I don’t usually post, but thought I’d share.
I rebuilt my homelab with OpenTofu. Now my entire setup, from containers to networking, lives in a Git repo.
The best part is that new services get published automatically. I just set a flag in the code, and it builds the Caddy proxy or Cloudflare tunnel for me. No more manual config editing.
Here’s my quick write-up on it: https://yuris.dev/blog/homelab-opentofu
And the code is all public if you want to see how it works: https://github.com/yurisasc/homelab
Hope this is interesting to someone. Happy to answer any questions if you have them. Curious to hear if anyone else has gone down this particular rabbit hole with IaC for their Docker stack.
Finally found someone who uses OpenTofu for Docker too. I saw many opinions and thinking that dropping Compose for OpenTofu/Terraform is silly, because Compose is “more native”. I use OpenTofu for Docker too, but I structured code in other way, I have a module that mimics compose in some way, but is simpler for me to use. I published module here: https://codeberg.org/cichy1173/cichyform
I do not published my IaC, but I can show how code looks like for service:
module "adguard" { source = "git::ssh://git@codeberg.org/cichy1173/mylab-opentofu.git//modules/docker_service?ref=docker_service-v1.1" service_name = "adguardhome" image_name = "adguard/adguardhome:latest" volumes = [ { host_path = "/home/cichy/docker/adguard/adguard/conf" container_path = "/opt/adguardhome/conf" }, { host_path = "/home/cichy/docker/adguard/adguard/work" container_path = "/opt/adguardhome/work" } ] ports = [ { internal = 53 external = 53 protocol = "udp" }, { internal = 80 external = 80 }, { internal = 443 external = 443 }, { internal = 853 external = 853 }, { internal = 3000 external = 3000 } ] environment_variables = [] }I also created an Forgejo Action to run plan on stacks with this module to check if there is a new image under the tag
:latest. Oh, and also I manage Adguard Home using OpenTofu, it is very powerful: https://codeberg.org/cichy1173/adguard-home-cm-repositoryI personally manage my services using ansible, I only set up the actual infrastructure, the virtual machines that run the services, with terraform/opentofu. Docker is one of those in the middle tech between infrastructure and software distribution and it makes more sense to me to treat a service as a role in ansible do I can deploy it (docker, podman package install or whatever), sort it’s networking and handle it’s configuration all in one place. I’m not saying the way you do it is wrong, but this is just a step down the automation rabbit hole.
It doesn’t appear your setup provisions the actual hosts for docker so I guess you are provisioning manually for that layer? That is another area you might want to leverage opentofu for?
Also congrats on actually documenting it in a consumable way for others to learn from.
I also use Ansible. Using Podman’s “quadlet” adapter, the containers run as systemd services.
I’ve been doing IaC for years on my homelab. Once I outgrew rockets impose and a single NUC, I ended up going full regard on kubernetes forna few years, before getting sick of the complexity and upkeep and moving to a nix stack for my NAS and nuc
Tip;: if you haven’t already look at using renovate bit to run on your repo and update your container tags, it’s great to manage updating your containers in a controller fashion
Current nix
https://github.com/truxnell/nix-configDeprecated k8s
https://github.com/truxnell/home-clusterAssuming “rockets impose” is an autocorrect of “docker compose”, it’s the best one I’ve ever seen.
If a new project doesn’t come out called rockets impose I’ll be disappointed .
Indeed it was a auto-correct, and it is definitely the best I’ve had myself, and its staying in the comment!
Well, time to edit .bash_aliases…
nice inspiration. bookmarked
White Bear
