My home service stack running on a Beelink EQ12 with Fedora IoT. These podman services are supporting my home infrastructure including, DNS and Kubernetes clusters.
My home service stack running on a Beelink EQ12 with Fedora IoT. Applications are run as podman containers and managed by systemd to support my home infrastructure.
Install required system deps and reboot
sudo rpm-ostree install --idempotent --assumeyes git go-task
sudo systemctl reboot
Make a new SSH key, add it to GitHub and clone your repo
export GITHUB_USER="onedr0p"
curl https://github.com/$GITHUB_USER.keys > ~/.ssh/authorized_keys
sudo install -d -o $(logname) -g $(logname) -m 755 /var/opt/home-service
git clone [email protected]:$GITHUB_USER/home-service.git /var/opt/home-service/.
Install additional system deps and reboot
cd /var/opt/home-service
go-task deps
sudo systemctl reboot
Create an Age public/private key pair for use with sops
age-keygen -o /var/opt/home-service/age.key
[!NOTE] I am using ipvlan to expose most containers on their own IP addresses on the same network as this here device, the available addresses are mentioned in the
--ip-range
flag below. Beware of IP addressing and interface names.
Create the podman containernet
network
sudo podman network create \
--driver=ipvlan \
--ipam-driver=host-local \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
--ip-range=192.168.1.121-192.168.1.149 \
containernet
Setup the currently used interface with systemd-networkd
📍 Setting the DNS server to a container used on this system might make dragons appear 🐉.
sudo bash -c 'cat << EOF > /etc/systemd/network/enp1s0.network
[Match]
Name = enp1s0
[Network]
DHCP = yes
DNS = 1.1.1.1
DNS = 1.0.0.1
IPVLAN = containernet
[DHCPv4]
UseDNS = false'
Setup containernet
with systemd-networkd
sudo bash -c 'cat << EOF > /etc/systemd/network/containernet.netdev
[NetDev]
Name = containernet
Kind = ipvlan'
sudo bash -c 'cat << EOF > /etc/systemd/network/containernet.network
[Match]
Name = containernet
[Network]
IPForward = yes
Address = 192.168.1.120/24'
Disable networkmanager
, the enable and start systemd-networkd
sudo systemctl disable --now NetworkManager
sudo systemctl enable systemd-networkd
sudo systemctl start systemd-networkd
[!TIP] To encrypt files with sops replace the public key in the
.sops.yaml
file with your Age public key. The format should look similar to the one already present.
View the apps directory for documentation on configuring an app container used here, or setup your own by reviewing the structure of this repository.
Using the included Taskfile there are helper commands to start, stop, restart containers and more. Run the command below to view all available tasks.
go-task --list
[!TIP] 🐟 fish is awesome, you should try fish!
chsh -s /usr/bin/fish
# IMPORTANT: Log out and log back in
go-task dotfiles
[!TIP] ⌚ You can also update
/etc/chrony.conf
with custom NTP servers.
sudo sed -i 's/^#allow .*/allow all/g' /etc/chrony.conf
sudo systemctl restart chronyd
sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
sudo systemctl reboot
sudo systemctl disable --now firewalld.service
Name | Subnet | DHCP range | ARP reserved |
---|---|---|---|
LAN | 192.168.1.0/24 | 150-254 | 120-149 |
TRUSTED | 192.168.10.0/24 | 150-254 | - |
SERVERS | 192.168.42.0/24 | 150-254 | 120-149 |
GUESTS | 192.168.50.0/24 | 150-254 | - |
IOT | 192.168.70.0/24 | 150-254 | - |
WIREGUARD | 192.168.80.0/28 | - | - |