# Homelab TODO List ## Network & Security - [x] DuckDNS dynamic DNS setup *(completed - ak-homelab.duckdns.org)* - [x] SSH security hardening *(documented in network-security.md)* - [x] Figure out why laptop IP changes: Different eth ports have different MAC? - [x] Router port forwarding configuration - [ ] !!! Set up geoblocking for SSH. Rest of SSH hardening already done. - [ ] !!! Modify syncthing to sync the NAS folders where appropriate (e.g. Logseq) - [ ] Dockerize everything and use symlinks for dockerfiles (tired of constantly copying stuff over) - [ ] !!! IMPORTANT: Run setup scripts made by security reviewer agent - [ ] Ran out of AI quota mid-security review so continue where we left off. Some scripts created but it's not complete yet - [ ] Some logs saved to ~/audit - [ ] ENCRYPTED FOLDER idea: - Use tomb to create an encrypted vault e.g. /mnt/nas/nas_encrypted - Have a local folder that's empty e.g. /nas_plain - Use tomb to unlock and mount /mnt/nas/nas_encrypted to /nas_plain - Jellyfin is set up to look at nas_plain - When locked: Jellyfin sees empty folder - When unlocked: Jellyfin has access - TO TEST: What about preview pictures etc. within Jellyfin? Adult content may still be visible - [ ] WireGuard VPN server configuration - [ ] UFW firewall setup and rules - [ ] fail2ban for intrusion prevention - [ ] Security enhancement for VNC connections (in the meantime: only run the vnc service for short time while we are using it) ## Git & Development - [x] Gitea Docker container setup *(completed - running on port 3000)* - [x] Nginx reverse proxy setup *(completed)* - [ ] Create homelab landing page at /var/www/homelab/index.html - [x] Configure router port forwarding for Nginx *(completed - external access working)* - [x] Port 80 → 192.168.0.100:80 (HTTP) - [x] Port 443 → 192.168.0.100:443 (HTTPS) - [x] Remove port 3000 direct forwarding (will go through nginx) - [x] Keep port 2223 → 192.168.0.100:2223 (Git SSH operations) - [x] Test external access: https://ak-homelab.duckdns.org/ *(working - HTTPS with SSL)* - [x] Set up SSL certificates: sudo certbot --nginx -d ak-homelab.duckdns.org *(completed - auto-renewal enabled)* - [x] Initial Gitea configuration via web interface (http://ak-homelab.duckdns.org/gitea/) *(completed)* - [x] Complete installation wizard with correct base URL - [x] Create admin user account - [x] Configure SSH access and repository settings - [x] Migrate homelab repository to Gitea ## System Configuration - [x] Arch Linux installation and basic setup *(completed)* - [x] TTY configuration with ter-124b font *(completed)* - [x] Caps lock → backspace mapping in TTY *(completed)* - [x] Dotfiles management with yadm *(completed)* - [x] Temperature monitoring in tmux *(completed)* - [x] Zsh history sharing between sessions *(completed)* - [x] Fix TTY colors for better code readability - [ ] Configure automatic system backups ## Desktop & Applications Lower priority - mostly using SSH or TTY anyways - [ ] Add windows-like bottom panel icons - [ ] Install additional browsers as backup - [ ] Add dmenu run shortcut - [ ] Later: Test awesomewm once again, consider migration - [x] Install Deskflow for multi-device setup ## Data organization - [ ] Mount and configure /data drive - [ ] Copy backups from USB drives * Not sure if necessary, some files may already be on the PC * [ ] First: Do a bit of "duplication check" across various devices and USBs, make a plan of what to store where - [ ] Copy any media files from other devices ## Music Collection Management - [ ] Extract playlists from YouTube Music and SoundCloud - Store metadata (author, song title) in plaintext format - Tools to consider: ytmusicapi (YouTube Music), scdl (SoundCloud), Google Takeout - Output formats: CSV, JSON, M3U with metadata, plain text lists - [ ] Obtain music files for self-hosted collection - Legal sources: Bandcamp (FLAC), Beatport, 7digital, HDtracks, artist websites - Physical media: CD ripping, vinyl digitization, cassette conversion - Streaming downloads: Tidal, Qobuz, Amazon Music, iTunes Store - Organization tools: MusicBrainz Picard (tagging), beets (library management) ## Services & Self-Hosting - [x] Install and configure Gitea for Git hosting *(completed - external access working)* - [x] Set up file server with Copyparty *(completed - uploads/downloads working)* - [x] User authentication and access control - [x] Multiple volume shares (shared, documents, music, videos, private) - [x] Systemd service for auto-start - [x] Nginx reverse proxy integration - [x] Configure Jellyfin media server *(completed - running on port 8096)* - [x] Docker container setup with hardware acceleration - [x] Nginx reverse proxy integration at /media/ path - [x] Shared media folders with Copyparty (Music, Videos, shared) - [ ] Set up self-hosted chat server (Matrix or Mattermost) - [ ] Install monitoring and management tools *(in progress)* - [ ] Portainer (Docker management with built-in auth) - [ ] Glances (system monitoring with nginx basic auth) - [ ] Cockpit (system administration with PAM auth) - [ ] lazydocker (terminal Docker management) - [ ] Configure nginx basic auth for Glances endpoint - [ ] Update nginx reverse proxy config for new admin services - [ ] Update homelab landing page with new admin service links - [ ] Set up Nextcloud for advanced file synchronization features - Copyparty covers basic file sharing needs - [x] Set up reverse proxy with SSL certificates *(completed - HTTPS working with auto-renewal)* - [ ] Make sure all services are dockerized unless we have a good reason not to - Gitea: ✅ Docker - Jellyfin: ✅ Docker - Copyparty: ❌ systemd service (consider dockerizing) - Nginx: ❌ system package (fine as-is for reverse proxy) - Portainer: ✅ Docker - Glances: ❌ system package (web server mode) - Cockpit: ❌ system package (system integration required) ## Hardware & Troubleshooting - [ ] Fix bluetooth audio connectivity issues - [x] Investigate tmux battery indicator missing until config reload - [x] Figure out drag and drop window tiling solution -> workaround with keyboard shortcuts - [ ] Install multimedia codecs and applications ## Security & Maintenance - [ ] Configure automatic security updates - [ ] Set up system monitoring and alerting - [ ] Implement backup strategy for services - [ ] Regular security audit and updates - [ ] Document recovery procedures