homelab/readme.md

# Homelab

## Services

These are all the services hosted here, what they are for, and any clients I use with them.

### User-Facing

- [Jellyfin](https://jellyfin.org) - Media server for movies, TV shows, and music
  - [Feishin](https://github.com/jeffvli/feishin) - Desktop music client (soon to be replaced by [audioling](https://github.com/audioling/audioling))
  - [Finamp](https://github.com/jmshrv/finamp) - Mobile music client
  - For other devices (desktop, mobile, Roku/Android TV) I use either the web app or the official Jellyfin client
- [Miniflux](https://miniflux.app/) - Minimalist RSS feed reader
  - [NetNewsWire](https://netnewswire.com/) - Wonderful all-purpose iOS RSS client
- [vaultwarden](https://github.com/dani-garcia/vaultwarden) - Password manager
  - [Bitwarden clients](https://bitwarden.com/download/)
- [Gitea](https://about.gitea.com/) - Git server - in the process of replacing my GitHub account
- [LinkStack](https://linkstack.org/) - Self-hosted LinkTree alternative
- [Homepage](https://gethomepage.dev/) - My default new tab page; has info about all my services plus links
- [Kiwix](https://kiwix.org/en/) - Offline wiki hosting - I have Wikipedia, the Arch Linux wiki, and several others downloaded
- [Actual Budget](https://actualbudget.org/) - Excellent budgeting app - it can be automatically synced with your bank, but I have found it to be unstable
  - There used to be an official app but it has been discontinued - I added the website to my phone's home screen and it works quite well
- [Paperless-ngx](https://docs.paperless-ngx.com/) - Document management system for legal documents, IDs, bank statements, etc.
  - [Swift Paperless](https://github.com/paulgessinger/swift-paperless) - iOS client
- [Immich](https://immich.app/) - Photo and video management
  - Their official mobile apps are quite good
- [Grocy](https://github.com/grocy/grocy) - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?)
  - [iOS Client](https://apps.apple.com/us/app/grocy-mobile/id1567803209)
- [Tandoor](https://tandoor.dev/) - Recipe management, so I always know which zucchine muffin recipe is the good one
  - [Untare](https://github.com/phantomate/Untare) - Mobile client (discontinued but it still works for now)
- [AudioBookShelf](https://www.audiobookshelf.org/) - Audiobook server
  - The official mobile client works great
- [Calibre Web](https://github.com/janeczku/calibre-web) - Ebook management
  - [Yomu](https://www.yomu-reader.com/) for iOS is nice and minimal and supports OPDS for use with Calibre Web
- [Joplin](https://joplinapp.org/) - Notes (Obsidian alternative)

### Monitoring

- [Dozzle](https://dozzle.dev/) - Docker logs all in one place
- [Scrutiny](https://github.com/AnalogJ/scrutiny) - HDD SMART monitoring, so I know when to prepare for a drive failure
- [Speedtest Tracker](https://speedtest-tracker.dev/) - Runs scheduled internet speedtests and creates pretty graphs to keep my ISP honest
- [Glances](https://github.com/nicolargo/glances) - System monitor - I mostly have this for dashboard widgets but it can be useful by itself

### Networking

- [cloudflared](https://github.com/cloudflare/cloudflared) - CloudFlare tunnel client for easy and secure external service access
- [gluetun](https://github.com/qdm12/gluetun) - Docker VPN client
- [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) - DNS filtering - I use this with [tailscale](https://tailscale.com/) to block ads on my phone

Note that I run tailscale on bare metal so it is not listed here, but it is very useful for remote access to services I don't want visible on the open internet as well as SSH access.

### Downloading

- [qBittorrent](https://www.qbittorrent.org/) - The only torrent client I'll ever use
- [Radarr](https://radarr.video/) - Automated movie fetching
- [Sonarr](https://sonarr.tv/) - Automated TV show fetching
- [Prowlarr](https://prowlarr.com/) - Torrent indexer that interfaces with the other *arrs
- [Bazarr](https://www.bazarr.media/) - Automated subtitle fetching (I also use the OpenSubtitles plugin within Jellyfin when needed, but this works hands-off most of the time)

I use [LunaSea](https://www.lunasea.app/) as a mobile client for Radarr and Sonarr.

## Environment

This configuration uses `.env` files to separate secrets from public information and maintain brevity in the main `docker-compose.yml`

Here are the variables that need to be set in the `.env` file for each service. Empty variables should be replaced with your values.

### cloudflared

`TUNNEL_TOKEN`: available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector`

### gluetun

The values below are specific to Mullvad VPN. Other providers need different values, refer to gluetun documentation.

```
VPN_SERVICE_PROVIDER=mullvad
VPN_TYPE=wireguard
WIREGUARD_PRIVATE_KEY=
WIREGUARD_ADDRESSESS=
SERVER_CITIES=
```

The actual values should be available in the WireGuard configuration from Mullvad.

### Immich

My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places.

I have plans to improve this, but for now this is what works.

```
UPLOAD_LOCATION=/media/immich
IMMICH_VERSION="v1.123.0"

TYPESENSE_API_KEY=
DB_PASSWORD=

DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
DB_DATA_LOCATION=/docker/immich

REDIS_HOSTNAME=immich_redis

POSTGRES_PASSWORD= # this should be the same as DB_PASSWORD above
POSTGRES_USER=postgres
POSTGRES_DB=immich
```

### Joplin

```
APP_PORT=22300
APP_BASE_URL=
DB_CLIENT=pg
POSTGRES_PASSWORD=
POSTGRES_DATABASE=joplin
POSTGRES_USER=
POSTGRES_PORT=5432
POSTGRES_HOST=joplin-db

# Optional SMTP email options
MAILER_ENABLED=1
MAILER_HOST=
MAILER_PORT=465
MAILER_SECURE=1
MAILER_AUTH_USER=
MAILER_AUTH_PASSWORD=
MAILER_NOREPLY_NAME=
MAILER_NOREPLY_EMAIL=
```

### LinkStack

```
HTTPS_SERVER_NAME=
SERVER_ADMIN=
```

### Miniflux

```
DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password
RUN_MIGRATIONS=1

POSTGRES_USER=miniflux
POSTGRES_PASSWORD= # this is the password used above
POSTGRES_DB=miniflux
```

### Paperless-ngx

```
USERMAP_UID=1000
USERMAP_GID=1000
PUID=1000
PGID=1000

PAPERLESS_URL=

# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
PAPERLESS_SECRET_KEY=

PAPERLESS_TIME_ZONE=

PAPERLESS_OCR_LANGUAGE=eng

PAPERLESS_REDIS: redis://paperless_broker:6379
PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}'

# Optional SMTP email settings
PAPERLESS_EMAIL_HOST=
PAPERLESS_EMAIL_PORT=587
PAPERLESS_EMAIL_USE_TLS=true
PAPERLESS_EMAIL_HOST_USER=
PAPERLESS_EMAIL_HOST_PASSWORD=
PAPERLESS_EMAIL_FROM=
```

### Speedtest Tracker

```
PUID=1000
PGID=1000
APP_KEY=
APP_URL=
DB_CONNECTION=sqlite
APP_TIMEZONE=
DISPLAY_TIMEZONE=
SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes
```

### Tandoor

```
# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
SECRET_KEY=

# allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers
ALLOWED_HOSTS=

# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
DB_ENGINE=django.db.backends.postgresql
POSTGRES_HOST=tandoor-db
POSTGRES_DB=tandoor
POSTGRES_PORT=5432
POSTGRES_USER=tandoor
POSTGRES_PASSWORD=
```

### vaultwarden

```
DOMAIN=

# dollar signs must be replaced with two dollar signs to properly escape variables in this token
ADMIN_TOKEN=

# optional SMTP email settings
SMTP_HOST=
SMTP_FROM=
SMTP_PORT=587
SMTP_SECURITY=starttls
SMTP_USERNAME=
SMTP_PASSWORD=
```