03653 - 21d
I've apparently decided to go passed balls deep into more sysadmin stuff lately. I just did a migration to move to IaC for all of my load balancers. Added some testing, some staging, fun branch protection and authorization rules, post deploy testing, storing the previous configs as build artifacts XD.
semisol @semisol - 21d
IaC is great.
Turns out when I can just make a feature branch for adding a new upstream, or adjusting my routing rules, or add a new site is a lot of fun and much easier to test and deploy.
This current setup is basically just shell commands and my OneDev server. I typically use ansible but I wanted to do it "by hand" this time. I'll probably switch back to ansible when I get comfortable with this workflow. Keep in mind I'm managing virtual machines cloud and metal.
It's something! When it works it's super simple, setting it up though, that was a bit of a challenge, but not bad.
Thanks for noticing XD
While I can't relate, I can imagine XD. I have one step over a home datacenter, so I'm not building anything massive here, but now that I've stepped up, yeah It's gonna be hard going back. Only a small handful of customers, but I wanted to give them more stability, without going full cloud.
> Sooooo felt. I have been sitting here scrutinizing everry U in my 12U rack - and the cents in my bank account - to built a homelab to be fully and entirely self-sovereign. Goal is to literally live fully selfhosted - with little to no reliance on SaaS. x) It's big fun, also big annoying. I'm trying to live that dream!! And then be able to publish my work without anyone's permission. I ended up with cloud l4's to hide my physical location/IP address, that's it. I use L4 in the cloud so I hold my TLS private keys. I used to have a nearly full 42 while experimenting 5 or so years ago but after a move and physical constraints I just recently got a 28u rack back up and got a bunch of "newer" equipment. I can relate to the fan thing, for me, I have accumulated so much Dell equipment and spare parts I will pretty much only search for used Dell machines because I have enough spare parts to keep my operation moving. I used to buy and sell equipment for a little while, helped my pay for college and food XD. That said, I've never had a fan fail in a critical machine fingers crossed. Big fan of podman, I'm working on k3s, I want to move totally over to an HA kubes setup, but it's a bear to learn kubes.
Yes, layer 4. Nginx as a stream proxy pointing to home directly. No vpn. The only purpose is to hide my IP address. I then configure my firewalls to listen explicitly for the IP addresses of the L4 proxies. My cloud provider when down last weekend for like 14 hours so I decided to configure another L4 in the US-west datacenter. So now I have us-east and us-west. I then also decided to add another L7 proxy and use the L4s to distribute connections across the two at home.
It's fun, especially since you can use your favorite IDE to tell AI: "hey, can you setup my inventory file and some playbooks to update all my machines and run an audit..." and so on. It's fun. It's not defining machines but interacting with them in yaml lol I was interested in terraform, but it didn't seem very useful for provisioning metal without a "messy" orchestration system running. I'm sure Ill still need it, but for now I want to get over the kubernetes hump and see if I can work from there.
