homelab/services.md

# Services & Applications

Planning and configuration for self-hosted services and applications.

## Git Repository Hosting

### Service Options
- **Gitea**: Lightweight, Go-based, minimal resource usage ✅ *Recommended*
- **Forgejo**: Gitea fork, community-driven development
- **GitLab CE**: Feature-rich but more resource intensive
- **Gogs**: Simple, lightweight alternative

### Gitea Installation
```bash
# Create gitea user
sudo useradd -r -s /bin/false -d /var/lib/gitea gitea

# Download and install
wget https://dl.gitea.io/gitea/latest/gitea-linux-amd64
sudo mv gitea-linux-amd64 /usr/local/bin/gitea
sudo chmod +x /usr/local/bin/gitea

# Create directories
sudo mkdir -p /var/lib/gitea/{custom,data,log}
sudo chown -R gitea:gitea /var/lib/gitea/
sudo chmod -R 750 /var/lib/gitea/
```

### Configuration
- **Database**: SQLite for simplicity, PostgreSQL for production
- **Port**: 3000 (internal), reverse proxy for HTTPS
- **SSH**: Port 2222 for git operations
- **Features**: Web interface, issue tracking, organizations

## Cloud Storage Solutions

### Service Options
- **Copyparty**: Quite new self-hosted file storage solution, must investigate!
- **Nextcloud**: Full-featured, extensive app ecosystem ✅ *Recommended*
- **ownCloud**: Original project, stable and mature
- **Seafile**: Performance-focused file sync
- **Syncthing**: Decentralized sync (no server needed)

### Nextcloud Installation
```bash
# Via snap (recommended)
sudo snap install nextcloud

# Or via Docker
docker run -d \
  --name nextcloud \
  -p 8080:80 \
  -v nextcloud_data:/var/www/html \
  nextcloud
```
Personal notes: Not a fan of snap, isn't there an AUR package?
Go with docker otherwise

### Features
- File synchronization across devices
- Video files, game installers -> high prio
- Self-hosted git mirrors of favorite FOSS projects -> medium prio
- Calendar and contacts (CalDAV/CardDAV) -> low prio
- Document editing (OnlyOffice/Collabora) -> low prio
- Photo management and sharing -> low prio
- Mobile apps available?

## Media Management

### Jellyfin Media Server
```bash
# Install via AUR
yay -S jellyfin-server jellyfin-web

# Enable service
sudo systemctl enable jellyfin
sudo systemctl start jellyfin
```

Configuration:
- **Port**: 8096 (web interface)
- **Media paths**: `/data/movies`, `/data/tv`, `/data/music`
- **Transcoding**: Hardware acceleration if available

### Photo Management
- **PhotoPrism**: AI-powered photo management
- **Immich**: Modern photo backup solution
- **LibrePhotos**: Privacy-focused alternative

## Monitoring & Logging

### System Monitoring
```bash
# Prometheus + Grafana stack
docker-compose up -d prometheus grafana node-exporter
```

### Log Management
- **Centralized logging**: rsyslog or journald
- **Log rotation**: logrotate configuration
- **Analysis**: grep, awk, or ELK stack for advanced needs

### Health Checks
- **Uptime monitoring**: Simple HTTP checks
- **Service status**: systemd service monitoring
- **Disk space**: Automated alerts for low space

## Containerization Strategy

### Docker Setup
```bash
# Install Docker
pacman -S docker docker-compose
sudo systemctl enable docker

# Add user to docker group
sudo usermod -aG docker hoborg
```

### Container Management
- **Orchestration**: Docker Compose for multi-service apps
- **Storage**: Named volumes for persistent data
- **Networking**: Custom networks for service isolation
- **Updates**: Watchtower for automated updates

## Reverse Proxy Configuration

### Nginx Setup
```bash
# Install nginx
pacman -S nginx certbot certbot-nginx

# Basic configuration
server {
    server_name ak-homelab.duckdns.org;

    location /gitea/ {
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location /nextcloud/ {
        proxy_pass http://localhost:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
```

### SSL Certificates
```bash
# Let's Encrypt via certbot
sudo certbot --nginx -d ak-homelab.duckdns.org
```

## Backup Strategy

### Configuration Backups
- **Service configs**: Docker volumes, /etc configs
- **Database dumps**: Regular automated backups
- **Storage**: External drive or cloud backup

### Automated Backups
```bash
#!/bin/bash
# backup-services.sh
DATE=$(date +%Y%m%d)

# Backup Gitea
tar -czf /backup/gitea-$DATE.tar.gz /var/lib/gitea/

# Backup Nextcloud data
rsync -av /var/snap/nextcloud/common/nextcloud/data/ /backup/nextcloud-$DATE/

# Database backup
sudo -u postgres pg_dump gitea > /backup/gitea-db-$DATE.sql
```

## Resource Planning

### Hardware Requirements
- **RAM**: 4GB minimum, 8GB recommended
- **Storage**:
  - System: 50GB SSD
  - Data: 1TB+ HDD for media/files
- **Network**: Gigabit Ethernet preferred

### Service Resource Usage
| Service | RAM | CPU | Storage | Port |
|---------|-----|-----|---------|------|
| Gitea | 200MB | Low | 5GB+ | 3000 |
| Nextcloud | 512MB | Medium | 10GB+ | 8080 |
| Jellyfin | 1GB | High* | Media | 8096 |
| Monitoring | 500MB | Low | 2GB | 3000/9090 |

*High during transcoding

## Security Considerations

### Service Hardening
- **Regular updates**: Automated security patches
- **Access control**: VPN-only access when possible
- **Authentication**: Strong passwords, 2FA where available
- **Network isolation**: Separate VLANs or containers

### Data Protection
- **Encryption**: Full disk encryption (LUKS)
- **Backups**: Encrypted offsite backups
- **Access logs**: Monitor service access patterns
- **Fail2ban**: Automatic IP blocking for repeated failures

## Future Expansion

### Additional Services to Consider
- **Home Assistant**: ABSOLUTELY NOT
- **Bitwarden/Vaultwarden**: Password management
  - How is this better than keepassxc + filesync?
- **Pi-hole**: Network-wide ad blocking
- **Wireguard UI**: Web interface for VPN management
- **Bookstack**: Documentation wiki
  - What is this for? How does it compare to Logseq?
- **FreshRSS**: RSS feed aggregator