I might be misunderstanding this concept but it seems like extra work, or a recipe for an insecure mess that could become difficult to maintain.
I run elk stack and log basically everything which has created a centralized point for observability. This lets me granularly investigate and thereby control the state of all of my networks services.
It’s a little ram hungry, but I’ve got some overhead.
How does the ELK stack work? Logstash ingests, transforms, and sends the data to the right destination. Elasticsearch indexes, analyzes, and searches the ingested data. Kibana visualizes the results of the analysis.
or a recipe for an insecure mess that could become difficult to maintain
The concept, or the specific setup the author of that article has? If you mean the latter, I’m not going to argue. But the concept? It shouldn’t have any effect either way on security, but the whole advantage of it is that it’s less of a mess. The same way that running a whole bunch of services on bare metal can quickly become a mess compared to VMs or Docker/LX containers, declared state helps give a single source of truth for what all the services you might be running are. It lets you make changes in repeatable and clearly documented ways, so you can never be left wondering “how did I do that before?” if you need to do it again.
If everything you run is a Docker container, there’s a good chance Terraform is overkill; a Kubernetes config will probably do the job. But depending on your setup there are a whole bunch of different tools that might be useful.
Kubernetes is probably overkill, docker compose will work fine for most home labs. But I agree with your point, declarative infrastructure makes life so much easier, even for home labs.
I might be misunderstanding this concept but it seems like extra work, or a recipe for an insecure mess that could become difficult to maintain.
I run elk stack and log basically everything which has created a centralized point for observability. This lets me granularly investigate and thereby control the state of all of my networks services.
It’s a little ram hungry, but I’ve got some overhead.
I had to look that up, so for anyone else:
I highly recommend it to anyone getting into self hosting, sysadmin stuff, cybersecurity, devops, etc.
It’s headaches, but once it’s working, you will have ridiculously valuable experience for any org.
The concept, or the specific setup the author of that article has? If you mean the latter, I’m not going to argue. But the concept? It shouldn’t have any effect either way on security, but the whole advantage of it is that it’s less of a mess. The same way that running a whole bunch of services on bare metal can quickly become a mess compared to VMs or Docker/LX containers, declared state helps give a single source of truth for what all the services you might be running are. It lets you make changes in repeatable and clearly documented ways, so you can never be left wondering “how did I do that before?” if you need to do it again.
If everything you run is a Docker container, there’s a good chance Terraform is overkill; a Kubernetes config will probably do the job. But depending on your setup there are a whole bunch of different tools that might be useful.
Kubernetes is probably overkill, docker compose will work fine for most home labs. But I agree with your point, declarative infrastructure makes life so much easier, even for home labs.