No description
4adaa8e8be
This commit adds extensive documentation covering all aspects of homelab setup,
configuration, and troubleshooting.
## Documentation Structure
### Main Documentation
- **docs/README.md**: Documentation hub with table of contents
- **docs/getting-started.md**: Complete setup guide from scratch
- **docs/quick-reference.md**: Fast reference for common tasks and commands
### Configuration Guides (docs/guides/)
- **secrets-management.md**: Environment variables and secrets configuration
- How to generate secure secrets
- Service-specific configuration
- Automated secret generation scripts
- Security best practices
- Common mistakes to avoid
- **gpu-setup.md**: NVIDIA GTX 1070 GPU acceleration setup
- Specific to Proxmox 9 on Debian 13
- Complete passthrough configuration
- Jellyfin hardware transcoding setup
- Immich ML inference acceleration
- Performance tuning and benchmarks
- Troubleshooting GPU issues
### Troubleshooting (docs/troubleshooting/)
- **faq.md**: Frequently asked questions (60+ Q&A)
- General questions about the homelab
- Setup and configuration questions
- SSL/TLS and SSO questions
- Service-specific questions
- Security and backup questions
- Performance optimization
- **common-issues.md**: Common problems and solutions
- Service startup failures
- SSL certificate errors
- SSO authentication issues
- Access problems
- Performance issues
- Database errors
- Network issues
- GPU problems
### Services (docs/services/)
- **README.md**: Complete service overview
- All 20 services with descriptions
- Use cases for each service
- Resource requirements
- Deployment checklists
- Service dependencies
- Minimum viable setups
## Key Features
### Environment-Specific
All GPU documentation is specific to:
- **Platform**: Proxmox 9 (PVE)
- **OS**: Debian 13
- **GPU**: NVIDIA GTX 1070 (Pascal)
- Includes Proxmox-specific GPU passthrough
- VM guest setup on Debian 13
- NVIDIA Container Toolkit configuration
### Comprehensive Coverage
- 60+ FAQs answered
- 50+ common issues documented
- 100+ command examples
- Step-by-step procedures
- Troubleshooting decision trees
- Quick reference tables
### Practical Examples
- Actual command outputs
- Real-world scenarios
- Copy-paste ready commands
- Configuration file examples
- Debugging procedures
## Documentation Highlights
### Getting Started Guide
- Prerequisites checklist
- Docker installation
- Media directory setup
- DNS configuration
- Environment variable setup
- Service deployment order
- Initial service configuration
- Verification procedures
### Secrets Management
- Secret type identification
- Generation commands for each type
- Service-specific requirements
- Automated generation script
- Password manager integration
- Backup procedures
- Security best practices
- Common mistakes
### GPU Setup (Proxmox/Debian/GTX 1070)
- IOMMU enablement
- VFIO configuration
- PCI passthrough to VM
- NVIDIA driver installation on Debian 13
- Container toolkit setup
- Jellyfin NVENC configuration
- Immich CUDA acceleration
- Performance benchmarks
- NVENC stream limit unlock
- Monitoring and tuning
### Quick Reference
- All service URLs
- Common Docker Compose commands
- System check commands
- Secret generation commands
- Troubleshooting steps
- File locations
- Port reference
- Emergency procedures
### FAQ
Covers questions about:
- Hardware requirements
- Domain requirements
- Cost estimates
- Setup procedures
- Configuration details
- SSL certificates
- SSO authentication
- Service-specific issues
- Backup strategies
- Performance optimization
- Security considerations
### Common Issues
Solutions for:
- Container startup failures
- Environment variable errors
- Port conflicts
- Permission issues
- SSL certificate problems
- DNS issues
- SSO login failures
- Database connections
- Network connectivity
- GPU detection
- Resource constraints
### Services Overview
- Detailed description of all 20 services
- Use cases and features
- Required vs optional services
- Resource requirements by tier
- Service dependencies diagram
- Deployment checklists
- "When to use" guidance
## File Structure
```
docs/
├── README.md # Documentation hub
├── getting-started.md # Setup walkthrough
├── quick-reference.md # Command reference
├── guides/
│ ├── secrets-management.md # Secrets configuration
│ └── gpu-setup.md # GPU acceleration (GTX 1070)
├── troubleshooting/
│ ├── faq.md # 60+ FAQs
│ └── common-issues.md # Problem solving
└── services/
└── README.md # Service overview
```
## Benefits
### For New Users
- Clear setup path from zero to running services
- Explains "why" not just "how"
- Common pitfalls documented and avoided
- Example configurations provided
### For Experienced Users
- Quick reference for commands
- Troubleshooting decision trees
- Performance tuning guides
- Advanced configurations
### For Maintenance
- Update procedures
- Backup and restore
- Monitoring guidelines
- Security hardening
## Documentation Standards
- Clear, concise writing
- Code blocks with syntax highlighting
- Examples with expected output
- Warning and tip callouts
- Cross-references between docs
- Tested commands and procedures
## Next Steps
Users should:
1. Start with getting-started.md
2. Configure secrets using secrets-management.md
3. Enable GPU if available (gpu-setup.md)
4. Use quick-reference.md for daily operations
5. Refer to faq.md and common-issues.md when stuck
---
**This documentation makes the homelab accessible to users of all skill levels!**
|
||
|---|---|---|
| .github | ||
| compose | ||
| docs | ||
| templates/service-template | ||
| terraform | ||
| .markdown-link-check.json | ||
| .markdownlint.json | ||
| .pre-commit-config.yaml | ||
| .yamllint.yml | ||
| CONTRIBUTING.md | ||
| PR_REVIEW.md | ||
| README.md | ||
| SECURITY.md | ||
Homelab GitOps Configuration
This repository contains Docker Compose configurations for self-hosted home services.
🏗️ Infrastructure
Core Services (Port 80/443)
- Traefik - Reverse proxy with automatic Let's Encrypt SSL
- LLDAP - Lightweight LDAP server for user management
- Admin:
edfig(admin@edfig.dev) - Web UI: https://lldap.fig.systems
- Admin:
- Tinyauth - SSO authentication via Traefik forward auth
- Connected to LLDAP for user authentication
- Web UI: https://auth.fig.systems
📁 Directory Structure
compose/
├── core/ # Infrastructure services
│ ├── traefik/ # Reverse proxy & SSL
│ ├── lldap/ # LDAP user directory
│ └── tinyauth/ # SSO authentication
├── media/ # Media services
│ ├── frontend/ # Media frontends
│ │ ├── jellyfin/ # Media server (flix.fig.systems)
│ │ ├── jellyseer/ # Request management (requests.fig.systems)
│ │ └── immich/ # Photo management (photos.fig.systems)
│ └── automation/ # Media automation
│ ├── sonarr/ # TV show management
│ ├── radarr/ # Movie management
│ ├── sabnzbd/ # Usenet downloader
│ └── qbittorrent/# Torrent client
└── services/ # Utility services
├── homarr/ # Dashboard (home.fig.systems)
├── backrest/ # Backup manager (backup.fig.systems)
├── linkwarden/ # Bookmark manager (links.fig.systems)
├── vikunja/ # Task management (tasks.fig.systems)
├── lubelogger/ # Vehicle tracker (garage.fig.systems)
├── calibre-web/ # Ebook library (books.fig.systems)
├── booklore/ # Book tracking (booklore.fig.systems)
├── FreshRSS/ # RSS reader (rss.fig.systems)
├── rsshub/ # RSS feed generator (rsshub.fig.systems)
├── microbin/ # Pastebin (paste.fig.systems)
└── filebrowser/ # File manager (files.fig.systems)
🌐 Domains
All services are accessible via:
- Primary:
*.fig.systems - Secondary:
*.edfig.dev
Service URLs
| Service | URL | SSO Protected |
|---|---|---|
| Traefik Dashboard | traefik.fig.systems | ✅ |
| LLDAP | lldap.fig.systems | ✅ |
| Tinyauth | auth.fig.systems | ❌ |
| Homarr | home.fig.systems | ✅ |
| Backrest | backup.fig.systems | ✅ |
| Jellyfin | flix.fig.systems | ❌* |
| Jellyseerr | requests.fig.systems | ✅ |
| Immich | photos.fig.systems | ❌* |
| Sonarr | sonarr.fig.systems | ✅ |
| Radarr | radarr.fig.systems | ✅ |
| SABnzbd | sabnzbd.fig.systems | ✅ |
| qBittorrent | qbt.fig.systems | ✅ |
| Linkwarden | links.fig.systems | ✅ |
| Vikunja | tasks.fig.systems | ✅ |
| LubeLogger | garage.fig.systems | ✅ |
| Calibre-web | books.fig.systems | ✅ |
| Booklore | booklore.fig.systems | ✅ |
| FreshRSS | rss.fig.systems | ✅ |
| RSSHub | rsshub.fig.systems | ❌* |
| MicroBin | paste.fig.systems | ❌* |
| File Browser | files.fig.systems | ✅ |
Services marked with ❌ have their own authentication systems
📦 Media Folder Structure
The VM should have /media mounted at the root with this structure:
/media/
├── audiobooks/
├── books/
├── comics/
├── complete/ # Completed downloads
├── downloads/ # Active downloads
├── homemovies/
├── incomplete/ # Incomplete downloads
├── movies/
├── music/
├── photos/
└── tv/
🚀 Deployment
Prerequisites
- DNS Configuration: Point
*.fig.systemsand*.edfig.devto your server IP - Media Folders: Ensure
/mediais mounted with the folder structure above - Docker Network: Create the homelab network
docker network create homelab
Deployment Order
- Core Infrastructure (must be first):
cd compose/core/traefik && docker compose up -d
cd compose/core/lldap && docker compose up -d
cd compose/core/tinyauth && docker compose up -d
-
Configure LLDAP:
- Visit https://lldap.fig.systems
- Login with admin credentials from
.env - Create an observer user for tinyauth
- Add regular users for authentication
-
Update Passwords:
- Update
LLDAP_LDAP_USER_PASSincore/lldap/.env - Update
LDAP_BIND_PASSWORDincore/tinyauth/.envto match - Update
SESSION_SECRETincore/tinyauth/.env - Update database passwords in service
.envfiles
- Update
-
Deploy Services:
# Media frontend
cd compose/media/frontend/jellyfin && docker compose up -d
cd compose/media/frontend/jellyseer && docker compose up -d
cd compose/media/frontend/immich && docker compose up -d
# Media automation
cd compose/media/automation/sonarr && docker compose up -d
cd compose/media/automation/radarr && docker compose up -d
cd compose/media/automation/sabnzbd && docker compose up -d
cd compose/media/automation/qbittorrent && docker compose up -d
# Utility services
cd compose/services/linkwarden && docker compose up -d
cd compose/services/vikunja && docker compose up -d
cd compose/services/homarr && docker compose up -d
cd compose/services/backrest && docker compose up -d
cd compose/services/lubelogger && docker compose up -d
cd compose/services/calibre-web && docker compose up -d
cd compose/services/booklore && docker compose up -d
cd compose/services/FreshRSS && docker compose up -d
cd compose/services/rsshub && docker compose up -d
cd compose/services/microbin && docker compose up -d
cd compose/services/filebrowser && docker compose up -d
🔐 Security Considerations
- Change Default Passwords: All
.envfiles contain placeholder passwords marked withchangeme_* - LLDAP Observer User: Create a readonly user in LLDAP for tinyauth to bind
- SSL Certificates: Traefik automatically obtains Let's Encrypt certificates
- Network Isolation: Services use internal networks for database/cache communication
- SSO: Most services are protected by tinyauth forward authentication
📝 Configuration Files
Each service has its own .env file where applicable. Key files to review:
core/lldap/.env- LDAP configuration and admin credentialscore/tinyauth/.env- LDAP connection and session settingsmedia/frontend/immich/.env- Photo management configurationservices/linkwarden/.env- Bookmark manager settingsservices/microbin/.env- Pastebin configuration
🔧 Maintenance
Viewing Logs
cd compose/[category]/[service]
docker compose logs -f
Updating Services
cd compose/[category]/[service]
docker compose pull
docker compose up -d
Backing Up Data
Important data locations:
- LLDAP:
compose/core/lldap/data/ - Service configs:
compose/*/*/config/ - Databases:
compose/*/*/db/orcompose/*/*/pgdata/ - Media:
/media/(handle separately)
🐛 Troubleshooting
Service won't start
- Check logs:
docker compose logs - Verify network exists:
docker network ls | grep homelab - Check port conflicts:
docker ps -a
SSL certificate issues
- Verify DNS points to your server
- Check Traefik logs:
cd compose/core/traefik && docker compose logs - Ensure ports 80 and 443 are open
SSO not working
- Verify tinyauth is running:
docker ps | grep tinyauth - Check LLDAP connection in tinyauth logs
- Verify LDAP bind credentials match in both services
📄 License
This is a personal homelab configuration. Use at your own risk.
🤝 Contributing
This is a personal repository, but feel free to use it as a reference for your own homelab!