Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
753 Commits 9 Branches 1 Tag
2acbc1adde7ec7c5f78e6f228ddc77c4fc4be114
Commit Graph

34 Commits

Author SHA1 Message Date
Micha 2acbc1adde docs: record home assistant foundation status 2026-06-13 08:30:53 +02:00
Micha 4ab6dcefd2 fix: protect ha onboarding with authelia 2026-06-12 21:52:45 +02:00
Micha 25a4ada891 fix: guard home assistant onboarding 2026-06-12 21:50:15 +02:00
Micha 290cb8949e ops: glance dashboard v2 - split config, stack widgets, releases page 
- Config per $include aufgeteilt (glance.yml -> pages/home/infrastructure/ops, containers-map zentral)
- Neue Widgets: Komodo Stacks, Gitea GitOps, Paperless, Mealie, Scrutiny Disk Health, Wetter, To-do
- Neue Seite Ops und Releases (releases-Widget fuer gepinnte Images, RSS, Commit-Log)
- Homelab-Status in Tab-Gruppen Core/Apps/Ops, Speedtest-Widget mit ehrlichem Leerzustand
- Theme-Presets (Catppuccin, Gruvbox, Light) + custom.css via Assets-Mount
- Compose: 5 neue read-only Token-ENVs, Doku in SECRETS_MAP/MASTER_TODO nachgezogen

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-12 16:06:42 +02:00
Micha baedf9f932 docs: record komodo-stack-hygiene-weekly activation 
Cron registered in /boot/config/plugins/user.scripts and live in
/etc/cron.d/root after update_cron. First scheduled run: Sun 05:00.
End-to-end smoke test on host: 6 warnings, 0 critical.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-12 12:57:06 +02:00
Micha b387757e87 ops: add komodo stack hygiene posture-check 
Catches the failure class that let immich_new slip through: stacks
without a configured repo, project_missing, hash drift, and repo
compose files without a matching Komodo stack. Dry-run on host found
6 honest warnings, 0 critical. Wrapper as Unraid User Script for
weekly cadence is tracked in MASTER_TODO.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-12 12:51:07 +02:00
Micha 3eedbcbe16 docs: record immich stack cleanup 2026-06-12 08:24:27 +02:00
Micha 9033724b15 docs: record host DNS fallback as active 
eth0 DNS server 2 = 192.168.178.1 (FRITZ!Box) is set as failover behind
AdGuard. Mark the komodo-bulk-deploy-dns runbook immediate measure as
implemented. Closes the AdGuard SPOF for Docker image pulls.
Ref: docs/homelab-optimierung.md recommendation 3a.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 20:26:22 +02:00
Micha aae176f1b7 docs: record Hetzner Storage Box automatic snapshots as active 
Daily snapshots at 05:30 UTC (after the 04:30 local Borg run), 7 days
retention, snapshot directory visible for single-file restore via
.zfs/snapshot/. Closes the ransomware/misuse gap left open by the
explicit decision against Borg append-only (2026-06-01).
Ref: docs/homelab-optimierung.md recommendation 2.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 20:25:01 +02:00
Micha 3e486b95f6 docs: add pdf cleanup and quarterly doc gardening to MASTER_TODO 
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 19:55:15 +02:00
Micha 489a429316 docs: single status list - dissolve audit restliste, slim AI context 
- MASTER_TODO.md is now the only status list: parked decisions point to
  DECISIONS.md, done log capped at 5 condensed entries
- delete AUDIT_2026-05-25_TODO.md (open items and parked decisions fully
  covered by MASTER_TODO/DECISIONS)
- AI_CONTEXT.md: drop duplicated status block, keep rules and pointers
- EXTERNAL_DEPENDENCIES.md: condense review log to recent entries
- fix references in DR_WORKSTATION_SETUP, EXTERNAL_OPERATOR_RUNBOOK,
  STORAGE_LAYOUT, REPO_MAP, docs/README

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 07:08:43 +02:00
Micha 8045e22873 authelia-oidc: Immich+Nextcloud bis Onboarding geparkt; aktive Phase abgeschlossen 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 19:18:54 +02:00
Micha e7370e4820 authelia-oidc: Mealie erledigt + extra_hosts-Gotcha dokumentieren 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 13:37:34 +02:00
Micha cf9ca59eb1 docs: close baerchen veeam recovery test 2026-06-06 13:27:31 +02:00
Micha d2a9c3b8cb docs: record baerchen veeam recovery usb boot 2026-06-06 13:25:53 +02:00
Micha 0177350e64 docs: close guest iot network setup 2026-06-06 13:23:35 +02:00
Micha 2f3a029098 authelia-oidc: Grafana-Proof als erledigt dokumentieren + Secret eintragen 
- SECRETS_MAP: grafana_oidc_client_secret (Datei + __FILE, Hash in Authelia-Host-Config)
- AUTHELIA_OIDC_PLAN: Stufe 1 (Grafana) als erledigt markiert
- MASTER_TODO: OIDC-Proof verifiziert, naechster Schritt Familien-Apps

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 13:17:29 +02:00
Micha a4c79d9d81 docs: record guest iot preflight 2026-06-06 13:14:07 +02:00
Micha 18a90fbb4b ops: add guest iot network preflight 2026-06-06 13:13:01 +02:00
Micha 6e65f81503 docs: record restore freshness negative alert test 2026-06-06 13:04:42 +02:00
Micha c33e29016b ops: add restore freshness negative alert test 2026-06-06 13:02:14 +02:00
Micha 2628a0c795 authelia-oidc: Plan + Runbook fuer app-uebergreifendes SSO 
- docs/AUTHELIA_OIDC_PLAN.md: v4.39-Client-Schema, Endpoints, Secret-Erzeugung, Rollout-Reihenfolge (Grafana-Proof zuerst, dann Familien-Apps), Grafana-Schritt-fuer-Schritt
- MASTER_TODO: OIDC-Punkt auf Plan verweisen, naechster Schritt Grafana-Proof
- README: Doku-Index ergaenzt

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 12:58:38 +02:00
Micha c7eed6bdad todo: Authelia Rest-2FA als komplett erledigt markieren (Host-Merge + 2FA-Login verifiziert) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 12:55:23 +02:00
Micha 2d1b541847 todo: offene Operator-Entscheidungen abschliessen; Authelia alle UIs auf 2FA 
- BitLocker baerchen: bewusst deaktiviert
- Veeam Storage Encryption: bewusst unverschluesselt
- Stromverbrauch: bewusst ohne Messung (geschlossen)
- Nextcloud 2FA: geparkt bis OIDC die App-Login-Ebene erreicht
- Authelia: Catch-all *.kaleschke.info one_factor -> two_factor (Repo-Baseline; Host-Merge + restart + authelia-diff.sh als aktiver Schritt offen)
- Authelia OIDC und Gast-/IoT-Netz als aktive Bloecke aufgenommen
- MASTER_TODO: Operator-Entscheidung-Sektion ohne offene Punkte

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 12:32:52 +02:00
Micha c3491eb382 tailscale: auf natives Plugin konsolidieren, redundanten Docker-Stack entfernen, ACL-Haertung dokumentieren 
- host-services/tailscale/ (userspace-only Docker-Stack) entfernt; Komodo stop/destroy durch Operator, danach git rm
- Glance-Widget Tailscale-Docker entfernt
- HOMELAB_ARCHITECTURE/SERVICE_CATALOG/DISASTER_RECOVERY/CLAUDE/RESTORE_MATRIX: tailscale als natives Unraid-Plugin dokumentiert; Restore-State-Pfad korrigiert auf /boot/config/plugins/tailscale/state (Flash-Backup)
- NETWORK_INVENTORY: restriktive tag-basierte grants-ACL (2026-06-06; tag:server/tag:operator, tag:family vorbereitet) und Subnet-Router-Befund dokumentiert

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 10:58:59 +02:00
Micha 023ee63687 docs: close dr workstation kit 2026-06-06 10:11:17 +02:00
Micha 0ef98a23e1 docs: close baerchen app license checks 2026-06-06 08:31:17 +02:00
Micha 6353da47c5 ops: add baerchen app license readiness check 2026-06-06 08:27:10 +02:00
Micha 207f49f001 docs: retire home assistant influx todo 2026-06-06 08:22:27 +02:00
Micha a687d9b73e docs: record redis restore test 2026-06-06 08:11:03 +02:00
Micha 9a6d7123ce docs: record adguard restore test 2026-06-06 08:03:53 +02:00
Micha dda6021116 docs: record tailscale acl plan and watcher activation 2026-06-05 23:27:40 +02:00
Micha 2f3d184a3b ops: prepare docker critical events watcher 2026-06-05 22:25:23 +02:00
Micha bc3ecad45a backup: windows image baseline for baerchen 2026-06-05 22:19:27 +02:00