Update services documentation with Jellyfin and improvements

- Add comprehensive Jellyfin media server documentation - Document successful folder structure compatibility testing - Update Copyparty URLs from /cloud to /files - Add metadata management instructions for Jellyfin - Include music collection management strategies - Document SSL certificate setup completion 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-17 20:58:20 +02:00
parent a0fed3fbd8
commit e97a0f641e
1 changed files with 145 additions and 22 deletions
--- a/docs/services.md
+++ b/docs/services.md
@@ -143,11 +143,11 @@ docker-compose pull && docker-compose up -d  # Update
   - Admin user account created
   - SSH access configured
   - Repository migration completed
-5. 📋 SSL certificate setup - **Next step**
+5. ✅ SSL certificate setup - **COMPLETE - Let's Encrypt with auto-renewal**

 **Current Access:**
- ✅ Local UI working: http://192.168.0.100/gitea/
- ✅ External access: http://ak-homelab.duckdns.org/gitea/ - **WORKING (fast response)**
+- ✅ Local UI working: https://192.168.0.100/gitea/ (HTTPS with SSL)
+- ✅ External access: https://ak-homelab.duckdns.org/gitea/ - **WORKING (HTTPS enabled)**
 - ✅ Git SSH access: ssh://git@ak-homelab.duckdns.org:2223 - **WORKING**

 **Completed Configuration:**
@@ -155,6 +155,9 @@ docker-compose pull && docker-compose up -d  # Update
 - Removed direct port 3000 forwarding
 - Homelab repository successfully migrated to Gitea
 - External access confirmed working from Windows PC
+- SSL certificates installed with Let's Encrypt
+- Automatic HTTP→HTTPS redirect enabled
+- Certificate auto-renewal configured

 ## Cloud Storage Solutions

@@ -182,10 +185,11 @@ sudo pacman -S copyparty
 ```

 **Current Setup:**
- **Local Access**: http://127.0.0.1:8082/cloud/
- **External Access**: http://ak-homelab.duckdns.org/cloud/
- **Port**: 8082 (behind Nginx reverse proxy on /cloud/ path)
+- **Local Access**: https://127.0.0.1/files/ (SSL enabled)
+- **External Access**: https://ak-homelab.duckdns.org/files/ (HTTPS with Let's Encrypt SSL)
+- **Port**: 8082 (behind Nginx reverse proxy on /files/ path)
 - **Service**: Managed by systemd, auto-starts on boot
+- **SSL**: Let's Encrypt certificates with automatic renewal

 **User Accounts:**
 - **guest**: Standard user with read/write access to shared areas
@@ -233,7 +237,7 @@ sudo systemctl disable copyparty
 **Configuration Files:**
 - **Main config**: `/home/hoborg/.config/copyparty/copyparty.conf`
 - **Systemd service**: `/home/hoborg/homelab/config/systemd/copyparty.service`
- **Nginx integration**: Path `/cloud/` in homelab.conf
+- **Nginx integration**: Path `/files/` in homelab.conf

 **Testing Confirmed:**
 - ✅ File uploads working (including video files)
@@ -269,19 +273,94 @@ Go with docker otherwise
 ## Media Management

 ### Jellyfin Media Server
-```bash
-# Install via AUR
-yay -S jellyfin-server jellyfin-web

-# Enable service
-sudo systemctl enable jellyfin
-sudo systemctl start jellyfin
+**Status:** ✅ **DEPLOYED AND WORKING** - Docker-based media server with hardware acceleration
+
+**Installation:**
+```bash
+# Deploy configuration files
+sudo mkdir -p /opt/docker/jellyfin/{config,cache}
+sudo cp config/docker/jellyfin/docker-compose.yml /opt/docker/jellyfin/
+
+# Start container
+cd /opt/docker/jellyfin
+sudo docker-compose up -d
 ```

-Configuration:
- **Port**: 8096 (web interface)
- **Media paths**: `/data/movies`, `/data/tv`, `/data/music`
- **Transcoding**: Hardware acceleration if available
+**Current Setup:**
+- **Local Access**: http://localhost:8096
+- **External Access**: https://ak-homelab.duckdns.org/media/ (HTTPS with Let's Encrypt SSL)
+- **Container**: jellyfin/jellyfin:latest with network_mode: host
+- **Hardware Acceleration**: VAAPI, QSV, CUDA support enabled
+
+**Media Library Structure:**
+```
+/media/music    → /home/hoborg/Music        (shared with Copyparty)
+/media/videos   → /home/hoborg/Videos       (shared with Copyparty)
+/media/shared   → /home/hoborg/shared       (shared with Copyparty)
+```
+
+**Features Enabled:**
+- Hardware transcoding (Intel/AMD GPU via /dev/dri)
+- Multiple codec support (H.264, H.265, AV1, etc.)
+- Hardware acceleration filters and encoders
+- Reverse proxy integration with optimized streaming settings
+- Resource limits: 2GB max memory, 512MB reserved
+
+**Configuration Management:**
+```bash
+# Check container status
+cd /opt/docker/jellyfin && sudo docker-compose logs jellyfin
+
+# Container management
+sudo docker-compose down             # Stop
+sudo docker-compose up -d            # Start
+sudo docker-compose pull && sudo docker-compose up -d  # Update
+
+# View detailed logs
+sudo docker-compose logs -f jellyfin
+```
+
+**Integration with Other Services:**
+- **Copyparty**: Shares same media folders without duplication
+- **Nginx**: Reverse proxy with streaming-optimized configuration
+- **SSL**: Secured with Let's Encrypt certificates and auto-renewal
+
+**Initial Setup:**
+1. Visit http://localhost:8096 for setup wizard
+2. Create admin account and configure server
+3. Add media libraries pointing to `/media/music`, `/media/videos`, `/media/shared`
+4. Configure hardware acceleration in Dashboard > Playback settings
+
+**Folder Structure Compatibility: ✅ CONFIRMED WORKING**
+- **Music Library**: Successfully works with existing Artist/Album structure
+- **Copyparty Interoperability**: ✅ Both services share same folders without conflicts
+- **Metadata Support**: Downloads album artwork, descriptions, and artist information from online sources
+- **Electronic Music**: Works well with existing organized structure (e.g., "The Hu - Discography/Albums/...")
+
+**Metadata Management:**
+- **Auto-Download**: Enable MusicBrainz, TheAudioDB, Last.fm in Dashboard > Metadata > Music
+- **Manual Refresh**: Library scan via Dashboard > Libraries > Music > Scan Library
+- **Force Refresh**: Use "Replace All Metadata" for complete metadata re-download
+- **Individual Items**: Right-click albums/artists for targeted metadata refresh
+
+### Music Collection Management
+
+**Playlist Extraction:**
+- **YouTube Music**: Use `ytmusicapi` Python library or Google Takeout
+- **SoundCloud**: Use `scdl` tool or SoundCloud API
+- **Output Formats**: CSV (artist, title, playlist), JSON metadata, M3U playlists, plain text lists
+
+**Legal Music Sources:**
+- **High Quality**: Bandcamp (FLAC), Beatport, 7digital, HDtracks
+- **Mainstream**: Amazon Music, iTunes Store, artist websites
+- **Subscription Downloads**: Tidal, Qobuz premium tiers
+- **Physical Media**: CD ripping, vinyl digitization, cassette conversion
+
+**Organization Tools:**
+- **MusicBrainz Picard**: Automatic metadata tagging and correction
+- **beets**: Advanced music library management and organization
+- **Bulk Scripts**: Custom automation for file organization and import

 ### Photo Management
 - **PhotoPrism**: AI-powered photo management
@@ -367,13 +446,57 @@ sudo usermod -aG docker hoborg

 **Chosen Architecture:**
 ```
-ak-homelab.duckdns.org/          → Landing page/dashboard
-ak-homelab.duckdns.org/gitea/    → Gitea Git server
-ak-homelab.duckdns.org/cloud/    → Nextcloud file sync
-ak-homelab.duckdns.org/media/    → Jellyfin media server
-ak-homelab.duckdns.org/monitor/  → System monitoring
+https://ak-homelab.duckdns.org/          → Landing page/dashboard
+https://ak-homelab.duckdns.org/gitea/    → Gitea Git server ✅ DEPLOYED
+https://ak-homelab.duckdns.org/files/    → Copyparty file server ✅ DEPLOYED
+https://ak-homelab.duckdns.org/media/    → Jellyfin media server (planned)
+https://ak-homelab.duckdns.org/monitor/  → System monitoring (planned)
 ```

+### SSL/TLS Configuration
+
+**Status:** ✅ **COMPLETE** - Let's Encrypt SSL with automatic renewal
+
+**SSL Certificate Setup:**
+```bash
+# Certificate installation (completed)
+sudo certbot --nginx -d ak-homelab.duckdns.org
+
+# Auto-renewal service (enabled)
+sudo systemctl enable certbot-renew.timer
+sudo systemctl start certbot-renew.timer
+```
+
+**Certificate Details:**
+- **CA**: Let's Encrypt (trusted by all major browsers)
+- **Certificate**: `/etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem`
+- **Private Key**: `/etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem`
+- **Renewal**: Automatic every 90 days via systemd timer
+- **Security**: Strong TLS configuration with DH parameters
+
+**Security Features:**
+- **HTTP→HTTPS Redirect**: All HTTP traffic automatically redirected to HTTPS
+- **HSTS Headers**: Included via Let's Encrypt nginx configuration
+- **Strong Ciphers**: Modern TLS 1.2/1.3 cipher suites
+- **Perfect Forward Secrecy**: Enabled via Diffie-Hellman parameters
+
+**Renewal Management:**
+```bash
+# Check renewal status
+sudo systemctl status certbot-renew.timer
+
+# Manual renewal test (dry run)
+sudo certbot renew --dry-run
+
+# View renewal logs
+journalctl -u certbot-renew.service
+```
+
+**Certificate Verification:**
+- Browser shows green padlock for all services
+- SSL Labs rating: A+ (expected)
+- All services accessible via HTTPS only
+
 ### Advanced Nginx Options

 **Nginx Plus (Commercial):** $2500+/year