Introduction
Tower Of HA is a highly opinionated, free and highly available service stack.
The opinions for Tower Of HA are entirely my own and are subject to change but the core principles are:
- battle-tested software
- FOSS software
- downtime minimization
- software accommodates for cheap hardware
- stability and resilience over performance
Services
- VPN: WireGuard + Headscale + Tailscale + [ddns-updater]
- SSH: OpenSSH
- FS: CephFS + Samba + CTDB + FUSE
- DB: PostgreSQL + Patroni + etcd + HAProxy
- Proxy: HAProxy
- DNS: CoreDNS
- S3: Garage
- Cache: Valkey
- Secrets: OpenBao
- Passwords: Vaultwarden
- Email: Postfix + Dovecot
- Git: Forgejo
- Observability: Prometheus + AlertManager
CLI
toh status # Check all services are running
toh backup # Backup everything locally
toh deploy # Deploy all machines
toh ssh # SSH shell
toh sql # PostgreSQL shell
toh mount # Mount CephFS as transient systemd service
External requirements
- DNS name (Cloudflare DNS, GoDaddy DNS, etc.)
- S3 bucket for cloud backups (Cloudflare R2, AWS S3, etc.)
- Email proxy (addy.io, SimpleLogin, etc.)
Hardware
Tower of HA makes no assumptions about the hardware you use but as NixOS is used for IaC your hardware needs to support it. This includes most VPS services, NUC's, servers, etc.
Connecting to the stack
Tower of HA assumes you will want to connect to it with various devices like PC's, mobile phones, etc. Steps to connect include:
- Install the tower's SSL CA certificate on your device
- Configure your device to use the tower's DNS servers
- Add the tower's network via TailScale client
- Map Samba shares using your credentials
- Add vaultwarden to your Bitwarden client
- Configure email client with your tower's mail server