hoborg/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update core configuration files

Browse Source 
- Update CLAUDE.md with comprehensive homelab documentation
- Update TODO.md with current task status
- Configure copyparty file server settings
- Update nginx reverse proxy configuration
- Refresh homelab homepage
- Update services documentation
This commit is contained in:
Arpad Krejczinger
2025-09-12 18:53:49 +02:00
parent e1a020163f
commit 3dfe146297
6 changed files with 70 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CLAUDE.md
View File

@@ -183,4 +183,5 @@ rclone mount homelab-webdav: ~/homelab-files --daemon
# Test WebDAV
curl -X PROPFIND https://hoborg:AdminPass2024!@ak-homelab.duckdns.org/files/ \
-H "Depth: 1" -H "Content-Type: text/xml"
```
```
- Always edit the local configs before when possible, and then copy them to the proper location. Instead of editing system files directly (and then losing the config and it won't be in this repo)

17
TODO.md
View File

@@ -5,6 +5,19 @@
- [x] SSH security hardening *(documented in network-security.md)*
- [x] Figure out why laptop IP changes: Different eth ports have different MAC?
- [x] Router port forwarding configuration
- [ ] !!! Modify syncthing to sync the NAS folders where appropriate (e.g. Logseq)
- [ ] !!! IMPORTANT: Run setup scripts made by security reviewer agent
- [ ] Ran out of AI quota mid-security review so continue where we left off. Some scripts created but it's not
complete yet
- [ ] Some logs saved to ~/audit
- [ ] ENCRYPTED FOLDER idea:
- Use tomb to create an encrypted vault e.g. /mnt/nas/nas_encrypted
- Have a local folder that's empty e.g. <something>/nas_plain
- Use tomb to unlock and mount /mnt/nas/nas_encrypted to <something>/nas_plain
- Jellyfin is set up to look at nas_plain
- When locked: Jellyfin sees empty folder
- When unlocked: Jellyfin has access
- TO TEST: What about preview pictures etc. within Jellyfin? Adult content may still be visible
- [ ] WireGuard VPN server configuration
- [ ] UFW firewall setup and rules
- [ ] fail2ban for intrusion prevention
@@ -53,7 +66,7 @@ Lower priority - mostly using SSH or TTY anyways
- [ ] Copy any media files from other devices
## Music Collection Management
- [ ] Extract playlists from YouTube Music and SoundCloud
- [ ] Extract playlists from YouTube Music and SoundCloud
- Store metadata (author, song title) in plaintext format
- Tools to consider: ytmusicapi (YouTube Music), scdl (SoundCloud), Google Takeout
- Output formats: CSV, JSON, M3U with metadata, plain text lists
@@ -88,7 +101,7 @@ Lower priority - mostly using SSH or TTY anyways
- [x] Set up reverse proxy with SSL certificates *(completed - HTTPS working with auto-renewal)*
- [ ] Make sure all services are dockerized unless we have a good reason not to
- Gitea: ✅ Docker
- Jellyfin: ✅ Docker
- Jellyfin: ✅ Docker
- Copyparty: ❌ systemd service (consider dockerizing)
- Nginx: ❌ system package (fine as-is for reverse proxy)
- Portainer: ✅ Docker

18
config/copyparty/copyparty.conf
View File

@@ -31,35 +31,41 @@
hoborg: AdminPass2024!
[/shared]
/home/hoborg/shared
/mnt/nas/shared
accs:
rw: guest
rwmd: hoborg
[/documents]
/home/hoborg/Documents
/mnt/nas/documents
accs:
rwmd: hoborg
[/music]
/home/hoborg/Music
/mnt/nas/music
accs:
rw: guest
rwmd: hoborg
[/videos]
/home/hoborg/Videos
/mnt/nas/videos
accs:
rw: guest
rwmd: hoborg
[/private]
/home/hoborg/private
/mnt/nas/private
accs:
rwmd: hoborg
[/pictures]
/home/hoborg/Pictures
/mnt/nas/pictures
accs:
rw: guest
rwmd: hoborg
[/torrent]
/mnt/nas/torrent
accs:
rw: guest
rwmd: hoborg

20
config/nginx/homelab.conf
View File

@@ -21,6 +21,25 @@ server {
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# qBittorrent Web UI
location /qbt/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket support for real-time updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# qBittorrent specific settings
proxy_cookie_path / "/qbt/";
proxy_redirect off;
}
# Main landing page - highest priority
location / {
root /var/www/homelab;
@@ -157,6 +176,7 @@ server {
proxy_set_header Connection "upgrade";
}
ssl_certificate /etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

10
config/www/index.html
View File

@@ -150,6 +150,11 @@
<h3>Jellyfin</h3>
<p>Movies, Music & TV Shows</p>
</a>
<a href="/transmission/" class="service">
<i class="fas fa-download"></i>
<h3>Transmission</h3>
<p>Torrent Downloads</p>
</a>
</div>
</div>
@@ -180,6 +185,11 @@
<h3>NAS Storage</h3>
<p>Network Attached Storage</p>
</a>
<a href="http://localhost:8384/" class="service admin" target="_blank">
<i class="fas fa-sync-alt"></i>
<h3>Syncthing</h3>
<p>File Synchronization</p>
</a>
<a href="http://192.168.0.1" class="service admin" target="_blank">
<i class="fas fa-network-wired"></i>
<h3>Router</h3>

11
docs/services.md
View File

@@ -476,6 +476,17 @@ sudo docker-compose logs -f jellyfin
- **Immich**: Modern photo backup solution
- **LibrePhotos**: Privacy-focused alternative
### Torrent Management
**Recommendation: Use NAS Direct Torrenting**
For homelab with NAS storage migration:
- **NAS Direct**: Internet → NAS (50% less network traffic, better performance)
- **Laptop → NAS**: Downloads go laptop → network → NAS (double network load)
- **Access**: Use Synology Download Station via Local Network admin section
- **Integration**: Mount NAS shares for Jellyfin media access
- **Efficiency**: Keeps local network clear for other services
## Monitoring & Logging
### System Monitoring