# Services & Applications Planning and configuration for self-hosted services and applications. ## Git Repository Hosting ### Service Options - **Gitea**: Lightweight, Go-based, minimal resource usage ✅ *Recommended* - **Forgejo**: Gitea fork, community-driven development - **GitLab CE**: Feature-rich but more resource intensive - **Gogs**: Simple, lightweight alternative ### Gitea Installation ```bash # Create gitea user sudo useradd -r -s /bin/false -d /var/lib/gitea gitea # Download and install wget https://dl.gitea.io/gitea/latest/gitea-linux-amd64 sudo mv gitea-linux-amd64 /usr/local/bin/gitea sudo chmod +x /usr/local/bin/gitea # Create directories sudo mkdir -p /var/lib/gitea/{custom,data,log} sudo chown -R gitea:gitea /var/lib/gitea/ sudo chmod -R 750 /var/lib/gitea/ ``` ### Configuration - **Database**: SQLite for simplicity, PostgreSQL for production - **Port**: 3000 (internal), reverse proxy for HTTPS - **SSH**: Port 2222 for git operations - **Features**: Web interface, issue tracking, organizations ## Cloud Storage Solutions ### Service Options - **Copyparty**: Quite new self-hosted file storage solution, must investigate! - **Nextcloud**: Full-featured, extensive app ecosystem ✅ *Recommended* - **ownCloud**: Original project, stable and mature - **Seafile**: Performance-focused file sync - **Syncthing**: Decentralized sync (no server needed) ### Nextcloud Installation ```bash # Via snap (recommended) sudo snap install nextcloud # Or via Docker docker run -d \ --name nextcloud \ -p 8080:80 \ -v nextcloud_data:/var/www/html \ nextcloud ``` Personal notes: Not a fan of snap, isn't there an AUR package? Go with docker otherwise ### Features - File synchronization across devices - Video files, game installers -> high prio - Self-hosted git mirrors of favorite FOSS projects -> medium prio - Calendar and contacts (CalDAV/CardDAV) -> low prio - Document editing (OnlyOffice/Collabora) -> low prio - Photo management and sharing -> low prio - Mobile apps available? ## Media Management ### Jellyfin Media Server ```bash # Install via AUR yay -S jellyfin-server jellyfin-web # Enable service sudo systemctl enable jellyfin sudo systemctl start jellyfin ``` Configuration: - **Port**: 8096 (web interface) - **Media paths**: `/data/movies`, `/data/tv`, `/data/music` - **Transcoding**: Hardware acceleration if available ### Photo Management - **PhotoPrism**: AI-powered photo management - **Immich**: Modern photo backup solution - **LibrePhotos**: Privacy-focused alternative ## Monitoring & Logging ### System Monitoring ```bash # Prometheus + Grafana stack docker-compose up -d prometheus grafana node-exporter ``` ### Log Management - **Centralized logging**: rsyslog or journald - **Log rotation**: logrotate configuration - **Analysis**: grep, awk, or ELK stack for advanced needs ### Health Checks - **Uptime monitoring**: Simple HTTP checks - **Service status**: systemd service monitoring - **Disk space**: Automated alerts for low space ## Containerization Strategy ### Docker Setup ```bash # Install Docker pacman -S docker docker-compose sudo systemctl enable docker # Add user to docker group sudo usermod -aG docker hoborg ``` ### Container Management - **Orchestration**: Docker Compose for multi-service apps - **Storage**: Named volumes for persistent data - **Networking**: Custom networks for service isolation - **Updates**: Watchtower for automated updates ## Reverse Proxy Configuration ### Nginx Setup ```bash # Install nginx pacman -S nginx certbot certbot-nginx # Basic configuration server { server_name ak-homelab.duckdns.org; location /gitea/ { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } location /nextcloud/ { proxy_pass http://localhost:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } ``` ### SSL Certificates ```bash # Let's Encrypt via certbot sudo certbot --nginx -d ak-homelab.duckdns.org ``` ## Backup Strategy ### Configuration Backups - **Service configs**: Docker volumes, /etc configs - **Database dumps**: Regular automated backups - **Storage**: External drive or cloud backup ### Automated Backups ```bash #!/bin/bash # backup-services.sh DATE=$(date +%Y%m%d) # Backup Gitea tar -czf /backup/gitea-$DATE.tar.gz /var/lib/gitea/ # Backup Nextcloud data rsync -av /var/snap/nextcloud/common/nextcloud/data/ /backup/nextcloud-$DATE/ # Database backup sudo -u postgres pg_dump gitea > /backup/gitea-db-$DATE.sql ``` ## Resource Planning ### Hardware Requirements - **RAM**: 4GB minimum, 8GB recommended - **Storage**: - System: 50GB SSD - Data: 1TB+ HDD for media/files - **Network**: Gigabit Ethernet preferred ### Service Resource Usage | Service | RAM | CPU | Storage | Port | |---------|-----|-----|---------|------| | Gitea | 200MB | Low | 5GB+ | 3000 | | Nextcloud | 512MB | Medium | 10GB+ | 8080 | | Jellyfin | 1GB | High* | Media | 8096 | | Monitoring | 500MB | Low | 2GB | 3000/9090 | *High during transcoding ## Security Considerations ### Service Hardening - **Regular updates**: Automated security patches - **Access control**: VPN-only access when possible - **Authentication**: Strong passwords, 2FA where available - **Network isolation**: Separate VLANs or containers ### Data Protection - **Encryption**: Full disk encryption (LUKS) - **Backups**: Encrypted offsite backups - **Access logs**: Monitor service access patterns - **Fail2ban**: Automatic IP blocking for repeated failures ## Future Expansion ### Additional Services to Consider - **Home Assistant**: ABSOLUTELY NOT - **Bitwarden/Vaultwarden**: Password management - How is this better than keepassxc + filesync? - **Pi-hole**: Network-wide ad blocking - **Wireguard UI**: Web interface for VPN management - **Bookstack**: Documentation wiki - What is this for? How does it compare to Logseq? - **FreshRSS**: RSS feed aggregator