kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Wiki v1.0

Browse Source 
Added a wiki
This commit is contained in:
kelinfoxy
2026-01-20 19:32:57 -05:00
parent 16b7e1f1a7
commit bcd20102ae
31 changed files with 9283 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
config-templates/dokuwiki/data/pages/getting_started/access.txt Normal file
View File

@@ -0,0 +1,251 @@
====== Access Services ======
After deployment, access your homelab services through secure HTTPS URLs.
===== Service URLs =====
All services are accessible at `https://service-name.yourdomain.duckdns.org`
| Category | Service | URL | Authentication | Purpose |
|----------|---------|-----|----------------|---------|
| **Management** | Dockge | `https://dockge.yourdomain.duckdns.org` | Authelia SSO | Stack management |
| **Management** | Homepage | `https://home.yourdomain.duckdns.org` | Authelia SSO | Service dashboard |
| **Security** | Authelia | `https://auth.yourdomain.duckdns.org` | Direct login | SSO authentication |
| **Infrastructure** | Traefik | `https://traefik.yourdomain.duckdns.org` | Authelia SSO | Reverse proxy dashboard |
| **Infrastructure** | Pi-hole | `http://pihole.yourdomain.duckdns.org` | Authelia SSO | DNS & ad blocking |
| **Infrastructure** | Dozzle | `https://dozzle.yourdomain.duckdns.org` | Authelia SSO | Log viewer |
| **Infrastructure** | Glances | `https://glances.yourdomain.duckdns.org` | Authelia SSO | System monitoring |
| **Media** | Jellyfin | `https://jellyfin.yourdomain.duckdns.org` | None (app access) | Media server |
| **Media** | Plex | `https://plex.yourdomain.duckdns.org` | None (app access) | Media server |
| **Media** | qBittorrent | `https://qbit.yourdomain.duckdns.org` | Authelia SSO | Torrent client |
| **Media Mgmt** | Sonarr | `https://sonarr.yourdomain.duckdns.org` | Authelia SSO | TV automation |
| **Media Mgmt** | Radarr | `https://radarr.yourdomain.duckdns.org` | Authelia SSO | Movie automation |
| **Productivity** | Nextcloud | `https://nextcloud.yourdomain.duckdns.org` | Authelia SSO | File sync |
| **Productivity** | Gitea | `https://git.yourdomain.duckdns.org` | Authelia SSO | Git service |
| **Productivity** | BookStack | `https://docs.yourdomain.duckdns.org` | Authelia SSO | Documentation |
| **Monitoring** | Grafana | `https://grafana.yourdomain.duckdns.org` | Authelia SSO | Dashboards |
| **Monitoring** | Prometheus | `https://prometheus.yourdomain.duckdns.org` | Authelia SSO | Metrics |
| **Monitoring** | Uptime Kuma | `https://status.yourdomain.duckdns.org` | Authelia SSO | Status monitoring |
| **Home Auto** | Home Assistant | `https://ha.yourdomain.duckdns.org` | None (built-in auth) | Home automation |
| **Utilities** | Backrest | `https://backrest.yourdomain.duckdns.org` | Authelia SSO | Backup management |
| **Development** | Code Server | `https://code.yourdomain.duckdns.org` | Authelia SSO | VS Code in browser |
===== Authentication =====
==== Authelia SSO (Single Sign-On) ====
**Protected Services:**
* Most admin interfaces require Authelia login
* One login grants access to all protected services
* Supports 2FA (Two-Factor Authentication)
**Login Process:**
1. Visit any protected service URL
2. Redirected to Authelia login page
3. Enter username and password
4. (Optional) Enter 2FA code
5. Redirected back to original service
**Default Credentials:**
* Username: `admin` (or custom from setup)
* Password: Secure password from setup
==== Service-Specific Authentication ====
**No SSO (Direct Access):**
* **Jellyfin/Plex**: Use service's built-in user management
* **Home Assistant**: Built-in authentication system
* **Nextcloud**: Can use Authelia or built-in auth
**VPN-Protected Services:**
* **qBittorrent**: Routes through Gluetun VPN
* Access via web UI after Authelia login
===== Security Features =====
==== SSL/TLS Encryption ====
**Wildcard Certificate:**
* Covers all `*.yourdomain.duckdns.org` subdomains
* Issued by Let's Encrypt (free)
* Automatic renewal every 90 days
* A+ SSL rating
**Certificate Details:**
* **Issuer**: Let's Encrypt Authority X3
* **Algorithm**: ECDSA P-256
* **Validity**: 90 days
* **Renewal**: Automatic via Traefik
==== Firewall Protection ====
**UFW Configuration:**
* Only ports 80, 443, and 22 (SSH) open
* All other ports blocked
* Docker containers isolated
**Network Security:**
* Services behind reverse proxy
* No direct container exposure
* VPN routing for downloads
==== Access Control ====
**Authelia Policies:**
* **One Factor**: Username + password
* **Two Factor**: Username + password + TOTP
* **Bypass**: No authentication required
**Default Policies:**
* Admin services: Two-factor recommended
* Media services: Bypass (app compatibility)
* Public services: Bypass when appropriate
===== First-Time Access =====
==== Configure Authelia ====
1. **Access Authelia:**
* URL: `https://auth.yourdomain.duckdns.org`
* Login with admin credentials
2. **Enable 2FA:**
* Go to **Settings** → **One-Time Password**
* Scan QR code with authenticator app
* Enter verification code
3. **Configure Access Rules:**
* Edit `/opt/stacks/core/authelia/configuration.yml`
* Modify access policies as needed
==== Set Up Homepage Dashboard ====
1. **Access Homepage:**
* URL: `https://home.yourdomain.duckdns.org`
2. **Initial Configuration:**
* Click settings icon (gear)
* Add deployed services
* Configure widgets
3. **API Integration:**
* Add API keys for enhanced widgets
* Configure service integrations
==== Test Service Access ====
**Verification Checklist:**
* [ ] Authelia login works
* [ ] Homepage loads correctly
* [ ] Dockge accessible
* [ ] SSL certificates valid
* [ ] No mixed content warnings
===== Troubleshooting Access =====
==== SSL Certificate Issues ====
**"Not Secure" warnings:**
* Wait 2-5 minutes after deployment
* Check DNS propagation: `nslookup yourdomain.duckdns.org`
* Verify ports 80/443 forwarded
* Check Traefik logs: `docker logs traefik`
**Certificate errors:**
```bash
# Check certificate status
echo | openssl s_client -connect yourdomain.duckdns.org:443 -servername dockge.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -dates
```
==== Authentication Problems ====
**Can't log in to Authelia:**
* Verify username/password
* Check 2FA setup
* Clear browser cache
* Check Authelia logs: `docker logs authelia`
**Redirect loops:**
* Check Traefik configuration
* Verify middleware labels
* Restart Traefik: `docker restart traefik`
==== Service Not Accessible ====
**404 errors:**
* Service not deployed
* Traefik route not configured
* Wrong subdomain
**Connection refused:**
* Service not running
* Port mapping issues
* Network connectivity problems
==== DNS Issues ====
**Domain not resolving:**
* Check DuckDNS configuration
* Verify token in `.env`
* Wait for DNS propagation
**Local network access:**
* Use internal IP for local access
* Configure local DNS overrides
===== Advanced Access =====
==== External Service Proxying ====
**Proxy non-Docker services:**
* Raspberry Pi Home Assistant
* NAS devices
* Other network services
**Configuration:**
* Add routes to `/opt/stacks/core/traefik/dynamic/external.yml`
* Include Authelia middleware
* Test connectivity
==== VPN Access ====
**Remote Access:**
* Configure VPN server (OpenVPN/WireGuard)
* Route traffic through VPN
* Access local services remotely
==== API Access ====
**Service APIs:**
* Most services expose REST APIs
* Use API keys for authentication
* Configure in Homepage widgets
===== Mobile Access =====
**Mobile Apps:**
* **Jellyfin/Plex**: Dedicated mobile apps
* **Nextcloud**: Mobile sync client
* **Home Assistant**: Mobile companion app
* **Bitwarden**: Password manager
**Browser Access:**
* All services work in mobile browsers
* Responsive design for most interfaces
* Authelia SSO works on mobile
===== Performance Optimization =====
**Loading Speed:**
* Enable HTTP/2 in Traefik
* Use CDN for static assets
* Optimize service configurations
**Resource Usage:**
* Monitor with Glances
* Set appropriate resource limits
* Use lazy loading for unused services
Ready to access your services? Start with the [[getting_started:security|Security Setup]] guide.
**Need help?** Check [[troubleshooting:networking|Network Troubleshooting]] or visit [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].

284
config-templates/dokuwiki/data/pages/getting_started/deployment.txt Normal file
View File

@@ -0,0 +1,284 @@
====== Deployment ======
After setup, deploy your homelab services using Dockge or manual commands.
===== Using Dockge (Recommended) =====
**Access Dockge:**
* URL: `https://dockge.yourdomain.duckdns.org`
* Username: `admin` (or your custom username)
* Password: Your secure password from setup
**Deploy Services:**
1. Click **"Add Stack"** button
2. Choose **"From Docker Compose"**
3. Select a compose file from the repository
4. Click **"Deploy"**
5. Monitor deployment in the **"Logs"** tab
**Available Stacks:**
* `media.yml` - Media services (Jellyfin, qBittorrent)
* `media-management.yml` - Download automation (Sonarr, Radarr)
* `productivity.yml` - Office tools (Nextcloud, Gitea)
* `monitoring.yml` - Observability (Grafana, Prometheus)
* `homeassistant.yml` - Home automation
* `utilities.yml` - Backup and utilities
===== Manual Deployment =====
**Deploy Individual Stacks:**
```bash
# Navigate to repository
cd ~/AI-Homelab
# Deploy media services
docker compose -f docker-compose/media.yml up -d
# Deploy productivity stack
docker compose -f docker-compose/productivity.yml up -d
# Deploy monitoring
docker compose -f docker-compose/monitoring.yml up -d
```
**Check Deployment Status:**
```bash
# View all running containers
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# Check specific stack
docker compose -f docker-compose/media.yml ps
# View logs
docker compose -f docker-compose/media.yml logs -f
```
===== Service Access =====
After deployment, services are available at:
| Category | Service | URL | Notes |
|----------|---------|-----|-------|
| **Media** | Jellyfin | `https://jellyfin.yourdomain.duckdns.org` | No SSO (app access) |
| **Media** | qBittorrent | `https://qbit.yourdomain.duckdns.org` | VPN protected |
| **Productivity** | Nextcloud | `https://nextcloud.yourdomain.duckdns.org` | File sync |
| **Productivity** | Gitea | `https://git.yourdomain.duckdns.org` | Git service |
| **Monitoring** | Grafana | `https://grafana.yourdomain.duckdns.org` | Dashboards |
| **Development** | Code Server | `https://code.yourdomain.duckdns.org` | VS Code in browser |
===== Post-Deployment Configuration =====
==== Configure Homepage Dashboard ====
1. Visit `https://home.yourdomain.duckdns.org`
2. Click settings (gear icon)
3. Add services to dashboard
4. Configure widgets with API keys
**Example Widgets:**
* System monitoring (CPU, RAM, disk)
* Service status checks
* Weather information
* Calendar integration
==== Set Up Backups ====
1. Deploy Backrest service
2. Configure backup schedules
3. Set up encryption
4. Test backup restoration
==== Configure Monitoring ====
1. Deploy Grafana and Prometheus
2. Import dashboards
3. Set up alerts
4. Configure data sources
===== Deployment Order =====
**Recommended Deployment Sequence:**
1. **Core** (deployed automatically)
- DuckDNS, Traefik, Authelia, Gluetun
2. **Infrastructure** (deployed automatically)
- Dockge, Pi-hole, Dozzle, Glances
3. **Dashboards** (deployed automatically)
- Homepage, Homarr
4. **Media Services**
- Jellyfin or Plex
- qBittorrent (VPN routing)
- Sonarr, Radarr, Prowlarr
5. **Productivity**
- Nextcloud, Gitea, BookStack
6. **Monitoring**
- Grafana, Prometheus, Uptime Kuma
7. **Home Automation**
- Home Assistant, Node-RED
===== Resource Management =====
**Monitor Resource Usage:**
```bash
# Check container resources
docker stats
# View system resources
docker run --rm -v /proc:/host/proc:ro --net=host codenvy/glances
# Check disk space
df -h /opt/stacks/
```
**Resource Limits Applied:**
* CPU limits prevent resource exhaustion
* Memory limits protect system stability
* Automatic cleanup of unused resources
===== Troubleshooting Deployment =====
==== Service Won't Start ====
**Check Logs:**
```bash
# View service logs
docker compose -f docker-compose/stack.yml logs service-name
# Follow logs in real-time
docker compose -f docker-compose/stack.yml logs -f service-name
```
**Common Issues:**
* Port conflicts
* Missing environment variables
* Network connectivity problems
* Insufficient resources
==== SSL Certificate Issues ====
**Check Certificate Status:**
```bash
# View Traefik logs
docker logs traefik | grep certificate
# Check certificate file
ls -la /opt/stacks/core/traefik/acme.json
```
**Certificate Problems:**
* DNS propagation delay (wait 5-10 minutes)
* DuckDNS token incorrect
* Ports 80/443 not forwarded
* Rate limiting (Let's Encrypt limits)
==== Network Issues ====
**Verify Networks:**
```bash
# List Docker networks
docker network ls
# Inspect traefik-network
docker network inspect traefik-network
```
**Network Troubleshooting:**
* Services not on correct network
* Firewall blocking traffic
* DNS resolution problems
==== Permission Issues ====
**Check File Permissions:**
```bash
# Check stack directory permissions
ls -la /opt/stacks/stack-name/
# Check Docker socket permissions
ls -la /var/run/docker.sock
```
**Fix Permissions:**
```bash
# Set correct ownership
sudo chown -R $USER:$USER /opt/stacks/stack-name/
# Add user to docker group
sudo usermod -aG docker $USER
```
===== Scaling and Customization =====
==== Add Custom Services ====
1. Create new compose file
2. Add Traefik labels for routing
3. Include Authelia middleware
4. Deploy via Dockge
==== Modify Existing Services ====
1. Edit compose file
2. Update environment variables
3. Redeploy service
4. Test functionality
==== Remove Services ====
```bash
# Stop and remove service
docker compose -f docker-compose/stack.yml down
# Remove with volumes
docker compose -f docker-compose/stack.yml down -v
# Clean up unused resources
docker system prune
```
===== Performance Optimization =====
**Hardware Acceleration:**
* Enable NVIDIA GPU for transcoding
* Use SSD storage for databases
* Configure appropriate CPU/memory limits
**Network Optimization:**
* Use wired connections when possible
* Configure QoS for media streaming
* Optimize DNS resolution
**Service Optimization:**
* Enable lazy loading for unused services
* Configure appropriate resource limits
* Use efficient Docker images
===== Backup and Recovery =====
**Regular Backups:**
* Configuration files in `/opt/stacks/`
* SSL certificates in `/opt/stacks/core/traefik/`
* User data in service volumes
**Recovery Process:**
* Restore configuration files
* Redeploy services
* Restore user data from backups
**Disaster Recovery:**
* Keep backup scripts ready
* Document recovery procedures
* Test restoration regularly
Ready to deploy? Use Dockge to start deploying services!
**Need help?** See [[troubleshooting:services|Service Troubleshooting]] or check [[reference:commands|Command Reference]].

201
config-templates/dokuwiki/data/pages/getting_started/prerequisites.txt Normal file
View File

@@ -0,0 +1,201 @@
====== Prerequisites ======
Before deploying your AI-Homelab, ensure your system meets these requirements.
===== System Requirements =====
**Minimum Hardware:**
* **CPU**: 2-core processor (4+ cores recommended)
* **RAM**: 4GB minimum (8GB+ recommended)
* **Storage**: 50GB free space (SSD preferred)
* **Network**: Stable internet connection
**Recommended Hardware:**
* **CPU**: 4+ core processor with virtualization support
* **RAM**: 16GB+ for full stack deployment
* **Storage**: 500GB+ SSD for media and backups
* **GPU**: NVIDIA GPU (optional, for hardware transcoding)
===== Operating System =====
**Supported Systems:**
* **Ubuntu 20.04+** (recommended)
* **Debian 11+**
* **Ubuntu Server**
* **Raspberry Pi OS** (64-bit, for lightweight deployments)
**Fresh Installation Recommended:**
* Start with a clean OS install
* Avoid pre-installed Docker versions
* Use LTS (Long Term Support) releases
===== Network Requirements =====
**Domain & DNS:**
* **DuckDNS account**: [[https://duckdns.org|Create free account]]
* **Domain**: Choose your subdomain (e.g., `yourname.duckdns.org`)
* **Token**: Get your DuckDNS token from account settings
**Port Forwarding:**
* **Port 80**: Required for Let's Encrypt HTTP challenge
* **Port 443**: Required for HTTPS traffic
* **Router**: Configure port forwarding to your server
**Network Access:**
* **Outbound**: Full internet access for updates and services
* **Inbound**: Ports 80/443 forwarded from router
* **Local**: Access to router admin panel (for port forwarding)
===== Software Prerequisites =====
**Required Software:**
* **Git**: Version control system
* **curl/wget**: Download utilities
* **SSH server**: Remote access (usually pre-installed)
**Optional but Recommended:**
* **VS Code**: With GitHub Copilot extension
* **Docker Desktop**: For local testing (Windows/Mac)
* **NVIDIA drivers**: If using GPU acceleration
===== Account Setup =====
**Required Accounts:**
* **DuckDNS**: Free dynamic DNS service
* Visit [[https://duckdns.org]]
* Create account and subdomain
* Copy your token for configuration
**Optional Accounts (for specific services):**
* **Surfshark VPN**: For secure downloads
* **GitHub**: For repository access and Copilot
* **Cloud storage**: For offsite backups
===== Security Considerations =====
**Firewall Setup:**
* UFW (Uncomplicated Firewall) will be configured automatically
* Only necessary ports will be opened
* SSH access restricted to key-based authentication
**SSL Certificates:**
* Let's Encrypt provides free certificates
* Wildcard certificate covers all subdomains
* Automatic renewal every 90 days
**Access Control:**
* Authelia provides SSO (Single Sign-On)
* 2FA (Two-Factor Authentication) recommended
* Granular access control per service
===== Pre-Installation Checklist =====
**Hardware Check:**
* [ ] Server meets minimum requirements
* [ ] Sufficient storage space available
* [ ] Stable power supply
* [ ] Backup power (UPS) recommended
**Network Check:**
* [ ] Internet connection stable
* [ ] Router supports port forwarding
* [ ] Ports 80/443 available and forwarded
* [ ] Local IP address known and static
**Account Setup:**
* [ ] DuckDNS account created
* [ ] Domain chosen and configured
* [ ] DuckDNS token obtained
* [ ] Optional: VPN credentials prepared
**Software Preparation:**
* [ ] SSH access to server established
* [ ] VS Code installed (optional)
* [ ] GitHub Copilot configured (optional)
===== Environment Variables =====
Create a `.env` file with these variables:
```
# Domain Configuration
DOMAIN=yourdomain.duckdns.org
DUCKDNS_TOKEN=your-duckdns-token
# Optional: VPN Configuration
SURFSHARK_USERNAME=your-vpn-username
SURFSHARK_PASSWORD=your-vpn-password
# Authelia (auto-generated by setup script)
AUTHELIA_JWT_SECRET=64-char-random-string
AUTHELIA_SESSION_SECRET=64-char-random-string
AUTHELIA_STORAGE_ENCRYPTION_KEY=64-char-random-string
# User Configuration
PUID=1000
PGID=1000
TZ=America/New_York
```
**Note:** Authelia secrets are auto-generated by the setup script. Leave them with default values initially.
===== Testing Your Setup =====
**Network Connectivity:**
```bash
# Test internet connection
ping -c 4 8.8.8.8
# Test DNS resolution
nslookup duckdns.org
# Test port forwarding (from external network)
curl -I http://your-external-ip
```
**System Resources:**
```bash
# Check available space
df -h /
# Check memory
free -h
# Check CPU cores
nproc
```
**SSH Access:**
```bash
# Test SSH connection
ssh user@your-server-ip
# Test sudo access
sudo whoami
```
===== Troubleshooting Prerequisites =====
**"Permission denied" errors:**
* Ensure you have sudo access
* Check if user is in sudo group
* Try running commands with `sudo`
**Network connectivity issues:**
* Verify internet connection
* Check firewall settings
* Test DNS resolution
**Port forwarding problems:**
* Access router admin panel
* Verify ports 80/443 are forwarded
* Check if ISP blocks these ports
**DuckDNS issues:**
* Verify token is correct
* Check domain is available
* Test DNS updates manually
Ready to proceed? Continue to [[getting_started:setup|Automated Setup]].
**Need Help?** Check the [[troubleshooting:start|Troubleshooting Guide]] or visit [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].

245
config-templates/dokuwiki/data/pages/getting_started/security.txt Normal file
View File

@@ -0,0 +1,245 @@
====== Security Setup ======
Secure your homelab with proper authentication, encryption, and access controls.
===== Two-Factor Authentication =====
**Enable 2FA for Authelia:**
1. **Access Authelia:**
* URL: `https://auth.yourdomain.duckdns.org`
* Login with admin credentials
2. **Configure TOTP:**
* Go to **Settings** → **One-Time Password**
* Install authenticator app (Google Authenticator, Authy, etc.)
* Scan QR code or enter secret manually
* Enter verification code to enable
3. **Backup Codes:**
* Generate backup codes for recovery
* Store securely (encrypted password manager)
* Use only for emergency access
**2FA Best Practices:**
* Use hardware security keys when possible
* Enable biometric authentication on mobile
* Regularly rotate backup codes
* Test recovery process
===== Access Control Policies =====
**Authelia Configuration:**
* Location: `/opt/stacks/core/authelia/configuration.yml`
**Default Policies:**
```yaml
access_control:
default_policy: deny
rules:
# Admin services - require 2FA
- domain: "*.yourdomain.duckdns.org"
policy: two_factor
# Media services - bypass SSO (app compatibility)
- domain: jellyfin.yourdomain.duckdns.org
policy: bypass
- domain: plex.yourdomain.duckdns.org
policy: bypass
# Home Assistant - bypass (built-in auth)
- domain: ha.yourdomain.duckdns.org
policy: bypass
```
**Policy Types:**
* **deny**: Block all access
* **one_factor**: Username + password only
* **two_factor**: Username + password + 2FA
* **bypass**: No authentication required
===== SSL/TLS Security =====
**Certificate Management:**
* **Issuer**: Let's Encrypt (trusted CA)
* **Type**: Wildcard certificate (*.yourdomain.duckdns.org)
* **Algorithm**: ECDSA P-256 with SHA-256
* **Validity**: 90 days with automatic renewal
**Security Headers:**
* **HSTS**: HTTP Strict Transport Security
* **CSP**: Content Security Policy
* **X-Frame-Options**: Clickjacking protection
* **X-Content-Type-Options**: MIME sniffing prevention
**Traefik Security:**
```yaml
# In traefik.yml
http:
middlewares:
security-headers:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
X-Frame-Options: "SAMEORIGIN"
X-Content-Type-Options: "nosniff"
Referrer-Policy: "strict-origin-when-cross-origin"
Permissions-Policy: "geolocation=(), microphone=(), camera=()"
```
===== Firewall Configuration =====
**UFW Rules (automatically configured):**
```bash
# Allow SSH
sudo ufw allow ssh
# Allow HTTP/HTTPS
sudo ufw allow 80
sudo ufw allow 443
# Enable firewall
sudo ufw enable
```
**Docker Security:**
* Containers run as non-root users
* No privileged containers
* Minimal exposed ports
* Network isolation
===== Password Security =====
**Strong Password Requirements:**
* Minimum 12 characters
* Mix of uppercase, lowercase, numbers, symbols
* No dictionary words or common patterns
* Unique per service
**Password Manager Integration:**
* Use Bitwarden/Vaultwarden for password storage
* Enable auto-fill for services
* Regular password rotation
* Emergency access setup
===== VPN and Network Security =====
**Download Protection:**
* qBittorrent routes through Gluetun VPN
* All torrent traffic encrypted
* No IP leaks during downloads
**Network Segmentation:**
* Services isolated in Docker networks
* Database access restricted
* External services proxied through Traefik
===== Backup Security =====
**Encrypted Backups:**
* Use Backrest with encryption
* Store encryption keys securely
* Offsite backup storage
* Regular integrity checks
**Backup Verification:**
```bash
# Test backup restoration
restic restore latest --target /tmp/restore-test
restic check
```
===== Service-Specific Security =====
**Nextcloud Security:**
* Enable brute force protection
* Configure trusted domains
* Set up file encryption
* Regular security scans
**Gitea Security:**
* Disable public registration
* Enable SSH key authentication
* Configure access tokens
* Regular repository backups
**Database Security:**
* Strong database passwords
* Network isolation
* Regular updates
* Query logging
===== Monitoring and Alerts =====
**Security Monitoring:**
* Enable fail2ban for SSH protection
* Monitor authentication attempts
* Set up intrusion detection
* Log analysis with Loki/Promtail
**Alert Configuration:**
* Failed login notifications
* Certificate expiration warnings
* Service downtime alerts
* Security vulnerability notifications
===== Incident Response =====
**Security Breach Response:**
1. **Isolate**: Disconnect affected systems
2. **Assess**: Determine scope of breach
3. **Contain**: Change all passwords
4. **Recover**: Restore from clean backups
5. **Learn**: Update security policies
**Emergency Access:**
* Keep backup authentication methods
* Document recovery procedures
* Test incident response plans
* Regular security audits
===== Advanced Security =====
**Certificate Pinning:**
* Pin Let's Encrypt intermediate certificates
* Monitor certificate transparency logs
* Automated certificate validation
**Zero Trust Architecture:**
* Every access request verified
* Minimal privilege access
* Continuous authentication
* Network micro-segmentation
**Compliance Considerations:**
* Data encryption at rest and in transit
* Access logging and monitoring
* Regular security assessments
* Privacy-preserving configurations
===== Security Checklist =====
**Initial Setup:**
* [ ] 2FA enabled for all admin accounts
* [ ] Strong, unique passwords everywhere
* [ ] SSL certificates properly configured
* [ ] Firewall rules verified
* [ ] VPN configured for downloads
**Ongoing Security:**
* [ ] Regular password rotation
* [ ] Security updates applied
* [ ] Backup encryption verified
* [ ] Access logs reviewed
* [ ] Security scans performed
**Emergency Preparedness:**
* [ ] Backup authentication methods available
* [ ] Incident response plan documented
* [ ] Recovery procedures tested
* [ ] Contact information current
Your homelab is now secure! Continue to [[architecture:security|Security Architecture]] for detailed technical information.
**Need help?** Check [[troubleshooting:ssl|SSL Troubleshooting]] or visit [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].

234
config-templates/dokuwiki/data/pages/getting_started/setup.txt Normal file
View File

@@ -0,0 +1,234 @@
====== Automated Setup ======
The AI-Homelab uses two automated scripts for deployment. This is the recommended approach for most users.
===== Quick Setup Commands =====
```bash
# 1. Clone the repository
git clone https://github.com/kelinfoxy/AI-Homelab.git
cd AI-Homelab
# 2. Configure environment
cp .env.example .env
nano .env # Edit with your domain and tokens
# 3. Run setup script
sudo ./scripts/setup-homelab.sh
# 4. Run deployment script
sudo ./scripts/deploy-homelab.sh
```
That's it! Your homelab will be ready in 10-15 minutes.
===== Detailed Setup Process =====
==== Step 1: Clone Repository ====
```bash
# Clone to your home directory
cd ~
git clone https://github.com/kelinfoxy/AI-Homelab.git
cd AI-Homelab
```
**What this provides:**
* Complete homelab configuration
* Docker compose files for all services
* Automated deployment scripts
* Configuration templates
* Documentation and guides
==== Step 2: Configure Environment ====
```bash
# Copy example configuration
cp .env.example .env
# Edit with your settings
nano .env
```
**Required variables:**
```
DOMAIN=yourdomain.duckdns.org
DUCKDNS_TOKEN=your-duckdns-token
ACME_EMAIL=your-email@example.com
```
**Optional variables:**
```
SURFSHARK_USERNAME=your-vpn-username
SURFSHARK_PASSWORD=your-vpn-password
TZ=America/New_York
PUID=1000
PGID=1000
```
==== Step 3: Run Setup Script ====
```bash
# Execute with sudo privileges
sudo ./scripts/setup-homelab.sh
```
**What the setup script does:**
**System Preparation:**
* Updates system packages
* Installs required dependencies (git, curl, etc.)
* Installs Docker Engine + Compose V2
* Configures user permissions
* Sets up UFW firewall
* Enables SSH server
**Authelia Configuration:**
* Generates cryptographic secrets (JWT, session, encryption keys)
* Prompts for admin username (default: admin)
* Prompts for secure password with confirmation
* Generates argon2id password hash
* Creates user database
**Infrastructure Setup:**
* Creates `/opt/stacks/` directory structure
* Sets up Docker networks (traefik-network, homelab-network, etc.)
* Detects NVIDIA GPU and offers driver installation
**Security Features:**
* Idempotent (safe to re-run)
* Comprehensive error handling
* Timeout protection for operations
* Clear troubleshooting messages
==== Step 4: Run Deployment Script ====
```bash
# Deploy all services
sudo ./scripts/deploy-homelab.sh
```
**What the deployment script does:**
**Prerequisites Check:**
* Validates environment configuration
* Verifies Docker installation
* Checks network connectivity
**Core Stack Deployment:**
* Deploys DuckDNS, Traefik, Authelia, Gluetun
* Obtains wildcard SSL certificate (*.yourdomain.duckdns.org)
* Configures reverse proxy routing
**Infrastructure Deployment:**
* Deploys Dockge, Pi-hole, monitoring tools
* Sets up dashboards (Homepage, Homarr)
* Configures service discovery
**Health Checks:**
* Waits for services to become healthy
* Validates SSL certificate generation
* Opens Dockge in browser
===== Post-Setup Configuration =====
==== Access Your Services ====
After deployment, access services at:
| Service | URL | Status |
|---------|-----|--------|
| **Dockge** | `https://dockge.yourdomain.duckdns.org` | ✅ Primary management |
| **Homepage** | `https://home.yourdomain.duckdns.org` | ✅ Service dashboard |
| **Authelia** | `https://auth.yourdomain.duckdns.org` | ✅ SSO login |
| **Traefik** | `https://traefik.yourdomain.duckdns.org` | ✅ Proxy dashboard |
**Default Credentials:**
* Username: `admin` (or your custom username)
* Password: The secure password you created
==== Configure Two-Factor Authentication ====
1. Visit `https://auth.yourdomain.duckdns.org`
2. Log in with your admin credentials
3. Go to Settings → One-Time Password
4. Scan QR code with authenticator app
5. Enter verification code to enable 2FA
==== Customize Homepage Dashboard ====
1. Visit `https://home.yourdomain.duckdns.org`
2. Click the settings icon (gear)
3. Configure services and widgets
4. Add API keys for enhanced widgets
===== Troubleshooting Setup =====
==== Common Issues ====
**"Permission denied" when running scripts:**
```bash
# Ensure you're using sudo
sudo ./scripts/setup-homelab.sh
# Check if scripts are executable
ls -la scripts/
chmod +x scripts/*.sh
```
**Docker installation fails:**
```bash
# Remove conflicting packages
sudo apt remove docker docker-engine docker.io containerd runc
# Re-run setup script
sudo ./scripts/setup-homelab.sh
```
**SSL certificate generation fails:**
* Check DuckDNS token is correct in `.env`
* Verify ports 80/443 are forwarded
* Wait 2-5 minutes for DNS propagation
* Check Traefik logs: `docker logs traefik`
**Services not accessible:**
* Verify domain resolves: `nslookup yourdomain.duckdns.org`
* Check firewall: `sudo ufw status`
* View service logs: `docker compose -f /opt/stacks/core/docker-compose.yml logs`
==== NVIDIA GPU Setup ====
If you have an NVIDIA GPU and want hardware acceleration:
```bash
# During setup script, answer 'y' when prompted
# Or install manually after setup:
# Add NVIDIA package repository
distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
# Install NVIDIA Docker
sudo apt-get update && sudo apt-get install -y nvidia-docker2
sudo systemctl restart docker
# Test GPU access
docker run --rm --gpus all nvidia/cuda:12.0.0-base-ubuntu22.04 nvidia-smi
```
==== Manual Setup Alternative ====
If automated scripts fail, see [[getting_started:manual|Manual Setup Guide]] for step-by-step instructions.
===== Next Steps =====
1. **Explore Services**: Use Dockge to deploy additional services
2. **Configure Backups**: Set up Backrest for automated backups
3. **Add Monitoring**: Deploy Grafana/Prometheus for observability
4. **Customize**: Modify services to fit your needs
5. **Contribute**: Help improve the project
**Ready to deploy?** Run the setup script and enjoy your new homelab!
**Need help?** Check [[troubleshooting:deployment|Deployment Troubleshooting]] or ask in [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].

126
config-templates/dokuwiki/data/pages/getting_started/start.txt Normal file
View File

@@ -0,0 +1,126 @@
====== Getting Started ======
Welcome to your AI-powered homelab! This guide will walk you through setting up your production-ready infrastructure with Dockge, Traefik, Authelia, and 70+ services.
===== Quick Start Checklist =====
**Prerequisites:**
* [ ] Fresh Debian/Ubuntu server (or existing system)
* [ ] Root/sudo access
* [ ] Internet connection
* [ ] VS Code with GitHub Copilot (recommended)
**Setup Process:**
* [ ] Clone repository: `git clone https://github.com/kelinfoxy/AI-Homelab.git`
* [ ] Configure `.env` file with your domain and tokens
* [ ] Run setup script: `sudo ./scripts/setup-homelab.sh`
* [ ] Run deployment script: `sudo ./scripts/deploy-homelab.sh`
* [ ] Access Dockge at `https://dockge.yourdomain.duckdns.org`
**Post-Setup:**
* [ ] Set up 2FA with Authelia
* [ ] Configure Homepage dashboard
* [ ] Deploy additional services as needed
* [ ] Set up backups with Backrest
===== What You Get =====
Your homelab includes:
**Core Infrastructure (Deployed First):**
* **DuckDNS**: Dynamic DNS with Let's Encrypt wildcard SSL certificates
* **Traefik**: Reverse proxy with automatic HTTPS termination
* **Authelia**: SSO authentication protecting all services
* **Gluetun**: VPN client for secure downloads
* **Sablier**: Lazy loading service for resource management
**Management Tools:**
* **Dockge**: Web-based Docker stack manager (PRIMARY interface)
* **Pi-hole**: Network-wide ad blocking and DNS
* **Dozzle**: Live Docker log viewer
* **Glances**: System monitoring dashboard
**Dashboards:**
* **Homepage**: AI-configured service dashboard
* **Homarr**: Modern alternative dashboard
**70+ Available Services:**
* Media: Plex, Jellyfin, Sonarr, Radarr, qBittorrent
* Productivity: Nextcloud, Gitea, BookStack, WordPress
* Home Automation: Home Assistant, Node-RED, Zigbee2MQTT
* Monitoring: Grafana, Prometheus, Uptime Kuma
* Development: VS Code Server, GitLab, Jupyter
* And many more...
===== Architecture Overview =====
```
Internet → DuckDNS → Traefik → Authelia → Services
Wildcard SSL (*.yourdomain.duckdns.org)
```
**Key Features:**
* **File-based configuration**: AI-manageable YAML files
* **Automatic HTTPS**: Let's Encrypt wildcard certificates
* **SSO protection**: Authelia secures admin interfaces
* **VPN routing**: Downloads protected through Gluetun
* **Resource management**: Automatic container limits
* **Lazy loading**: Services start on-demand
===== Access Your Services =====
After deployment, access services at:
| Service | URL | Purpose |
|---------|-----|---------|
| **Dockge** | `https://dockge.yourdomain.duckdns.org` | Stack management |
| **Homepage** | `https://home.yourdomain.duckdns.org` | Service dashboard |
| **Authelia** | `https://auth.yourdomain.duckdns.org` | SSO login |
| **Traefik** | `https://traefik.yourdomain.duckdns.org` | Reverse proxy dashboard |
| **Pi-hole** | `http://pihole.yourdomain.duckdns.org` | DNS admin |
| **Dozzle** | `https://dozzle.yourdomain.duckdns.org` | Log viewer |
**Default Credentials:**
* Username: `admin` (or custom username from setup)
* Password: Secure password created during setup
===== Next Steps =====
1. **Complete Security Setup**
* Configure 2FA in Authelia
* Review service access policies
* Set up backup encryption
2. **Deploy Core Services**
* Use Dockge to deploy media services
* Configure Homepage widgets
* Set up monitoring dashboards
3. **Customize Your Stack**
* Add external service proxying
* Configure backup schedules
* Set up development environment
4. **Learn Advanced Features**
* Use AI Copilot for management
* Explore service customization
* Contribute to the project
===== Getting Help =====
**Documentation:**
* [[architecture:overview|Architecture Guide]]
* [[services:start|Service Reference]]
* [[troubleshooting:start|Troubleshooting]]
* [[reference:start|Quick Reference]]
**Community:**
* [[https://github.com/kelinfoxy/AI-Homelab/issues|GitHub Issues]]
* [[https://github.com/kelinfoxy/AI-Homelab/discussions|Discussions]]
**AI Assistance:**
* Use GitHub Copilot in VS Code
* Reference the [[development:copilot|Copilot Instructions]]
Ready to get started? Continue to [[getting_started:prerequisites|Prerequisites]] or jump straight to [[getting_started:setup|Automated Setup]].