A homelab setup built on Raspberry Pi and modern DevOps tooling. This repo serves as a playground for testing deployment strategies, automation, and infrastructure-as-code — all within a compact and low-cost environment.
pi-devops-lab/
├── .github/
│ └── workflows/ # GitHub Actions workflows
│ └── deploy.yml
├── casaos/ # CasaOS setup files
│ ├── installed-notes.md # Notes on installed CasaOS apps or configs (currently empty)
│ └── setup.sh # CasaOS installation script
├── docker/ # Docker configs for Pi-hole etc.
│ └── pi-hole/
│ ├── .env
│ └── docker-compose.yml
├── docs/ # Technical documentation and setup guides
│ └── migration.md
├── provisioning/ # Legacy provisioning scripts
├── stacks/ # Hybrid deployment guides (e.g. CasaOS + Pi-hole)
├── .gitignore # Git exclusions
└── README.md # Project overview
- Docker & Docker Compose
- CasaOS for app management
- CI/CD pipelines via GitHub Actions
- Simulate real-world deployment flows on local hardware
- Maintain a modular, scalable, and testable lab setup
- Learn and apply DevOps principles
- Automate deployments with security and reproducibility in mind
- Clone the repo:
git clone https://github.com/fuzeheads/pi-devops-lab.git
- Explore
docs/,docker/, andstacks/to configure services. - Trigger automated Pi-hole deployment via GitHub Actions when pushing to
main.
This lab uses both CasaOS and Pi-hole on a Raspberry Pi to manage self-hosted apps and network-wide ad blocking.
- CasaOS stack runs separately and manages UI-based apps.
- Pi-hole is deployed via GitHub Actions with secrets for secure configuration.
.envis kept minimal and updated remotely for best practices.
ssh <user>@<pi-ip> "sudo dd if=/dev/mmcblk0 bs=4M status=progress" | dd of=raspi.img bs=4M status=progress
gzip raspi.imggzip -dc raspi.img.gz | sudo dd of=/dev/sdX bs=4M status=progressUse lsblk to verify your SD card target. Be extremely cautious.
Replace any hardcoded password with GitHub secrets injection.
Your final .env:
TZ=Europe/Amsterdam
PIHOLE_IMAGE=pihole/pihole:latest
PLATFORM=linux/arm64No need to include WEBPASSWORD, as it's securely injected via ${{ secrets.PIHOLE_WEBPASSWORD }}.
Created and maintained by Diego S.
This is a living lab of modern DevOps experimentation.
##########
A hybrid homelab setup for Raspberry Pi, Mac Mini, and legacy hardware—powered by GitOps, Docker, Tailscale, and CasaOS. This repo demonstrates scalable, modular DevOps practices for home self-hosting.
pi-devops-lab/
├── .github/ # GitHub Actions workflows
│ └── workflows/
│ └── deploy.yml # CI/CD pipeline for Pi-hole, Nextcloud, etc.
├── docker/ # Docker Compose stacks
│ └── pi-hole/
│ ├── docker-compose.yml
│ └── .env.template # Template for environment variables
├── stacks/ # Git-managed application stacks
│ ├── pihole/ # Pi-hole stack
│ └── nextcloud/ # Nextcloud stack
├── docs/ # Technical documentation and guides
├── infra/ # Terraform scripts & provisioning
├── k8s/ # Kubernetes manifests (future)
├── .gitignore # Files to exclude from Git
└── README.md # Project overview
- Docker & Docker Compose
- GitHub Actions (CI/CD with encrypted secrets)
- Tailscale (zero-config secure networking)
- CasaOS (app management UI companion)
- Pi-hole (network-wide ad blocking)
- Nextcloud (shared calendar & file sync)
- Grafana & Prometheus (monitoring & metrics)
- Terraform (infra provisioning – planned)
- Automate service deployments using GitOps
- Secure remote access and DNS with Tailscale
- Maintain portable, reproducible stacks per host
- Use CasaOS for day-to-day app operations
- Scale across Raspberry Pi, Mac Mini, and Sony Vaio
- Build core DevOps skills in a homelab context
-
Clone the repo:
git clone https://github.com/fuzeheads/pi-devops-lab.git cd pi-devops-lab -
Review stack definitions in
stacks/and.env.templatefiles. -
Configure GitHub Actions secrets under Settings → Secrets → Actions:
SSH_HOSTSSH_USERSSH_PRIVATE_KEYPIHOLE_WEBPASSWORD- (Later:
NEXTCLOUD_ADMIN_PASSWORD,DB_ROOT_PASSWORD, etc.)
-
Push to
mainto trigger deployment via
.github/workflows/deploy.yml.
-
GitHub Actions
- CI/CD defined in
.github/workflows/deploy.yml. - On push to
main, SSH into target, generate.envfrom secrets, run
docker-compose up -d.
- CI/CD defined in
-
Tailscale Networking
- Install on each host:
curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up - Note each host’s Tailscale IP (
100.x.x.x). - In Tailscale Admin → DNS, add Pi-hole’s IP and enable Override Local DNS.
- Install on each host:
-
CasaOS Companion
- Install on each host for UI-driven management:
curl -sSL https://get.casaos.io | bash - Access at
http://<tailscale-ip>:12181.
- Install on each host for UI-driven management:
-
Scale & Migrate
- Treat Raspberry Pi as staging.
- When Mac Mini is ready, update
SSH_HOSTsecret to its Tailscale IP and re-run the workflow. - Repeat for Sony Vaio or additional devices.
To use Pi-hole without touching your router:
- Install Tailscale on the Pi and authenticate.
- Retrieve the Pi’s Tailscale IP, e.g.
100.101.102.103. - In Tailscale Admin → DNS:
- Add
100.101.102.103as a DNS server. - Enable “Override local DNS” (MagicDNS).
- Add
Located in stacks/nextcloud/.
- Contains
docker-compose.ymldefining Nextcloud, MariaDB, Redis. - Use GitHub secrets for credentials and generate
.envat deploy time.
ssh pi@<lan-ip> "sudo dd if=/dev/mmcblk0 bs=4M status=progress" \
| dd of=raspi.img bs=4M status=progress
gzip raspi.imggzip -dc raspi.img.gz | sudo dd of=/dev/sdX bs=4M status=progressUse lsblk to identify the correct device.
- Grafana dashboards for home-lab metrics
- k3s Kubernetes cluster across hosts
- Automated backups with Restic/Borg
- Home Assistant integration for smart home control
Created and maintained by Diego S.
This is a living lab for honing modern DevOps practices.
---
Next up: let’s troubleshoot Pi-hole over Tailscale. On your Pi, run:
```bash
docker ps | grep pihole
tailscale ip -4
curl http://localhost:8080/admin -s --max-time 5
sudo netstat -tuln | grep 8080
Share the outputs and we’ll pinpoint why the admin UI isn’t reachable via the Tailscale IP.