From c1ce4eda5242cef62a1428253a929b0a5fab8174 Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 10:17:47 -0600
Subject: [PATCH 1/7] add more documentation links

---
 readme.md | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/readme.md b/readme.md
index 29bac98..d6de9bd 100644
--- a/readme.md
+++ b/readme.md
@@ -100,7 +100,9 @@ Below are the variables that need to be set in the `.env` file for each service.
 
 ### gluetun
 
-The values below are specific to Mullvad VPN ([docs](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md)). Other providers need different values, refer to the corresponding gluetun documentation.
+[Docs](https://github.com/qdm12/gluetun)
+
+The values below are specific to Mullvad VPN ([gluetun docs](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md)). Other providers need different values, refer to the corresponding gluetun documentation.
 
 ```env
 VPN_SERVICE_PROVIDER=mullvad
@@ -114,9 +116,9 @@ The values for `WIREGUARD_PRIVATE_KEY` and `WIREGUARD_ADDRESSES` should be avail
 
 ### Immich
 
-My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. Also note that the way I set the upload location is not recommended by the Immich docs.
+[Docs](https://immich.app/docs/install/docker-compose/)
 
-For more information, see the Immich [docker-compose setup instructions](https://immich.app/docs/install/docker-compose/).
+My current Immich docker setup has a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. Also note that the way I set the upload location is not recommended by the Immich docs.
 
 ```env
 UPLOAD_LOCATION=/media/immich
@@ -139,7 +141,7 @@ POSTGRES_DB=immich
 
 ### Joplin
 
-See the [docker-joplin-server docs](https://github.com/flosoft/docker-joplin-server) for more info.
+[Docs](https://github.com/flosoft/docker-joplin-server)
 
 ```env
 APP_PORT=22300
@@ -151,7 +153,7 @@ POSTGRES_USER=
 POSTGRES_PORT=5432
 POSTGRES_HOST=joplin-db
 
-# Optional SMTP options
+# Optional SMTP settings
 MAILER_ENABLED=1
 MAILER_HOST=
 MAILER_PORT=465
@@ -164,7 +166,9 @@ MAILER_NOREPLY_EMAIL=
 
 ### LinkStack
 
-This one just needs the public hostname and admin email. [Docs](https://linkstack.org/docker/).
+[Docs](https://linkstack.org/docker/)
+
+This one just needs the public hostname and admin email.
 
 ```env
 HTTPS_SERVER_NAME=
@@ -217,13 +221,18 @@ PAPERLESS_EMAIL_FROM=
 
 ### Speedtest Tracker
 
-[Docs](https://docs.speedtest-tracker.dev/getting-started/installation/using-docker-compose). `APP_URL` is the public address, `APP_KEY` is generated with `echo -n 'base64:'; openssl rand -base64 32;`
+[Docs](https://docs.speedtest-tracker.dev/getting-started/installation/using-docker-compose)
 
 ```env
 PUID=1000
 PGID=1000
+
+# Generate with `echo -n 'base64:'; openssl rand -base64 32;` or use the speedtest-tracker website
 APP_KEY=
+
+# Public address or IP
 APP_URL=
+
 DB_CONNECTION=sqlite
 APP_TIMEZONE=
 DISPLAY_TIMEZONE=
@@ -232,7 +241,7 @@ SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes
 
 ### Tandoor
 
-[Docs](https://docs.tandoor.dev/install/docker/).
+[Docs](https://docs.tandoor.dev/install/docker/)
 
 ```env
 # Random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
@@ -252,16 +261,18 @@ POSTGRES_PASSWORD=
 
 ### vaultwarden
 
-[Docs](https://github.com/dani-garcia/vaultwarden). Note that the crypto API requires HTTPS, so local access is a bit of a challenge.
+[Docs](https://github.com/dani-garcia/vaultwarden)
+
+Note that the cryptography API used by vaultwarden requires HTTPS, so local access can be a bit of a challenge.
 
 These values are only required if you need to use the vaultwarden admin page (for user management, SMTP, hardware 2FA, etc.). The `ADMIN_TOKEN` value gave me trouble - to make it work, I used the 'Using `argon2`' instructions from [Enabling admin page](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page) in the docs. At `your-ip-or-url.com/admin`, the password you used for the hash will unlock it (e.g. `MySecretPassword` per their example).
 
 Note: The `ADMIN_TOKEN` value should be enclosed in single quotes. If it is not, all instances of `$` in the value will need to be replaced with `$$` to prevent the value from being split by the parser.
 
 ```env
+# Public domain or IP
 DOMAIN=
 
-# Dollar signs must be replaced with two dollar signs to properly escape variables in this token
 ADMIN_TOKEN=
 
 # Optional SMTP email settings

From 4b3c8b171d06d7cf34623b50ee49e0b51cbc2249 Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 10:20:05 -0600
Subject: [PATCH 2/7] update cloudflared env notes

---
 readme.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index d6de9bd..5041e89 100644
--- a/readme.md
+++ b/readme.md
@@ -96,7 +96,12 @@ Below are the variables that need to be set in the `.env` file for each service.
 
 ### cloudflared
 
-`TUNNEL_TOKEN`: available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector`
+[Docs](https://github.com/cloudflare/cloudflared?tab=readme-ov-file)
+
+```env
+# Available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector`
+TUNNEL_TOKEN=
+```
 
 ### gluetun
 

From 5e97c8215d912bd526653b8efd9b666e9e94ce6a Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 10:26:28 -0600
Subject: [PATCH 3/7] add more linkstack info

---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 5041e89..c8fba0a 100644
--- a/readme.md
+++ b/readme.md
@@ -24,7 +24,7 @@ These are all the services hosted, what they are for, and any clients I use with
 - [Gitea](https://about.gitea.com/) - Git server - in the process of replacing my GitHub account
 - [Grocy](https://github.com/grocy/grocy) - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?)
   - [iOS Client](https://apps.apple.com/us/app/grocy-mobile/id1567803209)
-- [Homepage](https://gethomepage.dev/) - My default new tab page; has info about all my services plus links
+- [Homepage](https://gethomepage.dev/) - My default new tab page - has info and stats about all my services plus links
 - [Immich](https://immich.app/) - Photo and video management
   - Their official mobile apps are quite good
 - [Jellyfin](https://jellyfin.org) - Media server for movies, TV shows, and music
@@ -33,7 +33,7 @@ These are all the services hosted, what they are for, and any clients I use with
   - For other devices (desktop, mobile, Roku/Android TV) I use either the web app or the official Jellyfin client
 - [Joplin](https://joplinapp.org/) - Notes (Obsidian alternative)
 - [Kiwix](https://kiwix.org/en/) - Offline wiki hosting - I have Wikipedia, the Arch Linux wiki, and several others downloaded
-- [LinkStack](https://linkstack.org/) - Self-hosted LinkTree alternative
+- [LinkStack](https://linkstack.org/) - Self-hosted LinkTree alternative ([azpsen.com](https://azpsen.com)) - more for content creators, definitely overkill for what I need. I'll probably replace it with a simple static site at some point
 - [Miniflux](https://miniflux.app/) - Minimalist RSS feed reader
   - [NetNewsWire](https://netnewswire.com/) - Wonderful all-purpose iOS RSS client
 - [Paperless-ngx](https://docs.paperless-ngx.com/) - Document management system for legal documents, IDs, bank statements, etc.

From 3f0048d496a7bd23f9e5ccb6539f9446fd54c7b3 Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 10:34:26 -0600
Subject: [PATCH 4/7] fix line ordering

---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index c8fba0a..741a02c 100644
--- a/readme.md
+++ b/readme.md
@@ -69,10 +69,10 @@ Note that I run tailscale on bare metal so it is not listed here, but it is very
 
 I use [LunaSea](https://www.lunasea.app/) as a mobile client for Radarr and Sonarr.
 
-This configuration uses `.env` files to separate secrets from public information and maintain brevity in the main `docker-compose.yml`
-
 ## Environment
 
+This configuration uses `.env` files to separate secrets from public information and keep the main `docker-compose.yml` a little shorter.
+
 Below are the variables that need to be set in the `.env` file for each service. Empty variables should be replaced with your values.
 
 > **A Note on Email**

From c501d1498a8a2e3a48502419ab5dbb06d49aa4ab Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 10:37:00 -0600
Subject: [PATCH 5/7] add .env file names

---
 readme.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 741a02c..a2f0fed 100644
--- a/readme.md
+++ b/readme.md
@@ -71,7 +71,7 @@ I use [LunaSea](https://www.lunasea.app/) as a mobile client for Radarr and Sona
 
 ## Environment
 
-This configuration uses `.env` files to separate secrets from public information and keep the main `docker-compose.yml` a little shorter.
+This configuration uses `.env` files to separate secrets from public information and keep the main `docker-compose.yml` a little shorter. It is set up to look for these files in `/docker/env`, with each service having its own `<service>.env` file.
 
 Below are the variables that need to be set in the `.env` file for each service. Empty variables should be replaced with your values.
 
@@ -99,6 +99,8 @@ Below are the variables that need to be set in the `.env` file for each service.
 [Docs](https://github.com/cloudflare/cloudflared?tab=readme-ov-file)
 
 ```env
+# cloudflared.env
+
 # Available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector`
 TUNNEL_TOKEN=
 ```
@@ -110,6 +112,8 @@ TUNNEL_TOKEN=
 The values below are specific to Mullvad VPN ([gluetun docs](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md)). Other providers need different values, refer to the corresponding gluetun documentation.
 
 ```env
+# gluetun.env
+
 VPN_SERVICE_PROVIDER=mullvad
 VPN_TYPE=wireguard
 WIREGUARD_PRIVATE_KEY=
@@ -126,6 +130,8 @@ The values for `WIREGUARD_PRIVATE_KEY` and `WIREGUARD_ADDRESSES` should be avail
 My current Immich docker setup has a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. Also note that the way I set the upload location is not recommended by the Immich docs.
 
 ```env
+#immich.env
+
 UPLOAD_LOCATION=/media/immich
 IMMICH_VERSION="v1.123.0"
 
@@ -149,6 +155,8 @@ POSTGRES_DB=immich
 [Docs](https://github.com/flosoft/docker-joplin-server)
 
 ```env
+# joplin.env
+
 APP_PORT=22300
 APP_BASE_URL=
 DB_CLIENT=pg
@@ -176,6 +184,8 @@ MAILER_NOREPLY_EMAIL=
 This one just needs the public hostname and admin email.
 
 ```env
+# linkstack.env
+
 HTTPS_SERVER_NAME=
 SERVER_ADMIN=
 ```
@@ -185,6 +195,8 @@ SERVER_ADMIN=
 [Docs](https://miniflux.app/docs/docker.html)
 
 ```env
+# miniflux.env
+
 DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password
 RUN_MIGRATIONS=1
 
@@ -198,6 +210,8 @@ POSTGRES_DB=miniflux
 [Docs](https://docs.paperless-ngx.com/setup/#docker)
 
 ```env
+# paperless.env
+
 USERMAP_UID=1000
 USERMAP_GID=1000
 PUID=1000
@@ -229,6 +243,8 @@ PAPERLESS_EMAIL_FROM=
 [Docs](https://docs.speedtest-tracker.dev/getting-started/installation/using-docker-compose)
 
 ```env
+# speedtest.env
+
 PUID=1000
 PGID=1000
 
@@ -249,6 +265,8 @@ SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes
 [Docs](https://docs.tandoor.dev/install/docker/)
 
 ```env
+# tandoor.env
+
 # Random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
 SECRET_KEY=
 
@@ -275,6 +293,8 @@ These values are only required if you need to use the vaultwarden admin page (fo
 Note: The `ADMIN_TOKEN` value should be enclosed in single quotes. If it is not, all instances of `$` in the value will need to be replaced with `$$` to prevent the value from being split by the parser.
 
 ```env
+# vaultwarden.env
+
 # Public domain or IP
 DOMAIN=
 

From 7c4675172568020192192eb2d1d382054ebb499a Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 12:07:20 -0600
Subject: [PATCH 6/7] Update readme.md

fix calibre client listing
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a2f0fed..6480c38 100644
--- a/readme.md
+++ b/readme.md
@@ -21,6 +21,7 @@ These are all the services hosted, what they are for, and any clients I use with
 - [AudioBookShelf](https://www.audiobookshelf.org/) - Audiobook server
   - The official mobile client works great
 - [Calibre Web](https://github.com/janeczku/calibre-web) - Ebook management
+  - [Yomu](https://www.yomu-reader.com/) for iOS is nice and minimal and supports OPDS for use with Calibre Web
 - [Gitea](https://about.gitea.com/) - Git server - in the process of replacing my GitHub account
 - [Grocy](https://github.com/grocy/grocy) - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?)
   - [iOS Client](https://apps.apple.com/us/app/grocy-mobile/id1567803209)
@@ -40,7 +41,6 @@ These are all the services hosted, what they are for, and any clients I use with
   - [Swift Paperless](https://github.com/paulgessinger/swift-paperless) - iOS client
 - [Tandoor](https://tandoor.dev/) - Recipe management, so I always know which zucchine muffin recipe is the good one
   - [Untare](https://github.com/phantomate/Untare) - Mobile client (discontinued but it still works for now)
-  - [Yomu](https://www.yomu-reader.com/) for iOS is nice and minimal and supports OPDS for use with Calibre Web
 - [vaultwarden](https://github.com/dani-garcia/vaultwarden) - Password manager
   - [Bitwarden clients](https://bitwarden.com/download/)
 

From 25f0fe968464fe52e406fc4b4c0ac592a7688bc1 Mon Sep 17 00:00:00 2001
From: April Petersen <me@azpsen.com>
Date: Mon, 6 Jan 2025 12:31:32 -0600
Subject: [PATCH 7/7] fix some ambiguous wording

---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 6480c38..44bc082 100644
--- a/readme.md
+++ b/readme.md
@@ -55,9 +55,9 @@ These are all the services hosted, what they are for, and any clients I use with
 
 - [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) - DNS filtering - I use this with [tailscale](https://tailscale.com/) to block ads on my phone
 - [cloudflared](https://github.com/cloudflare/cloudflared) - CloudFlare tunnel client for easy and secure external service access
-- [gluetun](https://github.com/qdm12/gluetun) - Docker VPN client and kill-switch. Very useful, allows for per-container VPN connectivity.
+- [gluetun](https://github.com/qdm12/gluetun) - Docker VPN client and kill-switch. Very useful, allows for per-container VPN routing.
 
-Note that I run tailscale on bare metal so it is not listed here, but it is very useful for remote access to services I don't want visible on the open internet as well as SSH access.
+Note that I run tailscale as a system service, not in a container, so it is not listed here, but it is very useful for secure remote access - both for SSH and for services that don't need to be publicly visible.
 
 ### Downloading