86 lines
3 KiB
Markdown
86 lines
3 KiB
Markdown
# Homelab Current State
|
|
|
|
## Description
|
|
|
|
This repository documents the current known state of the homelab.
|
|
|
|
The documentation is based only on stated facts. Missing details are recorded as unknowns and need clarification.
|
|
|
|
## Shared context sync lock
|
|
|
|
`sync-context.sh` uses a git-tracked `.context.lock` file to serialize updates to `codex_context.yaml`.
|
|
|
|
If `codex_context.yaml` has changes, the script:
|
|
|
|
1. pulls with rebase
|
|
2. aborts if `.context.lock` already exists and prints its contents
|
|
3. creates `.context.lock` with `hostname`, `username`, and UTC `timestamp`
|
|
4. commits and pushes the lock with message `lock shared context`
|
|
5. validates `codex_context.yaml`, commits it, and pushes
|
|
6. removes `.context.lock`, commits `unlock shared context`, and pushes
|
|
|
|
If any step fails after lock creation, the script prints `Lock may need manual cleanup` and leaves the lock in place.
|
|
|
|
Manual cleanup:
|
|
|
|
1. inspect `.context.lock`
|
|
2. confirm the owning host/user is no longer updating context
|
|
3. remove the file
|
|
4. commit `unlock shared context`
|
|
5. push
|
|
|
|
## Current configuration
|
|
|
|
- Main server hardware: Raspberry Pi 5
|
|
- Core stack:
|
|
- Docker
|
|
- Portainer
|
|
- Nginx Proxy Manager
|
|
- Network position: behind NAT
|
|
- Public access path: Nginx Proxy Manager with HTTPS using Let's Encrypt
|
|
- Private access path: Tailscale
|
|
- Known port forwarding:
|
|
- External ports `80-81` forward to internal ports `4480-4481`
|
|
- External port `443` forwards to internal port `4443`
|
|
|
|
## Documentation index
|
|
|
|
- [Hardware](docs/hardware.md)
|
|
- [Core stack](docs/core-stack.md)
|
|
- [Networking](docs/networking.md)
|
|
- [Access](docs/access.md)
|
|
- [Services](docs/services.md)
|
|
- [Hetzner VPS](docs/hetzner-vps.md)
|
|
- [Joplin Server](docs/joplin-server.md)
|
|
- [Unknowns and clarification questions](docs/questions.md)
|
|
|
|
## Known facts
|
|
|
|
- The homelab has one known main server: Raspberry Pi 5.
|
|
- Docker is part of the current stack.
|
|
- Portainer is part of the current stack.
|
|
- Nginx Proxy Manager is part of the current stack.
|
|
- The homelab is behind NAT.
|
|
- Public services are exposed through Nginx Proxy Manager with HTTPS certificates from Let's Encrypt.
|
|
- Private access is provided through Tailscale.
|
|
- A Hetzner VPS handoff has been received from another Codex session.
|
|
- The Hetzner VPS hostname is `ubuntu-4gb-hel1-1`.
|
|
- The Hetzner VPS Tailscale IP is `100.95.58.48`.
|
|
- `100.108.208.3` is explicitly not the Hetzner VPS Tailscale IP.
|
|
- Nginx Proxy Manager is running on the Hetzner VPS as container `npm`.
|
|
- Joplin Server files exist on the Hetzner VPS, but Joplin is not running yet.
|
|
|
|
## Unknown / needs clarification
|
|
|
|
- Operating system and version on the Raspberry Pi 5.
|
|
- Storage layout and attached disks.
|
|
- Network interface configuration.
|
|
- LAN IP addresses.
|
|
- Public domain names for the Raspberry Pi 5 services.
|
|
- List of all running containers.
|
|
- Exact Nginx Proxy Manager proxy host configuration.
|
|
- Tailscale tailnet, device name, and subnet/exit-node configuration if any.
|
|
- Backup configuration.
|
|
- Monitoring and alerting configuration.
|
|
- Whether the Hetzner VPS is part of the homelab, a separate public edge, or both.
|