diff --git a/TODO.md b/TODO.md index fc4b206..3d6a855 100644 --- a/TODO.md +++ b/TODO.md @@ -13,17 +13,18 @@ - [x] Gitea Docker container setup *(completed - running on port 3000)* - [x] Nginx reverse proxy setup *(completed)* - [ ] Create homelab landing page at /var/www/homelab/index.html -- [ ] Configure router port forwarding for Nginx - - [ ] Port 80 → 192.168.0.100:80 (HTTP) - - [ ] Port 443 → 192.168.0.100:443 (HTTPS) - - [ ] Remove port 3000 direct forwarding (will go through nginx) - - [ ] Keep port 2223 → 192.168.0.100:2223 (Git SSH operations) -- [ ] Test external access: http://ak-homelab.duckdns.org/ +- [x] Configure router port forwarding for Nginx *(completed - external access working)* + - [x] Port 80 → 192.168.0.100:80 (HTTP) + - [x] Port 443 → 192.168.0.100:443 (HTTPS) + - [x] Remove port 3000 direct forwarding (will go through nginx) + - [x] Keep port 2223 → 192.168.0.100:2223 (Git SSH operations) +- [x] Test external access: http://ak-homelab.duckdns.org/ *(working - fast response)* - [ ] Set up SSL certificates: sudo certbot --nginx -d ak-homelab.duckdns.org -- [ ] Initial Gitea configuration via web interface (http://ak-homelab.duckdns.org/gitea/) - - [ ] Complete installation wizard with correct base URL - - [ ] Create admin user account - - [ ] Configure SSH access and repository settings +- [x] Initial Gitea configuration via web interface (http://ak-homelab.duckdns.org/gitea/) *(completed)* + - [x] Complete installation wizard with correct base URL + - [x] Create admin user account + - [x] Configure SSH access and repository settings + - [x] Migrate homelab repository to Gitea ## System Configuration - [x] Arch Linux installation and basic setup *(completed)* @@ -47,14 +48,19 @@ * [ ] First: Do a bit of "duplication check" across various devices and USBs, make a plan of what to store where ## Services & Self-Hosting -- [ ] Install and configure Gitea for Git hosting -- [ ] Set up Nextcloud for file synchronization - - Consider alternative: Copyparty, Owncloud, maybe some others +- [x] Install and configure Gitea for Git hosting *(completed - external access working)* +- [x] Set up file server with Copyparty *(completed - uploads/downloads working)* + - [x] User authentication and access control + - [x] Multiple volume shares (shared, documents, music, videos, private) + - [x] Systemd service for auto-start + - [x] Nginx reverse proxy integration +- [ ] Set up Nextcloud for advanced file synchronization features + - Copyparty covers basic file sharing needs - [ ] Configure Jellyfin media server - Also check alternatives, decide if it's needed at all - [ ] Implement monitoring stack (Prometheus/Grafana) - Also consider alternatives, make setup simple and FOSS only -- [ ] Set up reverse proxy with SSL certificates +- [x] Set up reverse proxy with SSL certificates *(partial - nginx working, SSL pending)* ## Hardware & Troubleshooting - [ ] Fix bluetooth audio connectivity issues diff --git a/config/nginx/homelab.conf b/config/nginx/homelab.conf index e5b26a1..84f23ba 100644 --- a/config/nginx/homelab.conf +++ b/config/nginx/homelab.conf @@ -36,14 +36,26 @@ server { proxy_read_timeout 60s; } - # Future services (commented out for now) - # location /cloud/ { - # proxy_pass http://127.0.0.1:8080/; - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # } + # Copyparty file server + location /cloud/ { + proxy_pass http://127.0.0.1:8082/cloud/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Handle websockets for live updates + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Increase timeouts for large file uploads + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + + # Increase client max body size for file uploads + client_max_body_size 10G; + } # location /media/ { # proxy_pass http://127.0.0.1:8096/; diff --git a/config/systemd/copyparty.service b/config/systemd/copyparty.service new file mode 100644 index 0000000..081ed80 --- /dev/null +++ b/config/systemd/copyparty.service @@ -0,0 +1,42 @@ +# DEPLOYMENT LOCATION: /etc/systemd/system/copyparty.service +# Deploy with: sudo cp config/systemd/copyparty.service /etc/systemd/system/ +# Enable with: sudo systemctl daemon-reload && sudo systemctl enable --now copyparty + +[Unit] +Description=copyparty file server +After=network.target + +[Service] +Type=simple +SyslogIdentifier=copyparty +Environment=PYTHONUNBUFFERED=x +ExecReload=/bin/kill -s USR1 $MAINPID +Restart=always +RestartSec=5 + +# Run as hoborg user with existing configuration +User=hoborg +Group=hoborg +WorkingDirectory=/home/hoborg +Environment=XDG_CONFIG_HOME=/home/hoborg/.config + +# Use copyparty with config file +ExecStart=/usr/bin/copyparty -c /home/hoborg/.config/copyparty/copyparty.conf + +# Some basic hardening +MemoryMax=25% +ProtectClock=true +ProtectControlGroups=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true + +# Allow access to home directories +ProtectHome=false + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/docs/services.md b/docs/services.md index 16f1598..7cbba0c 100644 --- a/docs/services.md +++ b/docs/services.md @@ -137,31 +137,110 @@ docker-compose pull && docker-compose up -d # Update **Setup Progress:** 1. ✅ Gitea container running 2. ✅ Nginx reverse proxy setup complete -3. 📋 Router port forwarding (80, 443) - **Next** -4. ⚠️ Gitea web configuration - **Partially complete, needs debugging** +3. ✅ Router port forwarding (80, 443) - **COMPLETE - External access working** +4. ✅ Gitea web configuration - **COMPLETE** - Initial setup wizard completed - - Base URL configuration issue (extra space in config) - - UI accessible but routing may be broken -5. 📋 SSL certificate setup - **After router config** + - Admin user account created + - SSH access configured + - Repository migration completed +5. 📋 SSL certificate setup - **Next step** **Current Access:** - ✅ Local UI working: http://192.168.0.100/gitea/ -- ❓ External access: Pending router port forwarding -- ⚠️ Configuration debugging needed +- ✅ External access: http://ak-homelab.duckdns.org/gitea/ - **WORKING (fast response)** +- ✅ Git SSH access: ssh://git@ak-homelab.duckdns.org:2223 - **WORKING** -**Debug Tasks:** -- Fix base URL in `/opt/docker/gitea/data/gitea/conf/app.ini` -- Check ROOT_URL setting for extra spaces -- Verify redirect behavior after fix +**Completed Configuration:** +- Router forwards: 80→80, 443→443, 2223→2223 +- Removed direct port 3000 forwarding +- Homelab repository successfully migrated to Gitea +- External access confirmed working from Windows PC ## Cloud Storage Solutions ### Service Options -- **Copyparty**: Quite new self-hosted file storage solution, must investigate! -- **Nextcloud**: Full-featured, extensive app ecosystem ✅ *Recommended* +- **Copyparty**: Lightweight file server with resumable uploads, dedup, WebDAV ✅ **DEPLOYED** +- **Nextcloud**: Full-featured, extensive app ecosystem - **ownCloud**: Original project, stable and mature - **Seafile**: Performance-focused file sync -- **Syncthing**: Decentralized sync (no server needed) +- **Syncthing**: Decentralized sync (no server needed) ✅ **INSTALLED** + +### Copyparty Installation and Configuration + +**Status:** ✅ **DEPLOYED AND WORKING** - File server with upload/download capabilities + +**Installation:** +```bash +# Installed via Arch package +sudo pacman -S copyparty + +# Configuration file location +/home/hoborg/.config/copyparty/copyparty.conf + +# Systemd service location +/etc/systemd/system/copyparty.service +``` + +**Current Setup:** +- **Local Access**: http://127.0.0.1:8082/cloud/ +- **External Access**: http://ak-homelab.duckdns.org/cloud/ +- **Port**: 8082 (behind Nginx reverse proxy on /cloud/ path) +- **Service**: Managed by systemd, auto-starts on boot + +**User Accounts:** +- **guest**: Standard user with read/write access to shared areas +- **hoborg**: Admin user with access to all areas including private folder + +**Volume Structure:** +``` +/shared → /home/hoborg/shared (guest, hoborg: rw) +/documents → /home/hoborg/Documents (guest, hoborg: rw) +/music → /home/hoborg/Music (guest, hoborg: rw) +/videos → /home/hoborg/Videos (guest, hoborg: rw) +/private → /home/hoborg/private (hoborg only: rw) +``` + +**Features Enabled:** +- User-changeable passwords (stored securely in encrypted database) +- Upload deduplication (saves storage space) +- File indexing and search (e2dsa) +- Resumable uploads with up2k +- File integrity verification +- Thumbnail generation for images and videos + +**Security:** +- Authentication required for all access +- Passwords stored in encrypted format: `/home/hoborg/.config/copyparty/passwords.json` +- Admin-only private folder isolated from shared areas +- Reverse proxy headers for proper client IP logging + +**Service Management:** +```bash +# Check status +sudo systemctl status copyparty + +# View logs +journalctl -fu copyparty + +# Restart service +sudo systemctl restart copyparty + +# Enable/disable autostart +sudo systemctl enable copyparty +sudo systemctl disable copyparty +``` + +**Configuration Files:** +- **Main config**: `/home/hoborg/.config/copyparty/copyparty.conf` +- **Systemd service**: `/home/hoborg/homelab/config/systemd/copyparty.service` +- **Nginx integration**: Path `/cloud/` in homelab.conf + +**Testing Confirmed:** +- ✅ File uploads working (including video files) +- ✅ User authentication and authorization +- ✅ Private folder access restricted to admin +- ✅ External access through reverse proxy +- ✅ Service auto-starts on boot ### Nextcloud Installation ```bash