My home lab has a mild amount of complexity and I’d like practice some good habits about documenting it. Stuff like, what each system does, the OS, any notable software installed and, most importantly, any documentation around configuration or troubleshooting.
i.e. I have an internal SMTP relay that uses a letsencrypt SSL cert that I need to use the DNS challenge to renew. I’ve got the steps around that sitting in a Google Doc. I’ve got a couple more google docs like that.
I don’t want to get super complicated but I’d like something a bit more structured than a folder full of google docs. I’d also like to pull it in-house.
Thanks
Edit: I appreciate all the feedback I’ve gotten on this post so far. There have been a lot of tools suggested and some great discussion about methods. This will probably be my weekend now.
I deploy as much as I possibly can via Ansible. Then the Ansible code serves as the documentation. I also keep the underlying OS the same on all machines to avoid different OS conventions. All my machines run Debian. The few things I cannot express in Ansible, such as network topology, I draw a diagram for in draw.io, but that’s it.
Also, why not automate the certificate renewal with certbot? I have two reverse proxies and they renew their certificates themselves.
This is the way
psssst. ansible is red hat.
red hat bad.
What alternative to you suggest?
i m all good with selfhosted wiki
I meant to replace Ansible automation. Pointing out it’s RH is all well and good, but what’s the alternative?
My reverse proxy can do automated renewal just fine. The SMTP relay requires a DNS challenge that is manual.
Why not have the reverse proxy also do renewal for the SMTP relay certificate and just rsync it to the relay? For a while I had one of my proxies do all the renewals and the other would rsync it.
It certainly wouldn’t be because I’ve been doing it this way for so long that it never occurred to me. Nope. Certainly not that.
In fairness, I very recently switched from a cobbled together apache web server/rev proxy config I’ve been carrying along in some form for well over a decade (I remember converting the config to 2.4), to an NPM container. I had some initial trouble switching my certs over to NPM and haven’t revisited that yet.
I’m in the middle of a major overhaul of my tech stack. Fixing certs is on my short list.
Thanks for pointing out where I was stuck in my ways.