homelab/TODO.md

Homelab TODO List

Network & Security

• DuckDNS dynamic DNS setup (completed - ak-homelab.duckdns.org)
• SSH security hardening (documented in network-security.md)
  • Figure out why laptop IP changes: Different eth ports have different MAC?
• Router port forwarding configuration
• !!! Modify syncthing to sync the NAS folders where appropriate (e.g. Logseq)
• !!! IMPORTANT: Run setup scripts made by security reviewer agent
  • Ran out of AI quota mid-security review so continue where we left off. Some scripts created but it's not complete yet
  • Some logs saved to ~/audit
• ENCRYPTED FOLDER idea:
  • Use tomb to create an encrypted vault e.g. /mnt/nas/nas_encrypted
  • Have a local folder that's empty e.g. /nas_plain
  • Use tomb to unlock and mount /mnt/nas/nas_encrypted to /nas_plain
  • Jellyfin is set up to look at nas_plain
  • When locked: Jellyfin sees empty folder
  • When unlocked: Jellyfin has access
  • TO TEST: What about preview pictures etc. within Jellyfin? Adult content may still be visible
• WireGuard VPN server configuration
• UFW firewall setup and rules
• fail2ban for intrusion prevention
• Security enhancement for VNC connections (in the meantime: only run the vnc service for short time while we are using it)

Git & Development

• Gitea Docker container setup (completed - running on port 3000)
• Nginx reverse proxy setup (completed)
• Create homelab landing page at /var/www/homelab/index.html
• Configure router port forwarding for Nginx (completed - external access working)
  • Port 80 → 192.168.0.100:80 (HTTP)
  • Port 443 → 192.168.0.100:443 (HTTPS)
  • Remove port 3000 direct forwarding (will go through nginx)
  • Keep port 2223 → 192.168.0.100:2223 (Git SSH operations)
• Test external access: https://ak-homelab.duckdns.org/ (working - HTTPS with SSL)
• Set up SSL certificates: sudo certbot --nginx -d ak-homelab.duckdns.org (completed - auto-renewal enabled)
• Initial Gitea configuration via web interface (http://ak-homelab.duckdns.org/gitea/) (completed)
  • Complete installation wizard with correct base URL
  • Create admin user account
  • Configure SSH access and repository settings
  • Migrate homelab repository to Gitea

System Configuration

• Arch Linux installation and basic setup (completed)
• TTY configuration with ter-124b font (completed)
• Caps lock → backspace mapping in TTY (completed)
• Dotfiles management with yadm (completed)
• Temperature monitoring in tmux (completed)
• Zsh history sharing between sessions (completed)
• Fix TTY colors for better code readability
• Configure automatic system backups

Desktop & Applications

Lower priority - mostly using SSH or TTY anyways

• Add windows-like bottom panel icons
• Install additional browsers as backup
• Add dmenu run shortcut
• Later: Test awesomewm once again, consider migration
• Install Deskflow for multi-device setup

Data organization

• Mount and configure /data drive
• Copy backups from USB drives * Not sure if necessary, some files may already be on the PC * [ ] First: Do a bit of "duplication check" across various devices and USBs, make a plan of what to store where
• Copy any media files from other devices

Music Collection Management

• Extract playlists from YouTube Music and SoundCloud
  • Store metadata (author, song title) in plaintext format
  • Tools to consider: ytmusicapi (YouTube Music), scdl (SoundCloud), Google Takeout
  • Output formats: CSV, JSON, M3U with metadata, plain text lists
• Obtain music files for self-hosted collection
  • Legal sources: Bandcamp (FLAC), Beatport, 7digital, HDtracks, artist websites
  • Physical media: CD ripping, vinyl digitization, cassette conversion
  • Streaming downloads: Tidal, Qobuz, Amazon Music, iTunes Store
  • Organization tools: MusicBrainz Picard (tagging), beets (library management)

Services & Self-Hosting

• Install and configure Gitea for Git hosting (completed - external access working)
• Set up file server with Copyparty (completed - uploads/downloads working)
  • User authentication and access control
  • Multiple volume shares (shared, documents, music, videos, private)
  • Systemd service for auto-start
  • Nginx reverse proxy integration
• Configure Jellyfin media server (completed - running on port 8096)
  • Docker container setup with hardware acceleration
  • Nginx reverse proxy integration at /media/ path
  • Shared media folders with Copyparty (Music, Videos, shared)
• Set up self-hosted chat server (Matrix or Mattermost)
• Install monitoring and management tools (in progress)
  • Portainer (Docker management with built-in auth)
  • Glances (system monitoring with nginx basic auth)
  • Cockpit (system administration with PAM auth)
  • lazydocker (terminal Docker management)
• Configure nginx basic auth for Glances endpoint
• Update nginx reverse proxy config for new admin services
• Update homelab landing page with new admin service links
• Set up Nextcloud for advanced file synchronization features
  • Copyparty covers basic file sharing needs
• Set up reverse proxy with SSL certificates (completed - HTTPS working with auto-renewal)
• Make sure all services are dockerized unless we have a good reason not to
  • Gitea: ✅ Docker
  • Jellyfin: ✅ Docker
  • Copyparty: ❌ systemd service (consider dockerizing)
  • Nginx: ❌ system package (fine as-is for reverse proxy)
  • Portainer: ✅ Docker
  • Glances: ❌ system package (web server mode)
  • Cockpit: ❌ system package (system integration required)

Hardware & Troubleshooting

• Fix bluetooth audio connectivity issues
• Investigate tmux battery indicator missing until config reload
• Figure out drag and drop window tiling solution -> workaround with keyboard shortcuts
• Install multimedia codecs and applications

Security & Maintenance

• Configure automatic security updates
• Set up system monitoring and alerting
• Implement backup strategy for services
• Regular security audit and updates
• Document recovery procedures