No description
9e23a54852
- Create .claude/skills/wiki-docs.md skill for managing Wiki.js documentation - Skill enables writing markdown files to /mnt/media/wikijs-content/ - Files automatically sync to Wiki.js via Git storage backend - Update AGENTS.md with Claude Code Skills section - Document wiki-docs skill usage and benefits - Add /mnt/media/wikijs-content/ to repository structure The wiki-docs skill allows AI agents to create version-controlled documentation that syncs to https://wiki.fig.systems automatically. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .claude/skills | ||
| .github | ||
| compose | ||
| templates/service-template | ||
| .gitignore | ||
| .markdown-link-check.json | ||
| .markdownlint.json | ||
| .pre-commit-config.yaml | ||
| .yamllint.yml | ||
| AGENTS.md | ||
| README.md | ||
Homelab GitOps Configuration
This repository contains Docker Compose configurations for self-hosted home services.
💻 Hardware Specifications
-
Host: Proxmox VE 9 (Debian 13)
- CPU: AMD Ryzen 5 7600X (6 cores, 12 threads, up to 5.3 GHz)
- GPU: NVIDIA GeForce GTX 1070 (8GB VRAM)
- RAM: 32GB DDR5
-
VM: AlmaLinux 9.6 (RHEL 9 compatible)
- CPU: 8 vCPUs
- RAM: 24GB
- Storage: 500GB+ (expandable)
- GPU: GTX 1070 (PCIe passthrough)
Documentation:
- Complete Architecture Guide - Integration, networking, logging, GPU setup
- AlmaLinux VM Setup - Full installation and configuration guide
🏗️ Infrastructure
Core Services (Port 80/443)
- Traefik - Reverse proxy with automatic Let's Encrypt SSL
- LLDAP - Lightweight LDAP server for user management
- Admin:
edfig(admin@edfig.dev) - Web UI: https://lldap.fig.systems
- Admin:
- Tinyauth - SSO authentication via Traefik forward auth
- Connected to LLDAP for user authentication
- Web UI: https://auth.fig.systems
📁 Directory Structure
compose/
├── core/ # Infrastructure services
│ ├── traefik/ # Reverse proxy & SSL
│ ├── lldap/ # LDAP user directory
│ └── tinyauth/ # SSO authentication
├── media/ # Media services
│ ├── frontend/ # Media frontends
│ │ ├── jellyfin/ # Media server (flix.fig.systems)
│ │ ├── jellyseer/ # Request management (requests.fig.systems)
│ │ └── immich/ # Photo management (photos.fig.systems)
│ └── automation/ # Media automation
│ ├── sonarr/ # TV show management
│ ├── radarr/ # Movie management
│ ├── sabnzbd/ # Usenet downloader
│ ├── qbittorrent/# Torrent client
│ ├── recyclarr/ # TRaSH Guides sync
│ └── profilarr/ # Profile manager (profilarr.fig.systems)
├── monitoring/ # Monitoring & logging
│ ├── logging/ # Centralized logging stack
│ │ ├── loki/ # Log aggregation (loki.fig.systems)
│ │ ├── promtail/ # Log collection agent
│ │ └── grafana/ # Log visualization (logs.fig.systems)
│ └── uptime/ # Uptime monitoring
│ └── uptime-kuma/ # Status & uptime monitoring (status.fig.systems)
└── services/ # Utility services
├── homarr/ # Dashboard (home.fig.systems)
├── backrest/ # Backup manager (backup.fig.systems)
├── static-sites/ # Static websites (Caddy)
├── karakeep/ # Bookmark manager with AI (links.fig.systems)
├── ollama/ # Local LLM server (ollama.fig.systems)
├── vikunja/ # Task management (tasks.fig.systems)
├── lubelogger/ # Vehicle tracker (garage.fig.systems)
├── calibre-web/ # Ebook library (books.fig.systems)
├── booklore/ # Book tracking (booklore.fig.systems)
├── FreshRSS/ # RSS reader (rss.fig.systems)
├── rsshub/ # RSS feed generator (rsshub.fig.systems)
├── microbin/ # Pastebin (paste.fig.systems)
└── filebrowser/ # File manager (files.fig.systems)
🌐 Domains
Three domains are used with different purposes:
fig.systems (Homelab Services)
Primary domain for all self-hosted homelab services:
*.fig.systems- All services listed below
edfig.dev (Professional/Public)
Professional and public-facing sites:
edfig.dev/www.edfig.dev- Personal website/portfolioblog.edfig.dev- Technical blog
figgy.foo (Experimental/Private)
Testing and experimental services:
figgy.foo- Experimental lab (SSO protected)*.figgy.foo- Test instances of services
Service URLs
| Service | URL | SSO Protected |
|---|---|---|
| Traefik Dashboard | traefik.fig.systems | ✅ |
| LLDAP | lldap.fig.systems | ✅ |
| Tinyauth | auth.fig.systems | ❌ |
| Static Sites | ||
| Personal Site | edfig.dev | ❌ |
| Blog | blog.edfig.dev | ❌ |
| Experimental Lab | figgy.foo | ✅ |
| Monitoring | ||
| Grafana (Logs) | logs.fig.systems | ❌* |
| Loki (API) | loki.fig.systems | ✅ |
| Uptime Kuma (Status) | status.fig.systems | ❌* |
| Dashboard & Management | ||
| Homarr | home.fig.systems | ✅ |
| Backrest | backup.fig.systems | ✅ |
| Jellyfin | flix.fig.systems | ❌* |
| Jellyseerr | requests.fig.systems | ✅ |
| Immich | photos.fig.systems | ❌* |
| Sonarr | sonarr.fig.systems | ✅ |
| Radarr | radarr.fig.systems | ✅ |
| SABnzbd | sabnzbd.fig.systems | ✅ |
| qBittorrent | qbt.fig.systems | ✅ |
| Profilarr | profilarr.fig.systems | ✅ |
| Karakeep | links.fig.systems | ✅ |
| Ollama (API) | ollama.fig.systems | ✅ |
| Vikunja | tasks.fig.systems | ✅ |
| LubeLogger | garage.fig.systems | ✅ |
| Calibre-web | books.fig.systems | ✅ |
| Booklore | booklore.fig.systems | ✅ |
| FreshRSS | rss.fig.systems | ✅ |
| RSSHub | rsshub.fig.systems | ❌* |
| MicroBin | paste.fig.systems | ❌* |
| File Browser | files.fig.systems | ✅ |
Services marked with ❌ have their own authentication systems
📦 Media Folder Structure
The VM should have /media mounted at the root with this structure:
/media/
├── audiobooks/
├── books/
├── comics/
├── complete/ # Completed downloads
├── downloads/ # Active downloads
├── homemovies/
├── incomplete/ # Incomplete downloads
├── movies/
├── music/
├── photos/
└── tv/
🚀 Deployment
Prerequisites
- DNS Configuration: Point
*.fig.systemsand*.edfig.devto your server IP - Media Folders: Ensure
/mediais mounted with the folder structure above - Docker Network: Create the homelab network
docker network create homelab
Deployment Order
- Core Infrastructure (must be first):
cd compose/core/traefik && docker compose up -d
cd compose/core/lldap && docker compose up -d
cd compose/core/tinyauth && docker compose up -d
-
Configure LLDAP:
- Visit https://lldap.fig.systems
- Login with admin credentials from
.env - Create an observer user for tinyauth
- Add regular users for authentication
-
Update Passwords:
- Update
LLDAP_LDAP_USER_PASSincore/lldap/.env - Update
LDAP_BIND_PASSWORDincore/tinyauth/.envto match - Update
SESSION_SECRETincore/tinyauth/.env - Update database passwords in service
.envfiles
- Update
-
Deploy Services:
# Media frontend
cd compose/media/frontend/jellyfin && docker compose up -d
cd compose/media/frontend/jellyseer && docker compose up -d
cd compose/media/frontend/immich && docker compose up -d
# Media automation
cd compose/media/automation/sonarr && docker compose up -d
cd compose/media/automation/radarr && docker compose up -d
cd compose/media/automation/sabnzbd && docker compose up -d
cd compose/media/automation/qbittorrent && docker compose up -d
# Quality management (optional but recommended)
cd compose/media/automation/recyclarr && docker compose up -d
cd compose/media/automation/profilarr && docker compose up -d
# Utility services
cd compose/services/static-sites && docker compose up -d # Static websites (edfig.dev, blog, figgy.foo)
cd compose/services/karakeep && docker compose up -d
cd compose/services/ollama && docker compose up -d
cd compose/services/vikunja && docker compose up -d
cd compose/services/homarr && docker compose up -d
cd compose/services/backrest && docker compose up -d
# Monitoring (optional but recommended)
cd compose/monitoring/logging && docker compose up -d
cd compose/monitoring/uptime && docker compose up -d
cd compose/services/lubelogger && docker compose up -d
cd compose/services/calibre-web && docker compose up -d
cd compose/services/booklore && docker compose up -d
cd compose/services/FreshRSS && docker compose up -d
cd compose/services/rsshub && docker compose up -d
cd compose/services/microbin && docker compose up -d
cd compose/services/filebrowser && docker compose up -d
🔐 Security Considerations
- Change Default Passwords: All
.envfiles contain placeholder passwords marked withchangeme_* - LLDAP Observer User: Create a readonly user in LLDAP for tinyauth to bind
- SSL Certificates: Traefik automatically obtains Let's Encrypt certificates
- Network Isolation: Services use internal networks for database/cache communication
- SSO: Most services are protected by tinyauth forward authentication
📝 Configuration Files
Each service has its own .env file where applicable. Key files to review:
core/lldap/.env- LDAP configuration and admin credentialscore/tinyauth/.env- LDAP connection and session settingsmedia/frontend/immich/.env- Photo management configurationservices/karakeep/.env- AI-powered bookmark managerservices/ollama/.env- Local LLM configurationservices/microbin/.env- Pastebin configuration
Example Configuration Files:
Several services include .example config files for reference:
media/automation/sonarr/config.xml.examplemedia/automation/radarr/config.xml.examplemedia/automation/sabnzbd/sabnzbd.ini.examplemedia/automation/qbittorrent/qBittorrent.conf.exampleservices/vikunja/config.yml.exampleservices/FreshRSS/config.php.example
Copy these to the appropriate location (usually ./config/) and customize as needed.
🔧 Maintenance
Viewing Logs
cd compose/[category]/[service]
docker compose logs -f
Updating Services
cd compose/[category]/[service]
docker compose pull
docker compose up -d
Backing Up Data
Important data locations:
- LLDAP:
compose/core/lldap/data/ - Service configs:
compose/*/*/config/ - Databases:
compose/*/*/db/orcompose/*/*/pgdata/ - Media:
/media/(handle separately)
🐛 Troubleshooting
Service won't start
- Check logs:
docker compose logs - Verify network exists:
docker network ls | grep homelab - Check port conflicts:
docker ps -a
SSL certificate issues
- Verify DNS points to your server
- Check Traefik logs:
cd compose/core/traefik && docker compose logs - Ensure ports 80 and 443 are open
SSO not working
- Verify tinyauth is running:
docker ps | grep tinyauth - Check LLDAP connection in tinyauth logs
- Verify LDAP bind credentials match in both services
GPU not detected
- Check GPU passthrough:
lspci | grep -i nvidia - Verify drivers:
nvidia-smi - Test in container:
docker exec ollama nvidia-smi - See AlmaLinux VM Setup for GPU configuration
📊 Monitoring & Logging
Centralized Logging (Loki + Promtail + Grafana)
All container logs are automatically collected and stored in Loki:
Access Grafana: https://logs.fig.systems
Query examples:
# View logs for specific service
{container="sonarr"}
# Filter by log level
{container="radarr"} |= "ERROR"
# Multiple services
{container=~"sonarr|radarr"}
# Search with JSON parsing
{container="karakeep"} |= "ollama" | json
Retention: 30 days (configurable in compose/monitoring/logging/loki-config.yaml)
Uptime Monitoring (Uptime Kuma)
Monitor service availability and performance:
Access Uptime Kuma: https://status.fig.systems
Features:
- HTTP(s) monitoring for all web services
- Docker container health checks
- SSL certificate expiration alerts
- Public/private status pages
- 90+ notification integrations (Discord, Slack, Email, etc.)
Service Integration
How services integrate:
Traefik (Reverse Proxy)
├─→ All services (SSL + routing)
└─→ Let's Encrypt (certificates)
Tinyauth (SSO)
├─→ LLDAP (user authentication)
└─→ Protected services (authorization)
Promtail (Log Collection)
├─→ Docker socket (all containers)
└─→ Loki (log storage)
Loki (Log Storage)
└─→ Grafana (visualization)
Karakeep (Bookmarks)
├─→ Ollama (AI tagging)
├─→ Meilisearch (search)
└─→ Chrome (web archiving)
Sonarr/Radarr (Media Automation)
├─→ SABnzbd/qBittorrent (downloads)
├─→ Jellyfin (media library)
└─→ Recyclarr/Profilarr (quality management)
See Architecture Guide for complete integration details.
📄 License
This is a personal homelab configuration. Use at your own risk.
🤝 Contributing
This is a personal repository, but feel free to use it as a reference for your own homelab!