• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle


  • NixOS instances running Nomad/Vault/Consul. Each service behind Traefik with LE certs. Containers can mount NFS shares from a separate NAS which optionally gets backed up to cloud blob storage.

    I use SSH and some CLI commands for deployment but only because that’s faster than CICD. I’m only running ~’nomad run …’ for the most part

    The goal was to be resilient to single node failures and align with a stack I might use for production ops work. It’s also nice to be able to remove/add nodes fairly easily without worrying about breaking any home automation or hosting.


  • Running a reverse proxy then adding your IP to your router/other-DNS-server will make it easy ish. Just don’t pick a domain that is used by other people. If you have a(ny) domain you own then a subdomain you set in your router is fine/safe.

    I have *.[house domain] point to a static IP set in my router. The IP is announced via BGP to point to running Traefik instances as a reverse proxy that points to the appropriate container. This also gives certs, but isn’t required.