload them to my UAT Jellyfin server, and then when my server is having issues I can’t get to the videos!

    A flawless system really

  • atzanteol@sh.itjust.worksEnglish
    321·
    12 days ago

    I build my infrastructure with the terraform, Ansible and helm charts. The code is it’s own documentation as well as comments in that code explaining why I’ve done things if it’s not obvious.

    • ch8zer@lemmy.caEnglish
      13·
      12 days ago

      This really is the way.

      It goes beyond documentation too - it allows me to migrate to new hosts or to easily automate upgrading the OS release version.

      I have a docusaurus site for my homeland and I have ansible and terraform generate files for the docs so I don’t have to record anything. Some of the stuff I note down:

      • DNS leases
      • General infra diagrams
      • IP info
      • Host info
  • LoudWaterHombre@lemmy.dbzer0.comEnglish
    31·
    11 days ago

    I am fortunate enough to only manage a homelab and not an enterprise sized network. So I don’t document anything just like at work.

  • voklen@programming.devEnglish
    16·
    12 days ago

    I have NixOS running on mine and I write everything in comments in my configuration.nix. Usually I’ll write notes about why I set a certain option above the line where I do it but I also have a section at the start that describes anything to be aware of if I’m moving this configuration to another machine. For example “This assumes a drive is mounted on /mnt/backup0

  • dabe@lemmy.zipEnglish
    15·
    12 days ago

    95% of my homelab lives on a single server, and everything I do is within containers. So, my documentation is just keeping all my compose files in a git repo and writing in comments when necessary. It’s fairly self-documenting, and I haven’t found the need to break out of just using containers for everything, besides a couple things like setting up mergerfs or cockpit, but that’s all plug and play nowadays with stuff like https://projectucore.io/

    Of course, I don’t have any other things set up in my physical layout or network stack… but all that stuff would probably just go into an entry in my notes (obsidian/wiki.vim).

  • MangoPenguin@lemmy.blahaj.zoneEnglish
    11·
    12 days ago

    I generally just make notes in Obsidian, mostly about switch ports, VLANs, IP assignments and that kind of thing.

    Also try to save snippets of commands or config edits I needed to get something obtuse working in case I need to do it again later.

  • SayCyberOnceMore@feddit.ukEnglish
    11·
    12 days ago

    A combination of Logseq (what, why, how) and KeePass for IPs and passwords (obviously)… I use the heirarchy in Keepass to show a device and then the services on it and then their configs, ie

    • Hypervisor1
      • VM1
        • root user details
        • that webUI details
      • VM2 (Etc)

    I used to do Visio drawings, but they were always out of date.

  • exu@feditown.comEnglish
    8·
    12 days ago

    It’s really a wild growth over the years. My current approach is twofold. Netbox to manage devices/VMs and associated info with service deployments using Ansible. You can use the info from Netbox as an Ansible inventory directly.

    Previously I tried network diagrams (too low detail) and spreadsheets (terrible to modify) to document machines. And for serviced I’d have an install page on my wiki (apologies, the codeblocks are somewhat broken atm)

    • Suzune@ani.socialEnglish
      41·
      12 days ago

      I run Netbox for documentation only. But your approach is what I actually wanted to do, if I just had plenty of time.

      • pezhore@infosec.pubEnglish
        3·
        12 days ago

        I use netbox too - and if you’re careful about it, you can actually use terraform to create the netbox details. I use one manifest file to handle deployment to Proxmox, set up DNS in PowerDNS, and create the relevant netbox entries.

    • irmadlad@lemmy.worldEnglish
      1·
      11 days ago

      The way you go about it on your wiki, is almost the same process/format, tho not as fancy . I’ll even throw in a couple links to tuts I found useful for that particular segment in the notes.

  • thirdBreakfast@lemmy.worldEnglish
    7·
    12 days ago

    I have it in a git repo, broken down by the nodes and vps names. In each of these folders is a mixture of Ansible playbooks, docker compose or just markdown files with the descriptions. Some is random stuff - my VPS allows the export of the cloud firewalls as JSON for instance. All the secrets needed by Ansible are in an Ansible vault, the rest in KeePass.

  • Lucy :3@feddit.orgEnglish
    7·
    12 days ago

    I just try to make everything as self documented as possible. Eg. no stray scripts, everything is either implemented in other software (eg. my main wireguard peer in systemd-networkd, without any non-obvious external dependencies) or tracked as a part of an arch pkg with a simple PKGBUILD. I usually either have very simple nets (eg. my VPN’s net only consists of four peers, in the order main - secondary - laptop - phone) or leave it to DHCP and SLAAC. I try to avoid using ports for local servers as much as possible and use unix sockets. Stuff like LVM/Luks pretty much documents itself.

  • ryanpdg1@lemmy.caEnglish
    6·
    10 days ago

    I use the notes sections in proxmox preeettty heavily. Lots of links to the helper scripts, youtube videos and other resources i used to get er’ goin’.

    In the near future I’m really hoping I can set up Netbox to help me document the network and equipment I’m putting in my homelab. a nice thing is that I went through a divorce a while ago and I’m getting to start from scratch. You’d be surprised at just how much you’ve learned since starting to self host and I think there’s this sunk cost fallacy that gets a lot of us to keep going with what we’ve got already set up because we’ve “already put so much work into it” and the concern of what we might lose by scrapping it and starting over.

    Also, not what you asked… but if you’re still relatively new with proxmox you should check out the ProxmoxVE helper scripts. Lots of good automated scripts from doing a post-install to setting up various LXC containers and VM’s