Update Homepage dashboard and deployment scripts

- Homepage: Reorganize services by stack instead of by category - Homepage: Add comprehensive Available to Install sections for all stacks - Homepage: Update config templates with {{HOMEPAGE_VAR_DOMAIN}} placeholder - Homepage: Change layout from row to column style - Scripts: Add sudo requirement to deploy-homelab.sh - Scripts: Replace NVIDIA driver installation with official installer method - Scripts: Add build prerequisites and nouveau blacklisting - Docs: Add AI Automation Guidelines section to docker-guidelines.md - Docs: Document Homepage auto-update requirements and workflow - Config: Add bookmarks.yaml template for Homepage - Config: Add alternatives.yml compose file (Portainer, Authentik) - Config: Update .env.example and authelia configuration
2026-01-13 00:04:43 -05:00
parent 37a093189e
commit bbcc4c19c9
12 changed files with 1159 additions and 571 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,7 +1,11 @@
 # Environment Variables Template
-# Copy this file to .env and fill in your values
+# Copy this file to .env and fill in your values: cp .env.example .env
 # NEVER commit .env to git!

+# ====================================
+# SYSTEM CONFIGURATION
+# ====================================
+
 # User and Group IDs (get with: id -u and id -g)
 PUID=1000
 PGID=1000
@@ -12,59 +16,115 @@ TZ=America/New_York
 # Server IP address
 SERVER_IP=192.168.1.100

-# Domain Configuration
-DOMAIN=yourdomain.duckdns.org  # Your DuckDNS domain
+# ====================================
+# DOMAIN & DNS CONFIGURATION
+# ====================================

-# Directory Paths
-USERDIR=/opt/stacks
-MEDIADIR=/mnt/media           # Large media files on separate drive
-DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
-PROJECTDIR=/home/username/projects
+# Your DuckDNS domain (without https://)
+DOMAIN=yourdomain.duckdns.org

 # DuckDNS Configuration
 DUCKDNS_TOKEN=your-duckdns-token
 DUCKDNS_SUBDOMAINS=yourdomain  # Without .duckdns.org

-# Let's Encrypt / ACME
+# Let's Encrypt / ACME (for SSL certificates)
 ACME_EMAIL=your-email@example.com
+ADMIN_EMAIL=your-email@example.com  # Used for admin user account

-# Authelia Secrets (generate with: openssl rand -hex 64)
-AUTHELIA_JWT_SECRET=your-jwt-secret-here-64-chars
-AUTHELIA_SESSION_SECRET=your-session-secret-here-64-chars
-AUTHELIA_STORAGE_ENCRYPTION_KEY=your-encryption-key-here-64-chars
+# Cloudflare API (optional, for DNS challenge instead of DuckDNS)
+# CF_DNS_API_TOKEN=your-cloudflare-api-token

-# SMTP for Authelia Notifications (optional)
-SMTP_USERNAME=your-email@example.com
-SMTP_PASSWORD=your-smtp-password
+# ====================================
+# AUTHELIA SSO CONFIGURATION
+# ====================================
+# These secrets are AUTO-GENERATED by setup-homelab.sh
+# DO NOT manually set these - the setup script will create them!

-# Authentik SSO (optional - alternative to Authelia with web UI)
-# Generate secrets with: openssl rand -hex 50
-AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars
-AUTHENTIK_DB_USER=authentik
-AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
-AUTHENTIK_DB_NAME=authentik
+AUTHELIA_JWT_SECRET=will-be-auto-generated-by-setup-script
+AUTHELIA_SESSION_SECRET=will-be-auto-generated-by-setup-script
+AUTHELIA_STORAGE_ENCRYPTION_KEY=will-be-auto-generated-by-setup-script

-# VPN Configuration (Surfshark)
+# SMTP for Authelia Notifications (OPTIONAL)
+# If not configured, notifications are saved to file instead
+# SMTP_USERNAME=your-email@example.com
+# SMTP_PASSWORD=your-smtp-password
+
+# ====================================
+# VPN CONFIGURATION (GLUETUN)
+# ====================================
+
+# Surfshark OpenVPN (RECOMMENDED - Default)
+SURFSHARK_USERNAME=your-surfshark-username
+SURFSHARK_PASSWORD=your-surfshark-password
+VPN_SERVER_COUNTRIES=Netherlands  # Preferred VPN server location
+
+# Surfshark WireGuard (OPTIONAL - Advanced users only)
+# Only needed if you prefer WireGuard over OpenVPN
 # Get WireGuard details from Surfshark dashboard
-SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
-SURFSHARK_ADDRESSES=10.14.0.2/16
-VPN_COUNTRY=Netherlands  # Preferred VPN server location
+# SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
+# SURFSHARK_ADDRESSES=10.14.0.2/16

-# Alternative: OpenVPN credentials (if not using WireGuard)
-# SURFSHARK_USERNAME=your-surfshark-username
-# SURFSHARK_PASSWORD=your-surfshark-password
+# ====================================
+# DIRECTORY PATHS
+# ====================================
+
+USERDIR=/opt/stacks
+MEDIADIR=/mnt/media           # Large media files on separate drive
+DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
+PROJECTDIR=/home/username/projects
+
+# ====================================
+# ALTERNATIVE SERVICES (OPTIONAL)
+# Deploy alternatives.yml stack if you want these
+# ====================================
+
+# Authentik SSO (alternative to Authelia with web UI)
+# WARNING: Do not run both Authelia and Authentik at the same time
+# Generate secrets with: openssl rand -hex 50
+# AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars
+# AUTHENTIK_DB_USER=authentik
+# AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
+# AUTHENTIK_DB_NAME=authentik
+
+# ====================================
+# MEDIA SERVICES
+# ====================================

-# Media Services
 PLEX_CLAIM=claim-xxxxxxxxxx

-# Monitoring & Dashboards
+# qBittorrent
+QBITTORRENT_USER=admin
+QBITTORRENT_PASS=changeme
+
+# ====================================
+# INFRASTRUCTURE SERVICES
+# ====================================
+
+# Pi-hole
+PIHOLE_PASSWORD=changeme
+
+# Watchtower Notifications (optional)
+# WATCHTOWER_NOTIFICATION_URL=
+
+# ====================================
+# MONITORING & DASHBOARDS
+# ====================================
+
 GRAFANA_ADMIN_PASSWORD=changeme

-# Development Tools
+# ====================================
+# DEVELOPMENT TOOLS
+# ====================================
+
 CODE_SERVER_PASSWORD=changeme
 CODE_SERVER_SUDO_PASSWORD=changeme

-# Databases - General
+JUPYTER_TOKEN=changeme
+
+# ====================================
+# DATABASES - GENERAL
+# ====================================
+
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=changeme
 POSTGRES_DB=homelab
@@ -72,47 +132,54 @@ POSTGRES_DB=homelab
 PGADMIN_EMAIL=admin@example.com
 PGADMIN_PASSWORD=changeme

-# Infrastructure
-PIHOLE_PASSWORD=changeme
-WATCHTOWER_NOTIFICATION_URL=
+# ====================================
+# PRODUCTIVITY SERVICES
+# ====================================

-# Productivity Services - Nextcloud
+# Nextcloud
 NEXTCLOUD_ADMIN_USER=admin
 NEXTCLOUD_ADMIN_PASSWORD=changeme
 NEXTCLOUD_DB_PASSWORD=changeme
 NEXTCLOUD_DB_ROOT_PASSWORD=changeme

-# Productivity Services - Gitea
+# Gitea
 GITEA_DB_PASSWORD=changeme

-# Productivity Services - WordPress
+# WordPress
 WORDPRESS_DB_PASSWORD=changeme
 WORDPRESS_DB_ROOT_PASSWORD=changeme

-# Productivity Services - BookStack
+# BookStack
 BOOKSTACK_DB_PASSWORD=changeme
 BOOKSTACK_DB_ROOT_PASSWORD=changeme

-# Productivity Services - MediaWiki
+# MediaWiki
 MEDIAWIKI_DB_PASSWORD=changeme
 MEDIAWIKI_DB_ROOT_PASSWORD=changeme

-# Utilities - Form.io
+# ====================================
+# UTILITIES
+# ====================================
+
+# Bitwarden (Vaultwarden) Password Manager
+# Admin token: openssl rand -base64 48
+BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token
+BITWARDEN_SIGNUPS_ALLOWED=true  # Set to false after creating accounts
+BITWARDEN_INVITATIONS_ALLOWED=true
+SMTP_HOST=smtp.gmail.com
+SMTP_FROM=bitwarden@yourdomain.com
+SMTP_PORT=587
+SMTP_SECURITY=starttls
+
+# Form.io
 FORMIO_JWT_SECRET=changeme
 FORMIO_DB_SECRET=changeme

-# Development - Jupyter
-JUPYTER_TOKEN=changeme
-
-# Cloudflare API (optional, for DNS challenge)
-# CF_DNS_API_TOKEN=your-cloudflare-api-token
-
-# qBittorrent
-QBITTORRENT_USER=admin
-QBITTORRENT_PASS=changeme
-
-# Homepage Dashboard - API Keys and Tokens
+# ====================================
+# HOMEPAGE DASHBOARD - API KEYS
 # Generate these from each service's settings page
+# ====================================
+
 HOMEPAGE_VAR_DOMAIN=${DOMAIN}
 HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
 HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
@@ -140,55 +207,3 @@ HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
 HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password

 # Add your own variables below
-
-# Get WireGuard details from Surfshark dashboard
-SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
-SURFSHARK_ADDRESSES=10.14.0.2/16
-VPN_COUNTRY=Netherlands  # Preferred VPN server location
-
-# Alternative: OpenVPN credentials (if not using WireGuard)
-# SURFSHARK_USERNAME=your-surfshark-username
-# SURFSHARK_PASSWORD=your-surfshark-password
-
-# Plex Configuration
-PLEX_CLAIM=claim-xxxxxxxxxx
-
-# Monitoring Passwords
-GRAFANA_ADMIN_PASSWORD=changeme
-
-# Code Server Passwords
-CODE_SERVER_PASSWORD=changeme
-CODE_SERVER_SUDO_PASSWORD=changeme
-
-# Database Credentials
-POSTGRES_USER=postgres
-POSTGRES_PASSWORD=changeme
-POSTGRES_DB=homelab
-
-PGADMIN_EMAIL=admin@example.com
-PGADMIN_PASSWORD=changeme
-
-# Jupyter Token
-JUPYTER_TOKEN=changeme
-
-# Pi-hole
-PIHOLE_PASSWORD=changeme
-
-# Bitwarden (Vaultwarden) Password Manager
-# Admin token: openssl rand -base64 48
-BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token
-BITWARDEN_SIGNUPS_ALLOWED=true  # Set to false after creating accounts
-BITWARDEN_INVITATIONS_ALLOWED=true
-SMTP_HOST=smtp.gmail.com
-SMTP_FROM=bitwarden@yourdomain.com
-SMTP_PORT=587
-SMTP_SECURITY=starttls
-# SMTP_USERNAME and SMTP_PASSWORD defined above
-
-# Watchtower Notifications (optional)
-# WATCHTOWER_NOTIFICATION_URL=
-
-# Cloudflare API (optional, for DNS challenge)
-# CF_DNS_API_TOKEN=your-cloudflare-api-token
-
-# Add your own variables below