My Nomad homelab
Go to file
IamTheFij bb291b1f01 Move databases to their own tf files and improve first start 2024-02-13 12:05:55 -08:00
acls Add nomad ACLs and roles for use in oidc auth 2023-07-07 00:30:02 -07:00
ansible_galaxy Refactor ansible to clean root dir 2022-11-02 14:20:09 -07:00
ansible_playbooks Bump nomad 2024-02-13 12:00:43 -08:00
backups Run dummy backup more frequently to make graphs easier to read 2024-01-24 20:10:14 -08:00
core Add back other traefik ports and metrics 2024-02-13 12:03:03 -08:00
databases Move databases to their own tf files and improve first start 2024-02-13 12:05:55 -08:00
scripts Fix log from orphaned services to not say deleting when it's in dry run. 2023-10-19 12:08:28 -07:00
services Make sure gitea ingress uses system wesher config 2024-01-23 12:09:59 -08:00
storage_plugins Remove deprecated hcl2 enabled 2023-08-29 13:02:04 -07:00
.gitignore Ignore nomad variables file 2023-04-14 13:54:43 -07:00
.pre-commit-config.yaml Move scripts to subdir 2023-08-26 15:58:57 -07:00
.secrets-baseline Add auth to sonarr 2024-01-08 14:57:06 -08:00
.terraform.lock.hcl Add repo unlock via Nomad action to backups 2024-01-06 16:22:20 -08:00
.tflint.hcl Update hooks 2022-11-02 12:59:32 -07:00
Makefile Add terraform destroy to makefile 2024-02-13 11:59:47 -08:00 Fix eol on readme 2023-08-24 11:53:54 -07:00
ansible.cfg Refactor ansible to clean root dir 2022-11-02 14:20:09 -07:00 Make base_hostname more configurable 2023-08-24 15:03:36 -07:00 Remove whitespace 2023-07-07 15:56:25 -07:00
requirements.txt Update hooks 2022-11-02 12:59:32 -07:00 Add nomad ACLs and roles for use in oidc auth 2023-07-07 00:30:02 -07:00
service.nomad Use stunnel for mysql 2023-05-09 13:20:36 -07:00 Make base_hostname more configurable 2023-08-24 15:03:36 -07:00

Homelab Nomad

My configuration for creating my home Nomad cluster and deploying services to it.

This repo is not designed as general purpose templates, but rather to fit my specific needs. That said, I have made an effort for things to be as useful as possible for someone wanting to use or modify this.


make all


Both Ansible and Terraform are used as part of this configuration. All hosts must be reachable over SSH prior to running any of this configuration.

To begin, Ansible runs a playbook to setup the cluster. This includes installing Nomad, bootstrapping the cluster and ACLs, setting up NFS shares, creating Nomad Host Volumes, and setting up Wesher as a Wireguard mesh between hosts.

After this is complete, Nomad variables must be set for services to access and configure correctly. This depends on variables to be set based on the sample file.

Finally, the Terraform configuration can be applied setting up all services deployed on the cluster.

The configuration of new services is intended to be as templated as possible and to avoid requiring changes in multiple places. For example, most services are configured with a template that provides reverse proxy, DNS records, database tunnels, database bootstrapping, metrics scraping, and authentication. The only real exception is backups, which requires a distinct job file, for now.

What does it do?

  • Nomad cluster for scheduling and configuring all services
  • Blocky DNS servers with integrated ad blocking. This also provides service discovery
  • Prometheus with autodiscovery of service metrics
  • Loki and Promtail aggregating logs
  • Minitor for service availability checks
  • Grafana providing dashboards, alerting, and log searching
  • Photoprism for photo management
  • Remote and shared volumes over NFS
  • Authelia for OIDC and Proxy based authentication with 2FA
  • Sonarr and Lidarr for multimedia management
  • Automated block based backups using Restic

Step by step

  1. Update hosts in ansible_playbooks/ansible_hosts.yml
  2. Update ansible_playbook/setup-cluster.yml
    1. Update backup DNS server
    2. Update NFS shares from NAS
    3. Update volumes to make sure they are valid paths
  3. Create ansible_playbooks/vars/nomad_vars.yml based on the sample file. TODO: This is quite specific and probably impossible without more documentation
  4. Run make all
  5. Update your network DNS settings to use the new servers IP addresses