eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
No description
20 commits 1 branch 0 tags 397 KiB
HTML 58.5%
Shell 41.5%
Find a file
Claude 953a9d52af
feat: Add Caddy static sites and implement domain strategy 
Domain Strategy:
- fig.systems: Homelab services only (removed edfig.dev fallback from all services)
- edfig.dev: Professional/public sites (personal site, blog)
- figgy.foo: Experimental/private content (SSO protected)

Removed edfig.dev Fallbacks:
- Updated 22 compose files to remove || Host(...edfig.dev) pattern
- All homelab services now use fig.systems only
- Traefik email remains admin@edfig.dev

Added Caddy Static Sites Service:
- compose/services/static-sites/ with Caddy 2
- Serves three domains with different configurations:
  * edfig.dev (personal/professional) - Public, no SSO
  * blog.edfig.dev (blog) - Public, Markdown rendering, templates
  * figgy.foo (experimental) - SSO protected, directory browsing
- Example sites with modern, responsive designs
- Comprehensive README with usage examples
- Auto-reload on config changes (no restarts needed)

Features:
- Markdown rendering (write .md, serves as HTML)
- Go templates for dynamic content
- Directory browsing (figgy.foo)
- Automatic gzip compression
- Static asset caching
- Zero-downtime config reloads

Updated Documentation:
- README.md: Added domain strategy section, static sites in directory structure
- README.md: Added static sites to service URLs table
- README.md: Updated deployment instructions
2025-11-10 12:11:03 +00:00
.github fix: Resolve Traefik network and labeler configuration errors 2025-11-05 21:25:45 +00:00
compose feat: Add Caddy static sites and implement domain strategy 2025-11-10 12:11:03 +00:00
docs docs: Add architecture docs and fix compose files for integration 2025-11-10 11:32:13 +00:00
templates/service-template feat: Add service template, backup solution, dashboard, and IaC tooling 2025-11-05 21:54:30 +00:00
terraform feat: Add service template, backup solution, dashboard, and IaC tooling 2025-11-05 21:54:30 +00:00
.markdown-link-check.json feat: Add comprehensive GitHub Actions CI/CD pipeline 2025-11-05 20:09:33 +00:00
.markdownlint.json feat: Add comprehensive GitHub Actions CI/CD pipeline 2025-11-05 20:09:33 +00:00
.pre-commit-config.yaml feat: Add comprehensive GitHub Actions CI/CD pipeline 2025-11-05 20:09:33 +00:00
.yamllint.yml feat: Add comprehensive GitHub Actions CI/CD pipeline 2025-11-05 20:09:33 +00:00
CONTRIBUTING.md feat: Add comprehensive GitHub Actions CI/CD pipeline 2025-11-05 20:09:33 +00:00
PR_REVIEW.md docs: Add comprehensive PR review documentation 2025-11-05 21:08:33 +00:00
README.md feat: Add Caddy static sites and implement domain strategy 2025-11-10 12:11:03 +00:00
SECURITY.md feat: Add comprehensive GitHub Actions CI/CD pipeline 2025-11-05 20:09:33 +00:00

README.md

Homelab GitOps Configuration

This repository contains Docker Compose configurations for self-hosted home services.

💻 Hardware Specifications

  • Host: Proxmox VE 9 (Debian 13)

    • CPU: AMD Ryzen 5 7600X (6 cores, 12 threads, up to 5.3 GHz)
    • GPU: NVIDIA GeForce GTX 1070 (8GB VRAM)
    • RAM: 32GB DDR5

  • VM: AlmaLinux 9.6 (RHEL 9 compatible)

    • CPU: 8 vCPUs
    • RAM: 24GB
    • Storage: 500GB+ (expandable)
    • GPU: GTX 1070 (PCIe passthrough)

Documentation:

🏗️ Infrastructure

Core Services (Port 80/443)

📁 Directory Structure

compose/
├── core/           # Infrastructure services
│   ├── traefik/    # Reverse proxy & SSL
│   ├── lldap/      # LDAP user directory
│   └── tinyauth/   # SSO authentication
├── media/          # Media services
│   ├── frontend/   # Media frontends
│   │   ├── jellyfin/   # Media server (flix.fig.systems)
│   │   ├── jellyseer/  # Request management (requests.fig.systems)
│   │   └── immich/     # Photo management (photos.fig.systems)
│   └── automation/ # Media automation
│       ├── sonarr/     # TV show management
│       ├── radarr/     # Movie management
│       ├── sabnzbd/    # Usenet downloader
│       ├── qbittorrent/# Torrent client
│       ├── recyclarr/  # TRaSH Guides sync
│       └── profilarr/  # Profile manager (profilarr.fig.systems)
├── monitoring/      # Monitoring & logging
│   ├── logging/     # Centralized logging stack
│   │   ├── loki/        # Log aggregation (loki.fig.systems)
│   │   ├── promtail/    # Log collection agent
│   │   └── grafana/     # Log visualization (logs.fig.systems)
│   └── uptime/      # Uptime monitoring
│       └── uptime-kuma/ # Status & uptime monitoring (status.fig.systems)
└── services/       # Utility services
    ├── homarr/         # Dashboard (home.fig.systems)
    ├── backrest/       # Backup manager (backup.fig.systems)
    ├── static-sites/   # Static websites (Caddy)
    ├── karakeep/       # Bookmark manager with AI (links.fig.systems)
    ├── ollama/         # Local LLM server (ollama.fig.systems)
    ├── vikunja/        # Task management (tasks.fig.systems)
    ├── lubelogger/     # Vehicle tracker (garage.fig.systems)
    ├── calibre-web/    # Ebook library (books.fig.systems)
    ├── booklore/       # Book tracking (booklore.fig.systems)
    ├── FreshRSS/       # RSS reader (rss.fig.systems)
    ├── rsshub/         # RSS feed generator (rsshub.fig.systems)
    ├── microbin/       # Pastebin (paste.fig.systems)
    └── filebrowser/    # File manager (files.fig.systems)

🌐 Domains

Three domains are used with different purposes:

fig.systems (Homelab Services)

Primary domain for all self-hosted homelab services:

  • *.fig.systems - All services listed below

edfig.dev (Professional/Public)

Professional and public-facing sites:

  • edfig.dev / www.edfig.dev - Personal website/portfolio
  • blog.edfig.dev - Technical blog

figgy.foo (Experimental/Private)

Testing and experimental services:

  • figgy.foo - Experimental lab (SSO protected)
  • *.figgy.foo - Test instances of services

Service URLs

Service URL SSO Protected
Traefik Dashboard traefik.fig.systems
LLDAP lldap.fig.systems
Tinyauth auth.fig.systems
Static Sites
Personal Site edfig.dev
Blog blog.edfig.dev
Experimental Lab figgy.foo
Monitoring
Grafana (Logs) logs.fig.systems *
Loki (API) loki.fig.systems
Uptime Kuma (Status) status.fig.systems *
Dashboard & Management
Homarr home.fig.systems
Backrest backup.fig.systems
Jellyfin flix.fig.systems *
Jellyseerr requests.fig.systems
Immich photos.fig.systems *
Sonarr sonarr.fig.systems
Radarr radarr.fig.systems
SABnzbd sabnzbd.fig.systems
qBittorrent qbt.fig.systems
Profilarr profilarr.fig.systems
Karakeep links.fig.systems
Ollama (API) ollama.fig.systems
Vikunja tasks.fig.systems
LubeLogger garage.fig.systems
Calibre-web books.fig.systems
Booklore booklore.fig.systems
FreshRSS rss.fig.systems
RSSHub rsshub.fig.systems *
MicroBin paste.fig.systems *
File Browser files.fig.systems

Services marked with have their own authentication systems

📦 Media Folder Structure

The VM should have /media mounted at the root with this structure:

/media/
├── audiobooks/
├── books/
├── comics/
├── complete/      # Completed downloads
├── downloads/     # Active downloads
├── homemovies/
├── incomplete/    # Incomplete downloads
├── movies/
├── music/
├── photos/
└── tv/

🚀 Deployment

Prerequisites

  1. DNS Configuration: Point *.fig.systems and *.edfig.dev to your server IP
  2. Media Folders: Ensure /media is mounted with the folder structure above
  3. Docker Network: Create the homelab network
docker network create homelab

Deployment Order

  1. Core Infrastructure (must be first):
cd compose/core/traefik && docker compose up -d
cd compose/core/lldap && docker compose up -d
cd compose/core/tinyauth && docker compose up -d

  1. Configure LLDAP:

    • Visit https://lldap.fig.systems
    • Login with admin credentials from .env
    • Create an observer user for tinyauth
    • Add regular users for authentication

  2. Update Passwords:

    • Update LLDAP_LDAP_USER_PASS in core/lldap/.env
    • Update LDAP_BIND_PASSWORD in core/tinyauth/.env to match
    • Update SESSION_SECRET in core/tinyauth/.env
    • Update database passwords in service .env files

  3. Deploy Services:

# Media frontend
cd compose/media/frontend/jellyfin && docker compose up -d
cd compose/media/frontend/jellyseer && docker compose up -d
cd compose/media/frontend/immich && docker compose up -d

# Media automation
cd compose/media/automation/sonarr && docker compose up -d
cd compose/media/automation/radarr && docker compose up -d
cd compose/media/automation/sabnzbd && docker compose up -d
cd compose/media/automation/qbittorrent && docker compose up -d

# Quality management (optional but recommended)
cd compose/media/automation/recyclarr && docker compose up -d
cd compose/media/automation/profilarr && docker compose up -d

# Utility services
cd compose/services/static-sites && docker compose up -d  # Static websites (edfig.dev, blog, figgy.foo)
cd compose/services/karakeep && docker compose up -d
cd compose/services/ollama && docker compose up -d
cd compose/services/vikunja && docker compose up -d
cd compose/services/homarr && docker compose up -d
cd compose/services/backrest && docker compose up -d

# Monitoring (optional but recommended)
cd compose/monitoring/logging && docker compose up -d
cd compose/monitoring/uptime && docker compose up -d
cd compose/services/lubelogger && docker compose up -d
cd compose/services/calibre-web && docker compose up -d
cd compose/services/booklore && docker compose up -d
cd compose/services/FreshRSS && docker compose up -d
cd compose/services/rsshub && docker compose up -d
cd compose/services/microbin && docker compose up -d
cd compose/services/filebrowser && docker compose up -d

🔐 Security Considerations

  1. Change Default Passwords: All .env files contain placeholder passwords marked with changeme_*
  2. LLDAP Observer User: Create a readonly user in LLDAP for tinyauth to bind
  3. SSL Certificates: Traefik automatically obtains Let's Encrypt certificates
  4. Network Isolation: Services use internal networks for database/cache communication
  5. SSO: Most services are protected by tinyauth forward authentication

📝 Configuration Files

Each service has its own .env file where applicable. Key files to review:

  • core/lldap/.env - LDAP configuration and admin credentials
  • core/tinyauth/.env - LDAP connection and session settings
  • media/frontend/immich/.env - Photo management configuration
  • services/karakeep/.env - AI-powered bookmark manager
  • services/ollama/.env - Local LLM configuration
  • services/microbin/.env - Pastebin configuration

Example Configuration Files: Several services include .example config files for reference:

  • media/automation/sonarr/config.xml.example
  • media/automation/radarr/config.xml.example
  • media/automation/sabnzbd/sabnzbd.ini.example
  • media/automation/qbittorrent/qBittorrent.conf.example
  • services/vikunja/config.yml.example
  • services/FreshRSS/config.php.example

Copy these to the appropriate location (usually ./config/) and customize as needed.

🔧 Maintenance

Viewing Logs

cd compose/[category]/[service]
docker compose logs -f

Updating Services

cd compose/[category]/[service]
docker compose pull
docker compose up -d

Backing Up Data

Important data locations:

  • LLDAP: compose/core/lldap/data/
  • Service configs: compose/*/*/config/
  • Databases: compose/*/*/db/ or compose/*/*/pgdata/
  • Media: /media/ (handle separately)

🐛 Troubleshooting

Service won't start

  1. Check logs: docker compose logs
  2. Verify network exists: docker network ls | grep homelab
  3. Check port conflicts: docker ps -a

SSL certificate issues

  1. Verify DNS points to your server
  2. Check Traefik logs: cd compose/core/traefik && docker compose logs
  3. Ensure ports 80 and 443 are open

SSO not working

  1. Verify tinyauth is running: docker ps | grep tinyauth
  2. Check LLDAP connection in tinyauth logs
  3. Verify LDAP bind credentials match in both services

GPU not detected

  1. Check GPU passthrough: lspci | grep -i nvidia
  2. Verify drivers: nvidia-smi
  3. Test in container: docker exec ollama nvidia-smi
  4. See AlmaLinux VM Setup for GPU configuration

📊 Monitoring & Logging

Centralized Logging (Loki + Promtail + Grafana)

All container logs are automatically collected and stored in Loki:

Access Grafana: https://logs.fig.systems

Query examples:

# View logs for specific service
{container="sonarr"}

# Filter by log level
{container="radarr"} |= "ERROR"

# Multiple services
{container=~"sonarr|radarr"}

# Search with JSON parsing
{container="karakeep"} |= "ollama" | json

Retention: 30 days (configurable in compose/monitoring/logging/loki-config.yaml)

Uptime Monitoring (Uptime Kuma)

Monitor service availability and performance:

Access Uptime Kuma: https://status.fig.systems

Features:

  • HTTP(s) monitoring for all web services
  • Docker container health checks
  • SSL certificate expiration alerts
  • Public/private status pages
  • 90+ notification integrations (Discord, Slack, Email, etc.)

Service Integration

How services integrate:

Traefik (Reverse Proxy)
  ├─→ All services (SSL + routing)
  └─→ Let's Encrypt (certificates)

Tinyauth (SSO)
  ├─→ LLDAP (user authentication)
  └─→ Protected services (authorization)

Promtail (Log Collection)
  ├─→ Docker socket (all containers)
  └─→ Loki (log storage)

Loki (Log Storage)
  └─→ Grafana (visualization)

Karakeep (Bookmarks)
  ├─→ Ollama (AI tagging)
  ├─→ Meilisearch (search)
  └─→ Chrome (web archiving)

Sonarr/Radarr (Media Automation)
  ├─→ SABnzbd/qBittorrent (downloads)
  ├─→ Jellyfin (media library)
  └─→ Recyclarr/Profilarr (quality management)

See Architecture Guide for complete integration details.

📄 License

This is a personal homelab configuration. Use at your own risk.

🤝 Contributing

This is a personal repository, but feel free to use it as a reference for your own homelab!