I have used gitlab in a work setting; it is indeed a resource hog.
Right now I host a couple forgejo instances. There is integrated CI/CD in forgejo but it is beta quality at best. What most people (including forgejo devs) do is set up woodpecker CI (forked from drone after they went closed source). It is about as straightforward as setting up forgejo, and the official docs for both will get you going in an afternoon if you're decently comfortable with your system, as a bonus you can point woodpecker at other places including your public/private github and not just what you're hosting yourself. Protip: don't use the local backend for the runner, but install the docker engine on the host running woodpecker-agent and configure accordingly.
I have a magical kubernetes setup for one instance that uses the cluster to run the pods that run the pipelines but I wouldn't recommend if you're not looking to get into bullshit cloud architecture cluster nonsense.
I too am familiar with gitlab through work. We used gitlab.com instead of hosting it ourselves, so unfortunately I didn’t gain any insight into installing and running the core gitlab services. I still might install gitlab on my cluster since gitea/forgejo’s cicd and infra offerings don’t seem comparable to gitlab’s.
> bullshit cloud architecture cluster nonsense
I actually am looking to get into that I mean, I have the k8s CKA cert and have some k8s experience from my last job, but I’m hoping to get some more hands-on experience by adding a couple k8s nodes to my proxmox cluster. I’d like to get better at the admin side of k8s I didn’t have access to as a developer.
I’m hoping to get some more hands-on experience by adding a couple k8s nodes to my proxmox cluster. I’d like to get better at the admin side of k8s I didn’t have access to as a developer.
I built out a bare metal triple master cluster on some old thinkcentre boxes that I stuck new ram and ssds in. I used k3s (lightweight k8s implementation) on the recommendation of a friend. I even 3d printed a rack to hold the boxes all nice and tidy in. It has been pretty fun, and eaten up most of my free time for the last couple months (not complaining). I'd never played with it before this, though at one of my old software jobs everything was on a k8s cluster before we transitioned fully to amazon serverless, so there was a lot to get into but I do enjoy building what amounts to network rube goldberg machines, after having done everything the old fashioned way since forever.
I think woodpecker ci is definitely comparable but it is /one more thing/ to configure and potentially break so I totally understand. Tight integrations are nice where you can find them.
3d printing is one of those things that I never got into, don’t know why. Probably the cost of hardware when it first became popular.
I don’t have a 3d printer so I used scrap 2x1s and wheels I pulled off an old filing cabinet to build a rack. The most expensive part of the rack are the mounting rails.
Also, you’ve convinced me to give woodpecker ci a try. It doesn’t seem like much work to get running.
I only got into it after picking up a 3d printer last black friday. Been learning as I go. I think my next project with it will be to do a proper standard sized 10 inch rack to mount everything in, since the current rack is purpose designed to just slot the 4 thinkcentres
I think I've hit this wall as well. I'm watching stuff on my Internal-to-VPN Server interface hit the pi-hole and then just disappear on the firewall logs. I've got my phone to home set up and locked in and have had it work for a while now. Now that I've implemented the firewall rule to send stuff from my wireguard client IP range to the new gateway address for TorGuard, the handshakes still function but no internet access.
I haven't done any routes yet as I haven't properly VLAN'd off my network into different segments.
I've followed this guide so far and several things are working like my handshakes from my router to the TorGuard server, so it's all just down to the routing now methinks
If anyone else would like to inject their two cents on the guides I'm using I'd appreciate it
Figured it out within two days of that last post and have just been too lazy to write the guide until now.
There are certainly better ways and videos telling you how to do parts of this but this is how I came around to it and they are still more or less solid
Hopefully this is a good template though for a phoneposter's guide to homelabbing while phoneposting
Years ago I watched this video and more or less followed all the steps
Some might bemoan LTT but that's the guide I followed and I would advertise people follow whatever Opnsense guide gets them to having their own router
If I could tell past me what to do differently though I would definitely tell me to nut up and just buy a Minisforum or similar dual-network-interface capable box for less hassle and more futureproofing.
Now you have your router, switch and AP.
Go to your router and get to the plugin page found at //routeripaddress/ui/core/firmware#plugins and install os-wireguard
Now follow this guide to establish a roadwarrior setup for your phone.
The weight of your trouble will be majorly slanted on the router as it's super easy to troubleshoot getting your client config and keys correct.
Now you should be able to VPN into your home network and access your router via mobile but still be able to access the general internet.
If you don't want to reveal your home WAN address to your cell phone company you can enable a commercial VPN like TorGuard or Mullvad first and then enable your Wireguard tunnel so that your connection terminates from the ISP at the service IP
In a complete turn of phrase you could even go as far to nail your ducks in a row by following the next parts of the guide and setting up a hard-configuration VPN tunnel on your phone to your VPN service of choice just so you don't have to swap between app UIs
Now follow this guide but for every time it says to configure something to the LAN interface or hosts in the LAN network, just do it instead for your inbound, phone-related Wireguard interface and Wireguard network hosts.
But I would advise again that people get a more serious mini pc for hosting Proxmox as there are more options for futureproofing and hardware bandwidth ceilings like Minisforum machines.
This guide should get you through setting up Proxmox
After that, all you have to do is update all your Opnsense and Wireguard server-client configs with the new DNS IP address. You should wait to do this until the end if only because then you can isolate your Wireguard issues to the Wireguard section and DNS issues to now.
Also don't forget to set your DNS container or VM to boot on power-on for the machine or else you'll spend a ton of time agonizing over network troubleshooting when there is a power outage.
At this point you should be able to browse all the nasty ad-ridden sites of the net and post about your travels and tribulations from your phone while comfortably watching things on Jellyfin.
A true multi-tasker.
I mean, I have the k8s CKA cert and have some k8s experience from my last job, but I’m hoping to get some more hands-on experience by adding a couple k8s nodes to my proxmox cluster. I’d like to get better at the admin side of k8s I didn’t have access to as a developer.
