On Thu, Mar 13, 2025 at 04:23:25PM +0100, Ronald Wimmer via FreeIPA-users wrote: > The growing number of PCs, Notebooks, VMs, Raspberries and so on makes me > want an IPA installation at home too. Anyone using IPA @home?
I do, as a CA, DNS server and user database. > If yes, how do you run it? (dedicated machine, VM, Container?) What about > DNS? I have two VMs running on my home server. They were configured as replicas for few years. But at one point replication broke, I've uninstalled FreeIPA from one of the replicas, but didn't manage to re-establish replication. There are some errors requiring longer troubleshooting for which I had no time. For DNS, I have a dnsmasq installed on my main server. This dnsmasq is configured with pihole blocklist and 3 static entries: for my main server and 2 FreeIPAs. Everything else is forwarded to FreeIPA as resolvers. > I do not quite like that IPA wont let me use a single label domain like > "lan" but I guess I will get used to it. I'm using my normal domain for everything. For external view, my zone is hosted at some free provider, with bare-bones entries for few machines and IPA-related _entries. Internally, the domain is handled by FreeIPA, and zone contain many more hosts than externally visible. Functionally it works like a split-horizon setup, but with totally independent servers. Oh, and my ip6.arpa zone is served directly from FreeIPA VMs. I used to use FreeIPA's ACME facility to serve certs for my internal services and stuff on k8s cluster, but this is currently broken until https://bugzilla.redhat.com/show_bug.cgi?id=2350322 gets fixed. -- Tomasz Torcz “God, root, what’s the difference?” [email protected] “God is more forgiving.” -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
