Why I am migrating my Homelab IaC from Terraform to Pulumi

Last year, I repurposed an old PC as a home server. Before that, I was already running a few Docker containers on a Synology NAS, but I wanted something more cost-effective—especially when it came to storage capacity.

One of my goals was to define the entire setup as code. I wanted to avoid clicking around in the UI and waiting for pages to load every time I needed to change a setting. So I installed Proxmox (manually), set up API credentials, and jumped on the Terraform bandwagon. With it, I defined all my containers, firewall rules, and the public and private domain names needed to access my services.

The maintenance issues

This worked well for a while, but as the infrastructure grew, it became harder to maintain and several pain points appeared:

Splitting resources across files is awkward. Everything has to live at the root module level, or you’re forced to create full modules if you want to use folders. I went with the latter, which left me with a ton of boilerplate variables.tf files and repeated providers.tf definitions.
Sharing constants is painful. They need to be defined in the root module and manually passed down to every child module.
There’s no easy way to share data types. I’m not a Go developer, so writing custom Terraform plugins or providers isn’t feasible. But I really wish I could enforce a consistent input structure across all my LXC container modules.

The setup itself isn’t overly complex, though. I have a cheap .ovh domain, and I use Terraform to point several DNS records to private IPs in my network. Then I use the bpg/proxmox provider to declare firewall rules and LXC containers. Most of those containers run NixOS with custom configuration.nix files generated from templates that inherit from a base template. With Sander0542/nginxproxymanager, I configure an internal proxy that forwards HTTP(S) traffic to the correct container and port.

There are a few parts I’m saving for future posts—like how everything is monitored with Open Telemetry and SigNoz, or how one of the containers runs Samba so the others can share files easily.

The migration

Eventually, I decided I needed to simplify the code behind this setup. I considered moving to CDKTF… only to learn that it had been deprecated two days before I looked into it. That’s how I discovered Pulumi.

I’m still learning it and migrating things slowly (so far, only the DNS records), but I’ve already figured out a couple of interesting things:

Importing existing Terraform resources from a Terraform Enterprise–hosted state into Pulumi.
Reading and writing secrets directly from 1Password (something I never automated with Terraform).

I’ll cover both topics in future posts. This one is just an introduction to the series about my Homelab and its migration to Pulumi. The full migration will take months—partly because I’m not in a hurry (everything is already running fine) and partly because I don’t want to lose anything during the transition. Importing existing resources is essential for me.

You will find all my posts about this migration in the homelab category, as well as listed below:

Migrating OVH DNS records from Terraform to Pulumi

No replies on “Why I am migrating my Homelab IaC from Terraform to Pulumi”

There are no comments yet.

Ulzurrun de Asanza i Sàez