From e97a0f641ea7d3d2cdd64f391d1cba6fee7843bd Mon Sep 17 00:00:00 2001
From: Arpad Krejczinger <krejczinger.arpad@gmail.com>
Date: Sun, 17 Aug 2025 20:58:20 +0200
Subject: [PATCH] Update services documentation with Jellyfin and improvements
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add comprehensive Jellyfin media server documentation
- Document successful folder structure compatibility testing
- Update Copyparty URLs from /cloud to /files
- Add metadata management instructions for Jellyfin
- Include music collection management strategies
- Document SSL certificate setup completion

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 docs/services.md | 167 ++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 145 insertions(+), 22 deletions(-)

diff --git a/docs/services.md b/docs/services.md
index 7cbba0c..709d60e 100644
--- a/docs/services.md
+++ b/docs/services.md
@@ -143,11 +143,11 @@ docker-compose pull && docker-compose up -d  # Update
    - Admin user account created
    - SSH access configured
    - Repository migration completed
-5. 📋 SSL certificate setup - **Next step**
+5. ✅ SSL certificate setup - **COMPLETE - Let's Encrypt with auto-renewal**
 
 **Current Access:**
-- ✅ Local UI working: http://192.168.0.100/gitea/
-- ✅ External access: http://ak-homelab.duckdns.org/gitea/ - **WORKING (fast response)**
+- ✅ Local UI working: https://192.168.0.100/gitea/ (HTTPS with SSL)
+- ✅ External access: https://ak-homelab.duckdns.org/gitea/ - **WORKING (HTTPS enabled)**
 - ✅ Git SSH access: ssh://git@ak-homelab.duckdns.org:2223 - **WORKING**
 
 **Completed Configuration:**
@@ -155,6 +155,9 @@ docker-compose pull && docker-compose up -d  # Update
 - Removed direct port 3000 forwarding
 - Homelab repository successfully migrated to Gitea
 - External access confirmed working from Windows PC
+- SSL certificates installed with Let's Encrypt
+- Automatic HTTP→HTTPS redirect enabled
+- Certificate auto-renewal configured
 
 ## Cloud Storage Solutions
 
@@ -182,10 +185,11 @@ sudo pacman -S copyparty
 ```
 
 **Current Setup:**
-- **Local Access**: http://127.0.0.1:8082/cloud/
-- **External Access**: http://ak-homelab.duckdns.org/cloud/
-- **Port**: 8082 (behind Nginx reverse proxy on /cloud/ path)
+- **Local Access**: https://127.0.0.1/files/ (SSL enabled)
+- **External Access**: https://ak-homelab.duckdns.org/files/ (HTTPS with Let's Encrypt SSL)
+- **Port**: 8082 (behind Nginx reverse proxy on /files/ path)
 - **Service**: Managed by systemd, auto-starts on boot
+- **SSL**: Let's Encrypt certificates with automatic renewal
 
 **User Accounts:**
 - **guest**: Standard user with read/write access to shared areas
@@ -233,7 +237,7 @@ sudo systemctl disable copyparty
 **Configuration Files:**
 - **Main config**: `/home/hoborg/.config/copyparty/copyparty.conf`
 - **Systemd service**: `/home/hoborg/homelab/config/systemd/copyparty.service`
-- **Nginx integration**: Path `/cloud/` in homelab.conf
+- **Nginx integration**: Path `/files/` in homelab.conf
 
 **Testing Confirmed:**
 - ✅ File uploads working (including video files)
@@ -269,19 +273,94 @@ Go with docker otherwise
 ## Media Management
 
 ### Jellyfin Media Server
-```bash
-# Install via AUR
-yay -S jellyfin-server jellyfin-web
 
-# Enable service
-sudo systemctl enable jellyfin
-sudo systemctl start jellyfin
+**Status:** ✅ **DEPLOYED AND WORKING** - Docker-based media server with hardware acceleration
+
+**Installation:**
+```bash
+# Deploy configuration files
+sudo mkdir -p /opt/docker/jellyfin/{config,cache}
+sudo cp config/docker/jellyfin/docker-compose.yml /opt/docker/jellyfin/
+
+# Start container
+cd /opt/docker/jellyfin
+sudo docker-compose up -d
 ```
 
-Configuration:
-- **Port**: 8096 (web interface)
-- **Media paths**: `/data/movies`, `/data/tv`, `/data/music`
-- **Transcoding**: Hardware acceleration if available
+**Current Setup:**
+- **Local Access**: http://localhost:8096
+- **External Access**: https://ak-homelab.duckdns.org/media/ (HTTPS with Let's Encrypt SSL)
+- **Container**: jellyfin/jellyfin:latest with network_mode: host
+- **Hardware Acceleration**: VAAPI, QSV, CUDA support enabled
+
+**Media Library Structure:**
+```
+/media/music    → /home/hoborg/Music        (shared with Copyparty)
+/media/videos   → /home/hoborg/Videos       (shared with Copyparty)
+/media/shared   → /home/hoborg/shared       (shared with Copyparty)
+```
+
+**Features Enabled:**
+- Hardware transcoding (Intel/AMD GPU via /dev/dri)
+- Multiple codec support (H.264, H.265, AV1, etc.)
+- Hardware acceleration filters and encoders
+- Reverse proxy integration with optimized streaming settings
+- Resource limits: 2GB max memory, 512MB reserved
+
+**Configuration Management:**
+```bash
+# Check container status
+cd /opt/docker/jellyfin && sudo docker-compose logs jellyfin
+
+# Container management
+sudo docker-compose down             # Stop
+sudo docker-compose up -d            # Start
+sudo docker-compose pull && sudo docker-compose up -d  # Update
+
+# View detailed logs
+sudo docker-compose logs -f jellyfin
+```
+
+**Integration with Other Services:**
+- **Copyparty**: Shares same media folders without duplication
+- **Nginx**: Reverse proxy with streaming-optimized configuration
+- **SSL**: Secured with Let's Encrypt certificates and auto-renewal
+
+**Initial Setup:**
+1. Visit http://localhost:8096 for setup wizard
+2. Create admin account and configure server
+3. Add media libraries pointing to `/media/music`, `/media/videos`, `/media/shared`
+4. Configure hardware acceleration in Dashboard > Playback settings
+
+**Folder Structure Compatibility: ✅ CONFIRMED WORKING**
+- **Music Library**: Successfully works with existing Artist/Album structure
+- **Copyparty Interoperability**: ✅ Both services share same folders without conflicts
+- **Metadata Support**: Downloads album artwork, descriptions, and artist information from online sources
+- **Electronic Music**: Works well with existing organized structure (e.g., "The Hu - Discography/Albums/...")
+
+**Metadata Management:**
+- **Auto-Download**: Enable MusicBrainz, TheAudioDB, Last.fm in Dashboard > Metadata > Music
+- **Manual Refresh**: Library scan via Dashboard > Libraries > Music > Scan Library
+- **Force Refresh**: Use "Replace All Metadata" for complete metadata re-download
+- **Individual Items**: Right-click albums/artists for targeted metadata refresh
+
+### Music Collection Management
+
+**Playlist Extraction:**
+- **YouTube Music**: Use `ytmusicapi` Python library or Google Takeout
+- **SoundCloud**: Use `scdl` tool or SoundCloud API
+- **Output Formats**: CSV (artist, title, playlist), JSON metadata, M3U playlists, plain text lists
+
+**Legal Music Sources:**
+- **High Quality**: Bandcamp (FLAC), Beatport, 7digital, HDtracks
+- **Mainstream**: Amazon Music, iTunes Store, artist websites
+- **Subscription Downloads**: Tidal, Qobuz premium tiers
+- **Physical Media**: CD ripping, vinyl digitization, cassette conversion
+
+**Organization Tools:**
+- **MusicBrainz Picard**: Automatic metadata tagging and correction
+- **beets**: Advanced music library management and organization
+- **Bulk Scripts**: Custom automation for file organization and import
 
 ### Photo Management
 - **PhotoPrism**: AI-powered photo management
@@ -367,13 +446,57 @@ sudo usermod -aG docker hoborg
 
 **Chosen Architecture:**
 ```
-ak-homelab.duckdns.org/          → Landing page/dashboard
-ak-homelab.duckdns.org/gitea/    → Gitea Git server
-ak-homelab.duckdns.org/cloud/    → Nextcloud file sync
-ak-homelab.duckdns.org/media/    → Jellyfin media server
-ak-homelab.duckdns.org/monitor/  → System monitoring
+https://ak-homelab.duckdns.org/          → Landing page/dashboard
+https://ak-homelab.duckdns.org/gitea/    → Gitea Git server ✅ DEPLOYED
+https://ak-homelab.duckdns.org/files/    → Copyparty file server ✅ DEPLOYED
+https://ak-homelab.duckdns.org/media/    → Jellyfin media server (planned)
+https://ak-homelab.duckdns.org/monitor/  → System monitoring (planned)
 ```
 
+### SSL/TLS Configuration
+
+**Status:** ✅ **COMPLETE** - Let's Encrypt SSL with automatic renewal
+
+**SSL Certificate Setup:**
+```bash
+# Certificate installation (completed)
+sudo certbot --nginx -d ak-homelab.duckdns.org
+
+# Auto-renewal service (enabled)
+sudo systemctl enable certbot-renew.timer
+sudo systemctl start certbot-renew.timer
+```
+
+**Certificate Details:**
+- **CA**: Let's Encrypt (trusted by all major browsers)
+- **Certificate**: `/etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem`
+- **Private Key**: `/etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem`
+- **Renewal**: Automatic every 90 days via systemd timer
+- **Security**: Strong TLS configuration with DH parameters
+
+**Security Features:**
+- **HTTP→HTTPS Redirect**: All HTTP traffic automatically redirected to HTTPS
+- **HSTS Headers**: Included via Let's Encrypt nginx configuration
+- **Strong Ciphers**: Modern TLS 1.2/1.3 cipher suites
+- **Perfect Forward Secrecy**: Enabled via Diffie-Hellman parameters
+
+**Renewal Management:**
+```bash
+# Check renewal status
+sudo systemctl status certbot-renew.timer
+
+# Manual renewal test (dry run)
+sudo certbot renew --dry-run
+
+# View renewal logs
+journalctl -u certbot-renew.service
+```
+
+**Certificate Verification:**
+- Browser shows green padlock for all services
+- SSL Labs rating: A+ (expected)
+- All services accessible via HTTPS only
+
 ### Advanced Nginx Options
 
 **Nginx Plus (Commercial):** $2500+/year