Vadym/obsidian
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

vault backup: 2026-05-03 19:16:06

Browse source
This commit is contained in:
Vadym Samoilenko 2026-05-03 19:16:06 +01:00
parent e9f70d04ae
commit b52fe4f2f8
3 changed files with 42 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
02 Areas/Pending Commands.md
View file

@ -15,20 +15,24 @@ Commands that need to be run on servers. Move to **Done** after confirmation.
```
_Why: CrowdSec running but no bouncer — IPS observing but not blocking_
### P2 — Phase 3 (REMAINING): Finish config review
- **Karakeep**: disable dead OIDC (AUTH_OIDC_ENABLED=false) — dead Authentik reference
- **Paperless**: clear oidc.env pointing to deleted Authentik
- **Authentik**: containers still in compose but stopped — decide: remove or restore?
- **qBit WebUI**: change listening port to 50000 (Settings → Connection → Listening Port)
- **Router**: add Virtual Server 50000 TCP+UDP → 192.168.1.230:50000
- ✅ Already done: log rotation added to all services, Jellyseerr TZ fixed, Jellyfin webhooks confirmed
### P1 — This week
### P3 — Phase 4: *arr stack + Russian content
- Add Bazarr (CT111), Recyclarr (CT111), Readarr (CT111)
- Configure Sonarr/Radarr custom formats for Russian audio (score +200)
- Configure Prowlarr: add rutracker, kinozal, rutor, NNM-Club
- qBit compose port already updated to 50000 — need: WebUI + router Virtual Server
- Jellyfin: set default audio/subtitle language to Russian
#### CT102: Add CrowdSec bouncer for NPM
```bash
# Install nginx-proxy-manager bouncer for crowdsec
# See: https://docs.crowdsec.net/docs/bouncers/nginx-proxy-manager
```
_Why: CrowdSec running but no bouncer — IPS observing but not blocking_
### P2 — Phase 3 (REMAINING)
- **Router**: add Virtual Server 50000 TCP+UDP → 192.168.1.230:50000 (qBit port forwarding)
- **qBit WebUI**: verify listening port is 50000 (Settings → Connection — may need manual confirm after restart)
- **Bazarr**: set OpenSubtitles.com credentials, create Russian language profile, assign to Sonarr/Radarr
### P3 — Phase 5: Dashboards A/B/C
- Deploy Dashy on port 8086 at dashy.ai-impress.com
- Deploy Dashbrr on port 8087 at dashbrr.ai-impress.com
- After comparison: keep 1-2, destroy others
### P4 — Phase 5: Dashboards A/B/C
- Rebuild Glance (4 pages: Home/Infrastructure/Media/Monitoring), add power widget (RAPL/Prometheus)
@ -60,6 +64,15 @@ _Why: CrowdSec running but no bouncer — IPS observing but not blocking_
| 2026-05-03 | Jellyseerr TZ fix | Europe/Kiev → Europe/London + log rotation added |
| 2026-05-03 | Log rotation all CT102 services | json-file max-size:10m added to 22 services + nextcloud + karakeep + CT111 media |
| 2026-05-03 | Jellyfin webhooks Sonarr/Radarr | API key 121facab.. created; Sonarr/Radarr connections updated; onDownload+onRename=true |
| 2026-05-03 | Karakeep OIDC disabled | AUTH_OIDC_ENABLED=false, 4 Authentik lines removed, container recreated |
| 2026-05-03 | Paperless OIDC cleared | oidc.env emptied (Authentik provider removed), paperless restarted |
| 2026-05-03 | Authentik stopped | docker compose down in /opt/services/authentik/ (was already stopped) |
| 2026-05-03 | qBit port 50000 applied | qBittorrent.conf Session.Port=50000, compose 50000:50000, container recreated |
| 2026-05-03 | Bazarr added CT111 | lscr.io/linuxserver/bazarr:latest, port 6767, Sonarr+Radarr connected, NPM proxy added |
| 2026-05-03 | Recyclarr added CT111 | ghcr.io/recyclarr/recyclarr:latest, config at /opt/media/recyclarr/recyclarr.yml |
| 2026-05-03 | Russian 1080p minFormatScore | Sonarr+Radarr profile 7 updated: minFormatScore=100 (requires Russian audio) |
| 2026-05-03 | Jellyfin metadata language | PreferredMetadataLanguage=ru, MetadataCountryCode=RU via API |
| 2026-05-03 | qBit categories | tv-sonarr/movies-radarr/manual with correct save paths in categories.json |
---

3
99 Daily/2026-05-03.md
View file

@ -47,3 +47,6 @@ tags: [daily]
- 19:03 (12min) | `aimpress`
- **Asked:** Audited PVE homelab containers, documented configs, and created improvement plan | Completed Phase 3 config review: fixed qBittorrent port (6881→50000), corrected Jellyseerr timezone, added log rotation to 22 services, organized Glance app categories | qbittorrent-compose.yml, jellyseerr-compose.yml, logrotate configs, Obsidian audit notes
- **Done:**
- 19:15 | `aimpress`
- **Asked:** Audit PVE homelab server, document all containers/services, identify issues and create improvement plan.
- **Done:** Completed comprehensive server audit, documented all containers and configurations, identified duplicates and issues, created remediation plan with focus on *arr stack, qBittorrent, and Glance dashboard setup.

44
wiki/homelab/homelab-services-map.md
View file

@ -13,9 +13,9 @@ status: live
| CT/VM | Name | IP | RAM | Cores | Status | Role |
|-------|------|----|-----|-------|--------|------|
| host | pve | 192.168.1.48 | 24 GB | 4 | running | Proxmox VE 9.1.9 (`ssh pve`) |
| CT101 | adguard | 192.168.1.62 | 512 MB | 1 | running | **Legacy** AdGuard Home (native :53+:80) — pending destroy |
| ~~CT101~~ | ~~adguard~~ | ~~192.168.1.62~~ | — | — | **destroyed** | Legacy AdGuard — destroyed 2026-05-03 |
| CT102 | docker | 192.168.1.225 | 9 GB | 4 | running | All Docker services (root 20GB + data-hdd 300GB) |
| CT105 | immich | 192.168.1.71 | 8 GB | 4 | **stopped** | Immich photos (GPU bug — needs dev1+dev2 removed from conf) |
| CT105 | immich | 192.168.1.71 | 8 GB | 4 | running | Immich photos (native install, GPU bug fixed 2026-05-03) |
| CT111 | media | 192.168.1.230 | 4 GB | 4 | running | Jellyfin + *arr stack + GPU passthrough |
| CT112 | n8n | 192.168.1.232 | 2 GB | 2 | running | n8n workflow automation |
| VM200 | kali-linux | DHCP | 8 GB | — | stopped | Pentest (start manually: `qm start 200`) |
@ -24,18 +24,6 @@ status: live
---
## CT101 — AdGuard Home Legacy (192.168.1.62) — PENDING DESTROY
| Service | Port | Notes |
|---------|------|-------|
| AdGuard Home UI | :80 | native install `/opt/AdGuardHome/` |
| DNS | :53 | **LAN DNS server** — router DHCP still points here |
| Beszel agent | :45876 | |
> ⚠️ DNS migration: CT102 Docker AdGuard (:53 on 192.168.1.225) is the new DNS server.
> **Pending**: update router DHCP primary DNS from 192.168.1.62 → 192.168.1.225.
> After router update: stop CT101 → destroy.
---
## CT102 — Docker Services (192.168.1.225)
@ -98,7 +86,8 @@ status: live
|---------|-----|---------------|--------|--------|
| Prometheus | http://192.168.1.225:9090 | :9090 | /opt/monitoring/ | ✅ running |
| Alertmanager | http://192.168.1.225:9093 | :9093 | /opt/monitoring/ | ✅ running |
| Loki | — | :3100 | /opt/monitoring/ | ✅ running (⚠️ no Promtail — logs not flowing) |
| Loki | — | :3100 | /opt/monitoring/ | ✅ running |
| Promtail | — | :9080 | /opt/monitoring/ | ✅ running (Docker + syslog targets) |
| Node Exporter | — | :9100 | — | ✅ running |
| Beszel Agent | — | (internal) | — | ✅ running |
| Ntfy | https://ntfy.ai-impress.com 🌐 | :2586 | /opt/services/ntfy/ | ✅ running |
@ -111,21 +100,7 @@ status: live
| Backrest (restic) | https://backup.ai-impress.com 🏠 | :9898 | /opt/services/backrest/ | ✅ running |
| Watchtower | — | — | /opt/services/watchtower/ | ✅ running |
| Diun | — | — | /opt/services/diun/ | ✅ running |
| Docker Socket Proxy | — | **0.0.0.0:2376** | — | ✅ running ⚠️ |
> ⚠️ **docker-socket-proxy** exposed on `0.0.0.0:2376` — Docker TCP API accessible on LAN. Should be restricted to `127.0.0.1` or internal Docker network only. Fix in docker-compose.
### Stirling PDF — Known Issue
Crashes on startup: `Unable to resolve Configuration with Issuer https://auth.ai-impress.com/...`
**Root cause:** OIDC config references Authentik which was deleted.
**Fix:**
```bash
ssh pve "pct exec 102 -- bash -lc 'cd /opt/services/stirling-pdf && \
sed -i s/SECURITY_OAUTH2_ENABLED=true/SECURITY_OAUTH2_ENABLED=false/ .env; \
docker compose up -d --force-recreate'"
# Or edit docker-compose.yml: set SECURITY_OAUTH2_ENABLED=false, SECURITY_ENABLELOGIN=false
```
| Docker Socket Proxy | — | **127.0.0.1:2376** | — | ✅ running ✅ fixed |
---
@ -137,11 +112,18 @@ ssh pve "pct exec 102 -- bash -lc 'cd /opt/services/stirling-pdf && \
| Sonarr | https://sonarr.ai-impress.com 🏠 | :8989 | /opt/media/sonarr/ | ✅ running |
| Radarr | https://radarr.ai-impress.com 🏠 | :7878 | /opt/media/radarr/ | ✅ running |
| Prowlarr | https://prowlarr.ai-impress.com 🏠 | :9696 | /opt/media/prowlarr/ | ✅ running |
| qBittorrent | https://qbit.ai-impress.com 🏠 | :8080 | /opt/media/qbittorrent/ | ✅ running |
| qBittorrent | https://qbit.ai-impress.com 🏠 | :8080 (WebUI) / :50000 (P2P) | /opt/media/qbittorrent/ | ✅ running |
| Bazarr | https://bazarr.ai-impress.com 🏠 | :6767 | /opt/media/bazarr/ | ✅ running (added 2026-05-03) |
| Recyclarr | — (cron only) | — | /opt/media/recyclarr/ | ✅ running (added 2026-05-03) |
| FlareSolverr | — | :8191 | — | ✅ running |
- GPU: Intel HD Graphics 630 → `/dev/dri/card1` + `/dev/dri/renderD128` (NOT renderD129 — that doesn't exist)
- Media mount: `data-hdd:vm-111-media` (500 GB LV) → `/mnt/media`
- qBit port: changed 6881 → 50000 (compose + config). **Pending**: router Virtual Server 50000 TCP+UDP → 192.168.1.230:50000
- Russian 1080p quality profile: minFormatScore=100 (requires Russian audio). Custom formats: Russian Audio +500, English Audio +50
- Prowlarr indexers: RuTracker, RuTor, NNM-Club, 1337x, Nyaa, Anidub, LimeTorrents
- Bazarr: connected to Sonarr+Radarr, OpenSubtitles.com provider enabled
- Recyclarr: config at /opt/media/recyclarr/recyclarr.yml (Sonarr+Radarr API keys set)
---