Add copyparty file server with full integration

- Configure copyparty file server with user authentication
- Set up multi-volume structure (shared, documents, music, videos, private)
- Create systemd service for automatic startup
- Add Nginx reverse proxy integration on /cloud/ path
- Update documentation with complete setup and management guide
- Mark Gitea and file server tasks as completed in TODO

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

TODO.md

@@ -13,17 +13,18 @@
 - [x] Gitea Docker container setup *(completed - running on port 3000)*
 - [x] Nginx reverse proxy setup *(completed)*
 - [ ] Create homelab landing page at /var/www/homelab/index.html
-- [ ] Configure router port forwarding for Nginx
+- [x] Configure router port forwarding for Nginx *(completed - external access working)*
-  - [ ] Port 80 → 192.168.0.100:80 (HTTP)
+  - [x] Port 80 → 192.168.0.100:80 (HTTP)
-  - [ ] Port 443 → 192.168.0.100:443 (HTTPS)
+  - [x] Port 443 → 192.168.0.100:443 (HTTPS)
-  - [ ] Remove port 3000 direct forwarding (will go through nginx)
+  - [x] Remove port 3000 direct forwarding (will go through nginx)
-  - [ ] Keep port 2223 → 192.168.0.100:2223 (Git SSH operations)
+  - [x] Keep port 2223 → 192.168.0.100:2223 (Git SSH operations)
-- [ ] Test external access: http://ak-homelab.duckdns.org/
+- [x] Test external access: http://ak-homelab.duckdns.org/ *(working - fast response)*
 - [ ] Set up SSL certificates: sudo certbot --nginx -d ak-homelab.duckdns.org
-- [ ] Initial Gitea configuration via web interface (http://ak-homelab.duckdns.org/gitea/)
+- [x] Initial Gitea configuration via web interface (http://ak-homelab.duckdns.org/gitea/) *(completed)*
-  - [ ] Complete installation wizard with correct base URL
+  - [x] Complete installation wizard with correct base URL
-  - [ ] Create admin user account
+  - [x] Create admin user account
-  - [ ] Configure SSH access and repository settings
+  - [x] Configure SSH access and repository settings
+  - [x] Migrate homelab repository to Gitea
 
 ## System Configuration
 - [x] Arch Linux installation and basic setup *(completed)*
@@ -47,14 +48,19 @@
       * [ ] First: Do a bit of "duplication check" across various devices and USBs, make a plan of what to store where
 
 ## Services & Self-Hosting
-- [ ] Install and configure Gitea for Git hosting
+- [x] Install and configure Gitea for Git hosting *(completed - external access working)*
-- [ ] Set up Nextcloud for file synchronization
+- [x] Set up file server with Copyparty *(completed - uploads/downloads working)*
-  - Consider alternative: Copyparty, Owncloud, maybe some others
+  - [x] User authentication and access control
+  - [x] Multiple volume shares (shared, documents, music, videos, private)
+  - [x] Systemd service for auto-start
+  - [x] Nginx reverse proxy integration
+- [ ] Set up Nextcloud for advanced file synchronization features
+  - Copyparty covers basic file sharing needs
 - [ ] Configure Jellyfin media server
   - Also check alternatives, decide if it's needed at all
 - [ ] Implement monitoring stack (Prometheus/Grafana)
   - Also consider alternatives, make setup simple and FOSS only
-- [ ] Set up reverse proxy with SSL certificates
+- [x] Set up reverse proxy with SSL certificates *(partial - nginx working, SSL pending)*
 
 ## Hardware & Troubleshooting
 - [ ] Fix bluetooth audio connectivity issues

config/nginx/homelab.conf

@@ -36,14 +36,26 @@ server {
         proxy_read_timeout 60s;
     }
 
-    # Future services (commented out for now)
+    # Copyparty file server
-    # location /cloud/ {
+    location /cloud/ {
-    #     proxy_pass http://127.0.0.1:8080/;
+        proxy_pass http://127.0.0.1:8082/cloud/;
-    #     proxy_set_header Host $host;
+        proxy_set_header Host $host;
-    #     proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Real-IP $remote_addr;
-    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    #     proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
-    # }
+        
+        # Handle websockets for live updates
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # Increase timeouts for large file uploads
+        proxy_connect_timeout 300s;
+        proxy_send_timeout 300s;
+        proxy_read_timeout 300s;
+        
+        # Increase client max body size for file uploads
+        client_max_body_size 10G;
+    }
     
     # location /media/ {
     #     proxy_pass http://127.0.0.1:8096/;

config/systemd/copyparty.service

@@ -0,0 +1,42 @@
+# DEPLOYMENT LOCATION: /etc/systemd/system/copyparty.service
+# Deploy with: sudo cp config/systemd/copyparty.service /etc/systemd/system/
+# Enable with: sudo systemctl daemon-reload && sudo systemctl enable --now copyparty
+
+[Unit]
+Description=copyparty file server
+After=network.target
+
+[Service]
+Type=simple
+SyslogIdentifier=copyparty
+Environment=PYTHONUNBUFFERED=x
+ExecReload=/bin/kill -s USR1 $MAINPID
+Restart=always
+RestartSec=5
+
+# Run as hoborg user with existing configuration
+User=hoborg
+Group=hoborg
+WorkingDirectory=/home/hoborg
+Environment=XDG_CONFIG_HOME=/home/hoborg/.config
+
+# Use copyparty with config file
+ExecStart=/usr/bin/copyparty -c /home/hoborg/.config/copyparty/copyparty.conf
+
+# Some basic hardening
+MemoryMax=25%
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+
+# Allow access to home directories
+ProtectHome=false
+
+[Install]
+WantedBy=multi-user.target

docs/services.md

@@ -137,31 +137,110 @@ docker-compose pull && docker-compose up -d  # Update
 **Setup Progress:**
 1. ✅ Gitea container running
 2. ✅ Nginx reverse proxy setup complete
-3. 📋 Router port forwarding (80, 443) - **Next**
+3. ✅ Router port forwarding (80, 443) - **COMPLETE - External access working**
-4. ⚠️ Gitea web configuration - **Partially complete, needs debugging**
+4. ✅ Gitea web configuration - **COMPLETE**
    - Initial setup wizard completed
-   - Base URL configuration issue (extra space in config)
+   - Admin user account created
-   - UI accessible but routing may be broken
+   - SSH access configured
-5. 📋 SSL certificate setup - **After router config**
+   - Repository migration completed
+5. 📋 SSL certificate setup - **Next step**
 
 **Current Access:**
 - ✅ Local UI working: http://192.168.0.100/gitea/
-- ❓ External access: Pending router port forwarding
+- ✅ External access: http://ak-homelab.duckdns.org/gitea/ - **WORKING (fast response)**
-- ⚠️ Configuration debugging needed
+- ✅ Git SSH access: ssh://git@ak-homelab.duckdns.org:2223 - **WORKING**
 
-**Debug Tasks:**
+**Completed Configuration:**
-- Fix base URL in `/opt/docker/gitea/data/gitea/conf/app.ini`
+- Router forwards: 80→80, 443→443, 2223→2223
-- Check ROOT_URL setting for extra spaces
+- Removed direct port 3000 forwarding
-- Verify redirect behavior after fix
+- Homelab repository successfully migrated to Gitea
+- External access confirmed working from Windows PC
 
 ## Cloud Storage Solutions
 
 ### Service Options
-- **Copyparty**: Quite new self-hosted file storage solution, must investigate!
+- **Copyparty**: Lightweight file server with resumable uploads, dedup, WebDAV ✅ **DEPLOYED**
-- **Nextcloud**: Full-featured, extensive app ecosystem ✅ *Recommended*
+- **Nextcloud**: Full-featured, extensive app ecosystem
 - **ownCloud**: Original project, stable and mature
 - **Seafile**: Performance-focused file sync
-- **Syncthing**: Decentralized sync (no server needed)
+- **Syncthing**: Decentralized sync (no server needed) ✅ **INSTALLED**
+
+### Copyparty Installation and Configuration
+
+**Status:** ✅ **DEPLOYED AND WORKING** - File server with upload/download capabilities
+
+**Installation:**
+```bash
+# Installed via Arch package
+sudo pacman -S copyparty
+
+# Configuration file location
+/home/hoborg/.config/copyparty/copyparty.conf
+
+# Systemd service location
+/etc/systemd/system/copyparty.service
+```
+
+**Current Setup:**
+- **Local Access**: http://127.0.0.1:8082/cloud/
+- **External Access**: http://ak-homelab.duckdns.org/cloud/
+- **Port**: 8082 (behind Nginx reverse proxy on /cloud/ path)
+- **Service**: Managed by systemd, auto-starts on boot
+
+**User Accounts:**
+- **guest**: Standard user with read/write access to shared areas
+- **hoborg**: Admin user with access to all areas including private folder
+
+**Volume Structure:**
+```
+/shared     → /home/hoborg/shared       (guest, hoborg: rw)
+/documents  → /home/hoborg/Documents    (guest, hoborg: rw)
+/music      → /home/hoborg/Music        (guest, hoborg: rw)
+/videos     → /home/hoborg/Videos       (guest, hoborg: rw)
+/private    → /home/hoborg/private      (hoborg only: rw)
+```
+
+**Features Enabled:**
+- User-changeable passwords (stored securely in encrypted database)
+- Upload deduplication (saves storage space)
+- File indexing and search (e2dsa)
+- Resumable uploads with up2k
+- File integrity verification
+- Thumbnail generation for images and videos
+
+**Security:**
+- Authentication required for all access
+- Passwords stored in encrypted format: `/home/hoborg/.config/copyparty/passwords.json`
+- Admin-only private folder isolated from shared areas
+- Reverse proxy headers for proper client IP logging
+
+**Service Management:**
+```bash
+# Check status
+sudo systemctl status copyparty
+
+# View logs
+journalctl -fu copyparty
+
+# Restart service
+sudo systemctl restart copyparty
+
+# Enable/disable autostart
+sudo systemctl enable copyparty
+sudo systemctl disable copyparty
+```
+
+**Configuration Files:**
+- **Main config**: `/home/hoborg/.config/copyparty/copyparty.conf`
+- **Systemd service**: `/home/hoborg/homelab/config/systemd/copyparty.service`
+- **Nginx integration**: Path `/cloud/` in homelab.conf
+
+**Testing Confirmed:**
+- ✅ File uploads working (including video files)
+- ✅ User authentication and authorization
+- ✅ Private folder access restricted to admin
+- ✅ External access through reverse proxy
+- ✅ Service auto-starts on boot
 
 ### Nextcloud Installation
 ```bash