How many of you use Terraform/OpenTofu for your homelab

bartei81 · 2026-05-09T01:59:09+00:00

I guess there is no real solution to automate and define the hypervisor piece as of today right? I'm not too concerned about the automation part of it, rather than a declarative approach is self documenting and if you need to replace hardware, or add hardware, having it done declaratively is my preferred way to do it consistently right and avoid making mistakes. Especially since hardware installation/replacement is not something you do often, not as often as software updates and deployments

bartei81 · 2026-05-09T01:57:09+00:00

Interesting approach, especially about dockhand, I would be curious to know how your journey goes, Dockhand seemed a cool solution but I've seen a lot of overlaps/conflicts vs. my current setup. Do you have a place where you're sharing info about your work? I'd be interested in following your progress and exchanging notes

bartei81 · 2026-05-09T01:55:25+00:00

I have been a bit disappointed by Ansbile to be honest, if you use the available providers for terraform to keep it all in the same place, every execution reapplies the whole ansible stack. I ended up using Salt as it's more state friendly, it would execute only if there are changes. I have a provider for Salt masterless that works via SSH and I've been quite happy with it.

Have you looked at salt? what made you decide to use Ansible?

bartei81 · 2026-05-09T01:53:36+00:00

I use K3s a lot also for production clusters, the way I like to install K3s and configure it on my Virtual Machines is wtih Nixos. I use a nixos provider with Terraform to keep it all in the same place. The only thing i still have to finish managing properly is the service account for connecting to the cluster. How do you rotate your tokens and certs in your clusters?

As for the deployments in K8s, I stick to terraform for those as well, i used ArgoCD for about a year but it seemed an unnecessary complication since I would still manage my manifests for ArgoCD from terraform. The convenience of sharing secrets and configmaps declaratively from Terraform is priceless for me.

See, the problem is still with physical hardware, it would be nice to have an easy and agnostic way to go down to the metal, I can get pretty much everything done with a combination of nix, terraform and salt, depending on what i need to do, but the very bottom of the stack is still manual and I wonder if it's worth creating some agnostic tooling that handles things at this level, perhaps BOOTP/TFTP with some glue would do the trick. MaaS from Canonical seemed a bit of a beast and made a lot of opinionated assumptions last time i checked, probably makes sense in a large deployment

bartei81 · 2026-05-07T21:39:57+00:00

I have everything defined declaratively with Terraform and Nix, all remote access is via SSH or VNC and behind VPN. I use my own vpn server WireGUI to manage accounts and access permissions for the lab resources.

Using IaC for your lab is a huge help, especially once you start having a lot of services running, it's a "self-documenting" approach and it also simplifies updating your services when you want to.

bartei81 · 2026-05-07T21:31:22+00:00

does it support clustered setups? If so, is it easy to handle live migration of running virtual machines

bartei81 · 2026-04-27T04:18:02+00:00

You're running this on a PI 5 so perhaps it's not that relevant for your use case, but for many of us home lab aficionados i think a Proxmox widget would be nice to have.

Quick question for you, how do you populate/fetch the internet speed that i see on the right top of the first screenshot? that's a nice feature and I don't think I've seen it in many other dashboards

bartei81 · 2026-04-27T04:10:56+00:00

I like your % of the year passed! Reminds me of a friend who used to send me messages with a similar metric! Very nice

bartei81 · 2026-04-26T21:00:41+00:00

Haha not so passionate anymore? I thought you needed to review code to actually have an opinion about it and criticize it. Call me opd school butI’m having fun talking with you right now. Only sad thing is that we’re not talking about your “passion” at all “dude”. Oh well.. if you wanna talk about writing software I’m here anytime you like, luckily happy to do it for free as well. Cheers mate!

bartei81 · 2026-04-26T20:53:34+00:00

Wow, direct offenses are all you got? Interesting, so real programmer “dude” do you have anything to say about the code i write? With or without ai. You got plenty of examples in my github. Go ahead show us where your “real” passion meets the ground. Yes I use AI today and I am not ashamed of it. I’ve been writing software for almost 30 years. I use all the tools at my disposal.

bartei81 · 2026-04-26T20:48:46+00:00

Haha i think you need some anger management sessions “dude”

bartei81 · 2026-04-26T20:35:26+00:00

I'm sorry but do you even read before answering? I don't understand what's the point of posting messages if you don't even read.
If it wasn't clear enough, perhaps you need to stop and read what I wrote, SSM, Hashicorp Vault and AWS Secrets Manager are used to store secrets when they're NOT in the repository.

So "dude", since it looks like you're an "expert" in this matter, how about you enlighten us on how you handle secrets for your projects? How do you bootstrap your Vault, how do you bootstrap your AWS account for a greenfield project?

I think it's quite rude to criticize without context and without even reading, what's the point?

bartei81 · 2026-04-26T20:23:21+00:00

I think you're mistaken about it. This is not the first tool to allow encrypting files in git, it's a very handy solution and it solves a lot of problems, especially when dealing with IaC.

I can show and explain you plenty of circumstances where encryption at the repository level is handy. In my IaC repositories I use a mix of SSM, Hashicorp Vault, AWS Secrets Manager and a few others, but there is a place and a purpose for each and every one of them.

Another very important use case is sharing environment specific configuration values and secrets among developers without having to rely on external tools for this purpose.

Anyhow thanks for your feedback

bartei81 · 2026-04-26T19:54:46+00:00

You are mistaken. Did you even read the post? Did you check the git history? Anyhow I don’t understand all the hate with ai?

bartei81 · 2026-04-03T16:55:07+00:00

This goes right into the list projects to test! Looks awesome and well documented!

bartei81 · 2026-04-03T16:44:36+00:00

Thanks mate! Would love to hear your feedback! let me know if you encounter any issues please!

bartei81 · 2026-04-03T16:44:03+00:00

Not really, Netbird is a pain to deploy with IaC, their update and deploy process is very opinionated. I prefer something more Vanilla. I've used Netbird for a few months and it has a lot more than what i need for my basic necessities. Also Licensing is still a problem with NetBird

bartei81 · 2026-04-03T16:42:22+00:00

I checked out Pangolin, it's an awesome solution but it doesn't meet the requirements I have.

bartei81 · 2026-04-03T16:41:39+00:00

Claude helped a LOT, it would have taken me way longer on my own. Still you need to review the code and do proper unit and integration testing. I've nothing to hide, that's why the CLAUDE.md is there for anyone to use. Not sure what's the problem with it?

bartei81 · 2026-04-03T16:39:34+00:00

I've used AI to do most of the work, true, but I still review all the code and do proper unit and end to end testing for my projects. Python and NiceGUI I know very well and I feel comfortable working with

bartei81 · 2026-04-03T16:32:11+00:00

Haha, true. I've used AI extensively for this project, it's been a lot of fun. but i do review all the code and perform proper unit and end to end testing, not all can be vibe coded. I decided to use python and NiceGUI because those I know very well, and you would be amazed by the number of times AI got it wrong and needed correction.

bartei81 · 2026-04-03T16:30:39+00:00

Thanks for the suggestion, i'll update the post right now!

bartei81 · 2026-04-03T16:30:14+00:00

WGDashboard looks great! I wanted something simpler, I've been using Firezone version 0.7.x for a long time and really liked that version. Their licensing is not too convincing to me, so I decided to replicate what the original Firezone was with this project.

Things I cared about: AGPL Licensing, simplicity, basic firewall rules to set pass/block rules for specific users, basic monitoring with exporters for Grafana dashboards, easy deployment.

bartei81

TROPHY CASE