Intended Audience

Me!

Update 2025-12-19: All done!

I just finished a move from one Hetzner VM to another.
The type of VMs are the same, in fact.
It’s just that the new VM and all the software on it are entirely software driven. I kept logging my progress in my notes, copy pasting the plan from day to day and ticking things off.
Now that it’s done and I still want to refer to it regularly, as the rest of the services come over, I wanted a place to keep it. And so this post, it is.

List of services that absolutely need to come over. Miscellaneous stuff later.

  • the main domain
  • french version of the website
  • the mastodon archive
  • the email distribution list
  • miniflux for rss feeds
  • joplin
  • baikal
  • discourse (no more discourse!)
  • markdown editor (hedgedoc)
  • anki
  • huginn
  • syncthing
  • IRC: theLounge + znc (see if we can make do with a single service now (2025-12-15: we could!))
  • kanboard
  • Certs, Move them over, or figure out a way to generate and renew them via Ansible

The Big Point of The Big Plan

  • Save time and energy. Managing all the disparate services I use is taking more and more of my time. I need to claim that back, while being able to use said services.
  • Be gitops driven. Managing stuff gets easier. Tearing down things and rebuilding them gets easier
  • Have most everything I use, be in a Kubernetes cluster.
  • Be pragmatic enough to know that everything cannot be in a Kubernetes cluster and will have to live in the root VM
  • Have Flux CD manage everything in the cluster
  • Have Ansible Pull manage everything in the VM, acting as my single node. The point of doing this is not idempotency, rather to have everything in code; something that I can comment and uncomment and manipulate at will, something I can update at will and something that is documented. Never again will Future Jason have to scratch his head about, just how to go about doing something. (Long term note to self: Have the discipline to write tasks and drive everything with Ansible, despite the ease of “just doing it at the command line”)

The Big Plan (Done! 🎉🎉🎉)

  • The plan is to redo the cluster again and do my own instance of
    • K3s
    • Sealed Secrets
    • Flux CD
    • Certmanager (Not using it)
    • Letsencrypt (using pre existing Letsencrypt certs)
    • Get Traefik Ingress to work
    • Figure out a way to get certs automatically into the cluster
  • And once that is done, figure out an app to move (Miniflux or Hedgedoc?); 2025-12-03: Kanboard it is!
  • Begin by moving (lifting and shifting in popular parlance) Kanboard to the cluster
    • Cert will probably be needed (Wildcard cert works now, just like it does without the cluster)
    • Convert a docker-compose to kubernetes manifests
    • Learn how to configure an app with code
    • Learn how to store data and back it up
    • Figure out secrets, if there are any (for now sealed secrets ok, figure out vault and vault injection later)
    • Learn how to tunnel through and reverse proxy
    • Make Kubernetes manifests work with flux
    • Figure out how to automate deployment of manual manifests
    • Figure out how to migrate there if there is any in an old app
    • Figue out how to automate updation of images in manual manifests
    • Get another app (Miniflux) deployed
    • Figure out what needs to happen as part of the lifecycle. What you want in the cluster, what stays out, do they intersect, how do updates of cluster happen? VM (node) updates as well?
    • Then begin to think along the lines of Live Deploys. Prototype locally and once it works, migrate to production immediately
    • Convert Kubernetes manifests to Helm Charts (optional, based on energy)
  • Go live! Git is source of truth. Two repos.
    • One for the Main node and its update
      • Terraform will provision node and install package, setup firewall
      • Figure out how to get Terraform to get the node talking to the git forge
      • Structure repo, copy every thing node related there, and make sure stuff gets updated periodically and if possible, idempotantly, via ansible pull and a systemd timer
    • The other one for k3s and flux
      • Convert everything I have done locally to run on prod. Add more steps as you do them below

Unrelated. Long term. Optional. Just here so that I remember

  • Get Moi publish script running
  • Redo Huginn Scenarios

Feedback on this post?
Mail me at feedback at this domain.

P.S. Subscribe to my mailing list!
Forward these posts and letters to your friends and get them to subscribe!