hoborg/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f7b5d26eab171ed3627ecb6881e5a072de544c71
homelab/services.md

5.9 KiB
Raw Blame History

Services & Applications

Planning and configuration for self-hosted services and applications.

Git Repository Hosting

Service Options

  • Gitea: Lightweight, Go-based, minimal resource usage Recommended
  • Forgejo: Gitea fork, community-driven development
  • GitLab CE: Feature-rich but more resource intensive
  • Gogs: Simple, lightweight alternative

Gitea Installation

# Create gitea user
sudo useradd -r -s /bin/false -d /var/lib/gitea gitea

# Download and install
wget https://dl.gitea.io/gitea/latest/gitea-linux-amd64
sudo mv gitea-linux-amd64 /usr/local/bin/gitea
sudo chmod +x /usr/local/bin/gitea

# Create directories
sudo mkdir -p /var/lib/gitea/{custom,data,log}
sudo chown -R gitea:gitea /var/lib/gitea/
sudo chmod -R 750 /var/lib/gitea/

Configuration

  • Database: SQLite for simplicity, PostgreSQL for production
  • Port: 3000 (internal), reverse proxy for HTTPS
  • SSH: Port 2222 for git operations
  • Features: Web interface, issue tracking, organizations

Cloud Storage Solutions

Service Options

  • Copyparty: Quite new self-hosted file storage solution, must investigate!
  • Nextcloud: Full-featured, extensive app ecosystem Recommended
  • ownCloud: Original project, stable and mature
  • Seafile: Performance-focused file sync
  • Syncthing: Decentralized sync (no server needed)

Nextcloud Installation

# Via snap (recommended)
sudo snap install nextcloud

# Or via Docker
docker run -d \
  --name nextcloud \
  -p 8080:80 \
  -v nextcloud_data:/var/www/html \
  nextcloud

Personal notes: Not a fan of snap, isn't there an AUR package? Go with docker otherwise

Features

  • File synchronization across devices
  • Video files, game installers -> high prio
  • Self-hosted git mirrors of favorite FOSS projects -> medium prio
  • Calendar and contacts (CalDAV/CardDAV) -> low prio
  • Document editing (OnlyOffice/Collabora) -> low prio
  • Photo management and sharing -> low prio
  • Mobile apps available?

Media Management

Jellyfin Media Server

# Install via AUR
yay -S jellyfin-server jellyfin-web

# Enable service
sudo systemctl enable jellyfin
sudo systemctl start jellyfin

Configuration:

  • Port: 8096 (web interface)
  • Media paths: /data/movies, /data/tv, /data/music
  • Transcoding: Hardware acceleration if available

Photo Management

  • PhotoPrism: AI-powered photo management
  • Immich: Modern photo backup solution
  • LibrePhotos: Privacy-focused alternative

Monitoring & Logging

System Monitoring

# Prometheus + Grafana stack
docker-compose up -d prometheus grafana node-exporter

Log Management

  • Centralized logging: rsyslog or journald
  • Log rotation: logrotate configuration
  • Analysis: grep, awk, or ELK stack for advanced needs

Health Checks

  • Uptime monitoring: Simple HTTP checks
  • Service status: systemd service monitoring
  • Disk space: Automated alerts for low space

Containerization Strategy

Docker Setup

# Install Docker
pacman -S docker docker-compose
sudo systemctl enable docker

# Add user to docker group
sudo usermod -aG docker hoborg

Container Management

  • Orchestration: Docker Compose for multi-service apps
  • Storage: Named volumes for persistent data
  • Networking: Custom networks for service isolation
  • Updates: Watchtower for automated updates

Reverse Proxy Configuration

Nginx Setup

# Install nginx
pacman -S nginx certbot certbot-nginx

# Basic configuration
server {
    server_name ak-homelab.duckdns.org;

    location /gitea/ {
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location /nextcloud/ {
        proxy_pass http://localhost:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

SSL Certificates

# Let's Encrypt via certbot
sudo certbot --nginx -d ak-homelab.duckdns.org

Backup Strategy

Configuration Backups

  • Service configs: Docker volumes, /etc configs
  • Database dumps: Regular automated backups
  • Storage: External drive or cloud backup

Automated Backups

#!/bin/bash
# backup-services.sh
DATE=$(date +%Y%m%d)

# Backup Gitea
tar -czf /backup/gitea-$DATE.tar.gz /var/lib/gitea/

# Backup Nextcloud data
rsync -av /var/snap/nextcloud/common/nextcloud/data/ /backup/nextcloud-$DATE/

# Database backup
sudo -u postgres pg_dump gitea > /backup/gitea-db-$DATE.sql

Resource Planning

Hardware Requirements

  • RAM: 4GB minimum, 8GB recommended
  • Storage:
    • System: 50GB SSD
    • Data: 1TB+ HDD for media/files
  • Network: Gigabit Ethernet preferred

Service Resource Usage

Service RAM CPU Storage Port
Gitea 200MB Low 5GB+ 3000
Nextcloud 512MB Medium 10GB+ 8080
Jellyfin 1GB High* Media 8096
Monitoring 500MB Low 2GB 3000/9090

*High during transcoding

Security Considerations

Service Hardening

  • Regular updates: Automated security patches
  • Access control: VPN-only access when possible
  • Authentication: Strong passwords, 2FA where available
  • Network isolation: Separate VLANs or containers

Data Protection

  • Encryption: Full disk encryption (LUKS)
  • Backups: Encrypted offsite backups
  • Access logs: Monitor service access patterns
  • Fail2ban: Automatic IP blocking for repeated failures

Future Expansion

Additional Services to Consider

  • Home Assistant: ABSOLUTELY NOT
  • Bitwarden/Vaultwarden: Password management
    • How is this better than keepassxc + filesync?
  • Pi-hole: Network-wide ad blocking
  • Wireguard UI: Web interface for VPN management
  • Bookstack: Documentation wiki
    • What is this for? How does it compare to Logseq?
  • FreshRSS: RSS feed aggregator