Update core configuration files

- Update CLAUDE.md with comprehensive homelab documentation
- Update TODO.md with current task status
- Configure copyparty file server settings
- Update nginx reverse proxy configuration
- Refresh homelab homepage
- Update services documentation

CLAUDE.md

@@ -184,3 +184,4 @@ rclone mount homelab-webdav: ~/homelab-files --daemon
 curl -X PROPFIND https://hoborg:AdminPass2024!@ak-homelab.duckdns.org/files/ \
   -H "Depth: 1" -H "Content-Type: text/xml"
 ```
+- Always edit the local configs before when possible, and then copy them to the proper location. Instead of editing system files directly (and then losing the config and it won't be in this repo)

TODO.md

@@ -5,6 +5,19 @@
 - [x] SSH security hardening *(documented in network-security.md)*
   - [x] Figure out why laptop IP changes: Different eth ports have different MAC?
 - [x] Router port forwarding configuration
+- [ ] !!! Modify syncthing to sync the NAS folders where appropriate (e.g. Logseq)
+- [ ] !!! IMPORTANT: Run setup scripts made by security reviewer agent
+  - [ ] Ran out of AI quota mid-security review so continue where we left off. Some scripts created but it's not
+  complete yet
+  - [ ] Some logs saved to ~/audit
+- [ ] ENCRYPTED FOLDER idea:
+  - Use tomb to create an encrypted vault e.g. /mnt/nas/nas_encrypted
+  - Have a local folder that's empty e.g. <something>/nas_plain
+  - Use tomb to unlock and mount /mnt/nas/nas_encrypted to <something>/nas_plain
+  - Jellyfin is set up to look at nas_plain
+  - When locked: Jellyfin sees empty folder
+  - When unlocked: Jellyfin has access
+  - TO TEST: What about preview pictures etc. within Jellyfin? Adult content may still be visible
 - [ ] WireGuard VPN server configuration
 - [ ] UFW firewall setup and rules
 - [ ] fail2ban for intrusion prevention

config/copyparty/copyparty.conf

@@ -31,35 +31,41 @@
   hoborg: AdminPass2024!
 
 [/shared]
-  /home/hoborg/shared
+  /mnt/nas/shared
   accs:
     rw: guest
     rwmd: hoborg
 
 [/documents]
-  /home/hoborg/Documents
+  /mnt/nas/documents
   accs:
     rwmd: hoborg
 
 [/music]
-  /home/hoborg/Music
+  /mnt/nas/music
   accs:
     rw: guest
     rwmd: hoborg
 
 [/videos]
-  /home/hoborg/Videos
+  /mnt/nas/videos
   accs:
     rw: guest
     rwmd: hoborg
 
 [/private]
-  /home/hoborg/private
+  /mnt/nas/private
   accs:
     rwmd: hoborg
 
 [/pictures]
-  /home/hoborg/Pictures
+  /mnt/nas/pictures
+  accs:
+    rw: guest
+    rwmd: hoborg
+
+[/torrent]
+  /mnt/nas/torrent
   accs:
     rw: guest
     rwmd: hoborg

config/nginx/homelab.conf

@@ -21,6 +21,25 @@ server {
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
 
+    # qBittorrent Web UI
+    location /qbt/ {
+        proxy_pass http://127.0.0.1:8080/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        
+        # WebSocket support for real-time updates
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # qBittorrent specific settings
+        proxy_cookie_path / "/qbt/";
+        proxy_redirect off;
+    }
+
     # Main landing page - highest priority
     location / {
         root /var/www/homelab;
@@ -157,6 +176,7 @@ server {
         proxy_set_header Connection "upgrade";
     }
 
+
     ssl_certificate /etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

config/www/index.html

@@ -150,6 +150,11 @@
                     <h3>Jellyfin</h3>
                     <p>Movies, Music & TV Shows</p>
                 </a>
+                <a href="/transmission/" class="service">
+                    <i class="fas fa-download"></i>
+                    <h3>Transmission</h3>
+                    <p>Torrent Downloads</p>
+                </a>
             </div>
         </div>
 
@@ -180,6 +185,11 @@
                     <h3>NAS Storage</h3>
                     <p>Network Attached Storage</p>
                 </a>
+                <a href="http://localhost:8384/" class="service admin" target="_blank">
+                    <i class="fas fa-sync-alt"></i>
+                    <h3>Syncthing</h3>
+                    <p>File Synchronization</p>
+                </a>
                 <a href="http://192.168.0.1" class="service admin" target="_blank">
                     <i class="fas fa-network-wired"></i>
                     <h3>Router</h3>

docs/services.md

@@ -476,6 +476,17 @@ sudo docker-compose logs -f jellyfin
 - **Immich**: Modern photo backup solution
 - **LibrePhotos**: Privacy-focused alternative
 
+### Torrent Management
+
+**Recommendation: Use NAS Direct Torrenting**
+
+For homelab with NAS storage migration:
+- **NAS Direct**: Internet → NAS (50% less network traffic, better performance)
+- **Laptop → NAS**: Downloads go laptop → network → NAS (double network load)
+- **Access**: Use Synology Download Station via Local Network admin section
+- **Integration**: Mount NAS shares for Jellyfin media access
+- **Efficiency**: Keeps local network clear for other services
+
 ## Monitoring & Logging
 
 ### System Monitoring