Reorganize and update docs

2025-07-31 20:18:16 +02:00
parent 50144e083e
commit e3889870e5
12 changed files with 741 additions and 475 deletions
--- a/services.md
+++ b/services.md
@@ -0,0 +1,223 @@
+# Services & Applications
+
+Planning and configuration for self-hosted services and applications.
+
+## Git Repository Hosting
+
+### Service Options
+- **Gitea**: Lightweight, Go-based, minimal resource usage ✅ *Recommended*
+- **Forgejo**: Gitea fork, community-driven development
+- **GitLab CE**: Feature-rich but more resource intensive
+- **Gogs**: Simple, lightweight alternative
+
+### Gitea Installation
+```bash
+# Create gitea user
+sudo useradd -r -s /bin/false -d /var/lib/gitea gitea
+
+# Download and install
+wget https://dl.gitea.io/gitea/latest/gitea-linux-amd64
+sudo mv gitea-linux-amd64 /usr/local/bin/gitea
+sudo chmod +x /usr/local/bin/gitea
+
+# Create directories
+sudo mkdir -p /var/lib/gitea/{custom,data,log}
+sudo chown -R gitea:gitea /var/lib/gitea/
+sudo chmod -R 750 /var/lib/gitea/
+```
+
+### Configuration
+- **Database**: SQLite for simplicity, PostgreSQL for production
+- **Port**: 3000 (internal), reverse proxy for HTTPS
+- **SSH**: Port 2222 for git operations
+- **Features**: Web interface, issue tracking, organizations
+
+## Cloud Storage Solutions
+
+### Service Options
+- **Copyparty**: Quite new self-hosted file storage solution, must investigate!
+- **Nextcloud**: Full-featured, extensive app ecosystem ✅ *Recommended*
+- **ownCloud**: Original project, stable and mature
+- **Seafile**: Performance-focused file sync
+- **Syncthing**: Decentralized sync (no server needed)
+
+### Nextcloud Installation
+```bash
+# Via snap (recommended)
+sudo snap install nextcloud
+
+# Or via Docker
+docker run -d \
+  --name nextcloud \
+  -p 8080:80 \
+  -v nextcloud_data:/var/www/html \
+  nextcloud
+```
+Personal notes: Not a fan of snap, isn't there an AUR package?
+Go with docker otherwise
+
+### Features
+- File synchronization across devices
+- Video files, game installers -> high prio
+- Self-hosted git mirrors of favorite FOSS projects -> medium prio
+- Calendar and contacts (CalDAV/CardDAV) -> low prio
+- Document editing (OnlyOffice/Collabora) -> low prio
+- Photo management and sharing -> low prio
+- Mobile apps available?
+
+## Media Management
+
+### Jellyfin Media Server
+```bash
+# Install via AUR
+yay -S jellyfin-server jellyfin-web
+
+# Enable service
+sudo systemctl enable jellyfin
+sudo systemctl start jellyfin
+```
+
+Configuration:
+- **Port**: 8096 (web interface)
+- **Media paths**: `/data/movies`, `/data/tv`, `/data/music`
+- **Transcoding**: Hardware acceleration if available
+
+### Photo Management
+- **PhotoPrism**: AI-powered photo management
+- **Immich**: Modern photo backup solution
+- **LibrePhotos**: Privacy-focused alternative
+
+## Monitoring & Logging
+
+### System Monitoring
+```bash
+# Prometheus + Grafana stack
+docker-compose up -d prometheus grafana node-exporter
+```
+
+### Log Management
+- **Centralized logging**: rsyslog or journald
+- **Log rotation**: logrotate configuration
+- **Analysis**: grep, awk, or ELK stack for advanced needs
+
+### Health Checks
+- **Uptime monitoring**: Simple HTTP checks
+- **Service status**: systemd service monitoring
+- **Disk space**: Automated alerts for low space
+
+## Containerization Strategy
+
+### Docker Setup
+```bash
+# Install Docker
+pacman -S docker docker-compose
+sudo systemctl enable docker
+
+# Add user to docker group
+sudo usermod -aG docker hoborg
+```
+
+### Container Management
+- **Orchestration**: Docker Compose for multi-service apps
+- **Storage**: Named volumes for persistent data
+- **Networking**: Custom networks for service isolation
+- **Updates**: Watchtower for automated updates
+
+## Reverse Proxy Configuration
+
+### Nginx Setup
+```bash
+# Install nginx
+pacman -S nginx certbot certbot-nginx
+
+# Basic configuration
+server {
+    server_name ak-homelab.duckdns.org;
+
+    location /gitea/ {
+        proxy_pass http://localhost:3000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location /nextcloud/ {
+        proxy_pass http://localhost:8080/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
+```
+
+### SSL Certificates
+```bash
+# Let's Encrypt via certbot
+sudo certbot --nginx -d ak-homelab.duckdns.org
+```
+
+## Backup Strategy
+
+### Configuration Backups
+- **Service configs**: Docker volumes, /etc configs
+- **Database dumps**: Regular automated backups
+- **Storage**: External drive or cloud backup
+
+### Automated Backups
+```bash
+#!/bin/bash
+# backup-services.sh
+DATE=$(date +%Y%m%d)
+
+# Backup Gitea
+tar -czf /backup/gitea-$DATE.tar.gz /var/lib/gitea/
+
+# Backup Nextcloud data
+rsync -av /var/snap/nextcloud/common/nextcloud/data/ /backup/nextcloud-$DATE/
+
+# Database backup
+sudo -u postgres pg_dump gitea > /backup/gitea-db-$DATE.sql
+```
+
+## Resource Planning
+
+### Hardware Requirements
+- **RAM**: 4GB minimum, 8GB recommended
+- **Storage**:
+  - System: 50GB SSD
+  - Data: 1TB+ HDD for media/files
+- **Network**: Gigabit Ethernet preferred
+
+### Service Resource Usage
+| Service | RAM | CPU | Storage | Port |
+|---------|-----|-----|---------|------|
+| Gitea | 200MB | Low | 5GB+ | 3000 |
+| Nextcloud | 512MB | Medium | 10GB+ | 8080 |
+| Jellyfin | 1GB | High* | Media | 8096 |
+| Monitoring | 500MB | Low | 2GB | 3000/9090 |
+
+*High during transcoding
+
+## Security Considerations
+
+### Service Hardening
+- **Regular updates**: Automated security patches
+- **Access control**: VPN-only access when possible
+- **Authentication**: Strong passwords, 2FA where available
+- **Network isolation**: Separate VLANs or containers
+
+### Data Protection
+- **Encryption**: Full disk encryption (LUKS)
+- **Backups**: Encrypted offsite backups
+- **Access logs**: Monitor service access patterns
+- **Fail2ban**: Automatic IP blocking for repeated failures
+
+## Future Expansion
+
+### Additional Services to Consider
+- **Home Assistant**: ABSOLUTELY NOT
+- **Bitwarden/Vaultwarden**: Password management
+  - How is this better than keepassxc + filesync?
+- **Pi-hole**: Network-wide ad blocking
+- **Wireguard UI**: Web interface for VPN management
+- **Bookstack**: Documentation wiki
+  - What is this for? How does it compare to Logseq?
+- **FreshRSS**: RSS feed aggregator