Admin Host

nuc-00 is the foundation of the homelab. It hosts the KVM hypervisor for the infra VMs, serves the PXE boot environment for Harvester, and provides HTTP access to Harvester ISO artifacts.

Roles

Service	Purpose
KVM / libvirt	Runs infra VMs (nuc-00-01, nuc-00-02, nuc-00-03)
Apache httpd	Serves Harvester ISOs, iPXE menu, cloud-init configs
TFTP	Serves `ipxe.efi` to UEFI PXE clients
Cert store	Root CA and generated certs for internal TLS

OS Installation

Install openSUSE Leap on nuc-00. This is a bare-metal install — not a VM.

Minimum configuration:

Static IP: ${IP_PREFIX}.10
SSH enabled
root access (scripts run as root or with sudo)

Required Packages

sudo zypper install -y \
  apache2 \
  tftp \
  qemu-kvm \
  libvirt \
  virt-install \
  virt-manager \
  gettext-tools \
  wget \
  curl \
  openssl

sudo systemctl enable --now libvirtd apache2

Apache Configuration

Apache serves content from /srv/www/htdocs/ on port 80. The Harvester ISO and boot artifacts must be placed in a versioned subdirectory:

/srv/www/htdocs/
└── harvester/
    └── ${HARVESTER_VERSION}/
        ├── harvester-${HARVESTER_VERSION}-amd64.iso
        ├── harvester-${HARVESTER_VERSION}-vmlinuz-amd64
        ├── harvester-${HARVESTER_VERSION}-initrd-amd64
        └── harvester-${HARVESTER_VERSION}-rootfs-amd64.squashfs
    └── harvester/
        ├── ipxe-menu          (rendered from ipxe-menu.tmpl)
        ├── config-create-nuc-01.yaml
        ├── config-join-nuc-02.yaml
        └── config-join-nuc-03.yaml

Config templates in Files/nuc-00/ are rendered by envsubst using variables from env.sh.

TFTP Configuration

The TFTP server serves ipxe.efi from /srv/tftpboot/:

sudo mkdir -p /srv/tftpboot
# Copy ipxe.efi (obtain from ipxe.org or build from source)
sudo cp ipxe.efi /srv/tftpboot/ipxe.efi
sudo systemctl enable --now tftpd

Root CA

The root CA is generated by 02_setup_ca.sh and is used to sign certificates for Harvester, Rancher Manager, and downstream clusters.

bash Scripts/02_setup_ca.sh

Generated files are placed in the location defined by $CA_DIR in env.sh.

Verification

Before proceeding to infrastructure VMs:

# Apache is serving
curl http://${IP_PREFIX}.10/harvester/${HARVESTER_VERSION}/harvester-${HARVESTER_VERSION}-vmlinuz-amd64 -I

# TFTP is reachable
tftp ${IP_PREFIX}.10 -c get ipxe.efi /tmp/test-ipxe.efi && echo "TFTP OK"

# KVM is ready
virsh list --all

Roles​

OS Installation​

Required Packages​

Apache Configuration​

TFTP Configuration​

Root CA​

Verification​