32974a5820
- Add Vaultwarden (Bitwarden) password manager to utilities.yml
- Self-hosted password manager with web UI
- SMTP configuration for email notifications
- Admin token for management
- Access at bitwarden.${DOMAIN}
- Protected by Authelia SSO
- Create automated first-run setup script (scripts/setup-homelab.sh)
- Installs Docker Engine and Compose V2
- Configures user groups (sudo, docker)
- Enables SSH for remote management
- Detects NVIDIA GPU and provides manual driver installation instructions
- Creates directory structure and Docker networks
- Comprehensive instructions for post-setup deployment
- Remove redundant compose files (now in core.yml)
- Deleted authelia.yml, duckdns.yml, gluetun.yml, traefik.yml
- All services consolidated into unified core.yml stack
- Eliminates confusion and duplication
- Update disk space requirements across documentation
- Changed from "100GB+ system, 1TB+ media" to:
- "120GB+ system drive (NVMe or SSD highly recommended)"
- "2TB+ for media & additional disks for services like Nextcloud"
- Updated in README.md and getting-started.md
- Add preference for LinuxServer.io images
- Updated copilot-instructions.md
- LinuxServer images support PUID/PGID for proper file permissions
- Preference noted in consistency guidelines
- Update core stack documentation
- Emphasize unified core.yml deployment
- Add both deployment methods (cd to directory vs full path)
- Update getting-started.md with correct deployment steps
- Note removal of separate stack files
- Add Bitwarden environment variables to .env.example
- BITWARDEN_ADMIN_TOKEN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED
- SMTP configuration for email notifications
- Generation instructions included
- Update services-reference.md
- Add Vaultwarden to utilities section (now 7 services)
- Update service count and access URLs
All documentation now consistent with unified core stack approach and includes all requested features.
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
195 lines
5.5 KiB
Plaintext
195 lines
5.5 KiB
Plaintext
# Environment Variables Template
|
|
# Copy this file to .env and fill in your values
|
|
# NEVER commit .env to git!
|
|
|
|
# User and Group IDs (get with: id -u and id -g)
|
|
PUID=1000
|
|
PGID=1000
|
|
|
|
# Timezone (list: timedatectl list-timezones)
|
|
TZ=America/New_York
|
|
|
|
# Server IP address
|
|
SERVER_IP=192.168.1.100
|
|
|
|
# Domain Configuration
|
|
DOMAIN=yourdomain.duckdns.org # Your DuckDNS domain
|
|
|
|
# Directory Paths
|
|
USERDIR=/opt/stacks
|
|
MEDIADIR=/mnt/media # Large media files on separate drive
|
|
DOWNLOADDIR=/mnt/downloads # Downloads on separate drive
|
|
PROJECTDIR=/home/username/projects
|
|
|
|
# DuckDNS Configuration
|
|
DUCKDNS_TOKEN=your-duckdns-token
|
|
DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org
|
|
|
|
# Let's Encrypt / ACME
|
|
ACME_EMAIL=your-email@example.com
|
|
|
|
# Authelia Secrets (generate with: openssl rand -hex 64)
|
|
AUTHELIA_JWT_SECRET=your-jwt-secret-here-64-chars
|
|
AUTHELIA_SESSION_SECRET=your-session-secret-here-64-chars
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY=your-encryption-key-here-64-chars
|
|
|
|
# SMTP for Authelia Notifications (optional)
|
|
SMTP_USERNAME=your-email@example.com
|
|
SMTP_PASSWORD=your-smtp-password
|
|
|
|
# Authentik SSO (optional - alternative to Authelia with web UI)
|
|
# Generate secrets with: openssl rand -hex 50
|
|
AUTHENTIK_SECRET_KEY=your-authentik-secret-key-here-100-chars
|
|
AUTHENTIK_DB_USER=authentik
|
|
AUTHENTIK_DB_PASSWORD=changeme-authentik-db-password
|
|
AUTHENTIK_DB_NAME=authentik
|
|
|
|
# VPN Configuration (Surfshark)
|
|
# Get WireGuard details from Surfshark dashboard
|
|
SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
|
|
SURFSHARK_ADDRESSES=10.14.0.2/16
|
|
VPN_COUNTRY=Netherlands # Preferred VPN server location
|
|
|
|
# Alternative: OpenVPN credentials (if not using WireGuard)
|
|
# SURFSHARK_USERNAME=your-surfshark-username
|
|
# SURFSHARK_PASSWORD=your-surfshark-password
|
|
|
|
# Media Services
|
|
PLEX_CLAIM=claim-xxxxxxxxxx
|
|
|
|
# Monitoring & Dashboards
|
|
GRAFANA_ADMIN_PASSWORD=changeme
|
|
|
|
# Development Tools
|
|
CODE_SERVER_PASSWORD=changeme
|
|
CODE_SERVER_SUDO_PASSWORD=changeme
|
|
|
|
# Databases - General
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=changeme
|
|
POSTGRES_DB=homelab
|
|
|
|
PGADMIN_EMAIL=admin@example.com
|
|
PGADMIN_PASSWORD=changeme
|
|
|
|
# Infrastructure
|
|
PIHOLE_PASSWORD=changeme
|
|
WATCHTOWER_NOTIFICATION_URL=
|
|
|
|
# Productivity Services - Nextcloud
|
|
NEXTCLOUD_ADMIN_USER=admin
|
|
NEXTCLOUD_ADMIN_PASSWORD=changeme
|
|
NEXTCLOUD_DB_PASSWORD=changeme
|
|
NEXTCLOUD_DB_ROOT_PASSWORD=changeme
|
|
|
|
# Productivity Services - Gitea
|
|
GITEA_DB_PASSWORD=changeme
|
|
|
|
# Productivity Services - WordPress
|
|
WORDPRESS_DB_PASSWORD=changeme
|
|
WORDPRESS_DB_ROOT_PASSWORD=changeme
|
|
|
|
# Productivity Services - BookStack
|
|
BOOKSTACK_DB_PASSWORD=changeme
|
|
BOOKSTACK_DB_ROOT_PASSWORD=changeme
|
|
|
|
# Productivity Services - MediaWiki
|
|
MEDIAWIKI_DB_PASSWORD=changeme
|
|
MEDIAWIKI_DB_ROOT_PASSWORD=changeme
|
|
|
|
# Utilities - Form.io
|
|
FORMIO_JWT_SECRET=changeme
|
|
FORMIO_DB_SECRET=changeme
|
|
|
|
# Development - Jupyter
|
|
JUPYTER_TOKEN=changeme
|
|
|
|
# Cloudflare API (optional, for DNS challenge)
|
|
# CF_DNS_API_TOKEN=your-cloudflare-api-token
|
|
|
|
# qBittorrent
|
|
QBITTORRENT_USER=admin
|
|
QBITTORRENT_PASS=changeme
|
|
|
|
# Homepage Dashboard - API Keys and Tokens
|
|
# Generate these from each service's settings page
|
|
HOMEPAGE_VAR_DOMAIN=${DOMAIN}
|
|
HOMEPAGE_VAR_SERVER_IP=${SERVER_IP}
|
|
HOMEPAGE_VAR_PORTAINER_KEY=your-portainer-api-key
|
|
HOMEPAGE_VAR_PIHOLE_KEY=your-pihole-api-key
|
|
HOMEPAGE_VAR_PLEX_KEY=your-plex-token
|
|
HOMEPAGE_VAR_JELLYFIN_KEY=your-jellyfin-api-key
|
|
HOMEPAGE_VAR_SONARR_KEY=your-sonarr-api-key
|
|
HOMEPAGE_VAR_RADARR_KEY=your-radarr-api-key
|
|
HOMEPAGE_VAR_LIDARR_KEY=your-lidarr-api-key
|
|
HOMEPAGE_VAR_READARR_KEY=your-readarr-api-key
|
|
HOMEPAGE_VAR_PROWLARR_KEY=your-prowlarr-api-key
|
|
HOMEPAGE_VAR_JELLYSEERR_KEY=your-jellyseerr-api-key
|
|
HOMEPAGE_VAR_QBITTORRENT_USER=${QBITTORRENT_USER}
|
|
HOMEPAGE_VAR_QBITTORRENT_PASS=${QBITTORRENT_PASS}
|
|
HOMEPAGE_VAR_HA_KEY=your-home-assistant-long-lived-token
|
|
HOMEPAGE_VAR_NEXTCLOUD_USER=${NEXTCLOUD_ADMIN_USER}
|
|
HOMEPAGE_VAR_NEXTCLOUD_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
|
|
HOMEPAGE_VAR_GRAFANA_USER=admin
|
|
HOMEPAGE_VAR_GRAFANA_PASS=${GRAFANA_ADMIN_PASSWORD}
|
|
HOMEPAGE_VAR_BOOKSTACK_KEY=your-bookstack-api-token
|
|
HOMEPAGE_VAR_UPTIMEKUMA_SLUG=your-uptime-kuma-slug
|
|
HOMEPAGE_VAR_OPENWEATHER_KEY=your-openweather-api-key
|
|
HOMEPAGE_VAR_WEATHERAPI_KEY=your-weatherapi-key
|
|
HOMEPAGE_VAR_UNIFI_USER=your-unifi-username
|
|
HOMEPAGE_VAR_UNIFI_PASS=your-unifi-password
|
|
|
|
# Add your own variables below
|
|
|
|
# Get WireGuard details from Surfshark dashboard
|
|
SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
|
|
SURFSHARK_ADDRESSES=10.14.0.2/16
|
|
VPN_COUNTRY=Netherlands # Preferred VPN server location
|
|
|
|
# Alternative: OpenVPN credentials (if not using WireGuard)
|
|
# SURFSHARK_USERNAME=your-surfshark-username
|
|
# SURFSHARK_PASSWORD=your-surfshark-password
|
|
|
|
# Plex Configuration
|
|
PLEX_CLAIM=claim-xxxxxxxxxx
|
|
|
|
# Monitoring Passwords
|
|
GRAFANA_ADMIN_PASSWORD=changeme
|
|
|
|
# Code Server Passwords
|
|
CODE_SERVER_PASSWORD=changeme
|
|
CODE_SERVER_SUDO_PASSWORD=changeme
|
|
|
|
# Database Credentials
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=changeme
|
|
POSTGRES_DB=homelab
|
|
|
|
PGADMIN_EMAIL=admin@example.com
|
|
PGADMIN_PASSWORD=changeme
|
|
|
|
# Jupyter Token
|
|
JUPYTER_TOKEN=changeme
|
|
|
|
# Pi-hole
|
|
PIHOLE_PASSWORD=changeme
|
|
|
|
# Bitwarden (Vaultwarden) Password Manager
|
|
# Admin token: openssl rand -base64 48
|
|
BITWARDEN_ADMIN_TOKEN=changeme-bitwarden-admin-token
|
|
BITWARDEN_SIGNUPS_ALLOWED=true # Set to false after creating accounts
|
|
BITWARDEN_INVITATIONS_ALLOWED=true
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_FROM=bitwarden@yourdomain.com
|
|
SMTP_PORT=587
|
|
SMTP_SECURITY=starttls
|
|
# SMTP_USERNAME and SMTP_PASSWORD defined above
|
|
|
|
# Watchtower Notifications (optional)
|
|
# WATCHTOWER_NOTIFICATION_URL=
|
|
|
|
# Cloudflare API (optional, for DNS challenge)
|
|
# CF_DNS_API_TOKEN=your-cloudflare-api-token
|
|
|
|
# Add your own variables below
|