fix(hedgedoc): add NODE_ENV and DEBUG flags

Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
feat(prometheus): enable metrics on endlessg and opengist
2026-06-23 04:10:19 +00:00 · 2026-06-02 17:58:29 +00:00 · 2026-06-02 17:57:52 +00:00 · 2026-06-02 17:57:18 +00:00 · 2026-06-02 13:47:35 +00:00 · 2026-06-02 16:00:10 +03:00
111 changed files with 4385 additions and 1187 deletions
@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      gh-dependency:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "docker-compose"
+    directories: ["docker-compose", "docker-compose/*/"]
+    schedule:
+      interval: "monthly"
+    groups:
+      docker-dependency:
+        patterns:
+          - "*"
@@ -0,0 +1,96 @@
+name: Continuous Integration
+
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    branches:
+      - main
+
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.14"
+
+      - uses: pre-commit/action@v3.0.1
+
+  docker-compose:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Pull docker images
+        run: |
+          cd docker-compose
+          cp default.env .env
+          make validate
+
+  terraform:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        machines: [bohr, galana, tana, turkwel, yala]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v4
+
+      - name: Terraform fmt check
+        run: terraform fmt -check
+        working-directory: terraform/${{ matrix.machines }}
+
+      - name: Terraform init
+        run: terraform init -backend=false
+        working-directory: terraform/${{ matrix.machines }}
+
+      - name: Terraform validate
+        run: terraform validate
+        working-directory: terraform/${{ matrix.machines }}
+
+  ansible:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.14"
+
+      - name: Install ansible
+        run: pip install ansible-core
+
+      - name: Run ansible syntax check
+        working-directory: ansible
+        run: |
+          for playbook in playbooks/*.yaml; do
+            echo "Checking $playbook"
+            ansible-playbook --syntax-check "$playbook"
+          done
@@ -1,2 +1,43 @@
 # Environment Variables
 .env
+
+# Kener configuration
+/docker-compose/kener/config/static
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
@@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
    hooks:
      - id: check-yaml
      - id: end-of-file-fixer
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2024 b1ackd0t
+Copyright (c) 2024 rodneyosodo

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -1,211 +1,69 @@
 # Rodney Osodo's Homelab

-Hello, I'm [Rodney Osodo][website] [@blackd0t][twitter] on Twitter. I'm a software engineer and homelab. I use it to learn new technologies and to host myprojects and other services. This repository contains the configuration files for my homelab.
+Hello, I'm [Rodney Osodo](https://rodneyosodo.com) [@blackd0t](https://twitter.com/b1ackd0t) on Twitter. I'm a software engineer and homelab enthusiast. I use it to learn new technologies and to host my projects and other services I use. This repository contains the configuration files for my homelab.

 ## Goals

+- [x] Have fun.
+- [x] Learn new technologies.
 - [ ] De-google my life.
 - [ ] To eventually provide a highly available and scalable infrastructure for my projects and services with no single point of failure.
- [x] Learn new technologies.
- [x] Have fun.

 ## Hardware

-I have a single server running Proxmox VE 6.5.11-7-pve with the following specs:
+I have a single server running Proxmox VE 8.3.5 with the following specs:

 - CPU: AMD Ryzen 7 4800H with Radeon Graphics (16) @ 1.4GHz - 2.9GHz
- RAM: 32 GB DDR4-3200 Memory
+- RAM: 64 GB DDR4-3200 Memory
 - SSD: 1x 1 TB NVMe SSD
- Disk: 1x 2 TB SATA SSD
+- Disk: 1x 2 TB HDD

-I have a 10 Mbps uplink and a 10 Mbps downlink internet connection from Safaricom (planning to upgrade depending on upload usage). I don't have a static IP address so I use [cloudflare-tunnel][cft] to expose my services to the internet.
+I also have a backup server running Proxmox Backup Server 3.3.0 with the following specs:

-I also have a Raspberry Pi 4 Model B with 4 GB RAM which is not running since I have a few issues with running proxmox backup server on it. I had a backup 4TB HDD connected to it but it had 4096 bytes per sector and proxmox backup server only supports 512 bytes per sector. I'm planning to get a new HDD and try again with a mini PC instead of the Raspberry Pi. Another issue is that the proxmox backup server doesn't support ARM64 architecture.
+- CPU: Intel N100 (4) @ 2.9GHz
+- RAM: 16 GB DDR4-3200 Memory
+- SSD: 500GB NVMe SSD
+- Disk: 1x 4 TB HDD
+
+I have a 30 Mbps uplink and a 30 Mbps downlink internet connection from Safaricom (planning to upgrade depending on usage). I don't have a static IP address so I use [cloudflare-tunnel](https://www.cloudflare.com/products/tunnel/) and [tailscale](https://tailscale.com/) to expose my services to the internet.

 Some photos of my homelab:

-![computers][computers]
+![computers](./assets/computers.jpg)

-![odin-server][odin-image]
+![odin-server](./assets/odin.jpg)

-More photos can be found in this [Immich-photo-album][Immich-photo-album].
+More photos can be found in this [Immich-photo-album](https://immich.rodneyosodo.com/share/iOpV-9a7QcQyQWLxO79D8lBEl88jXS5Hq3xl_j_ADaAgCbqW95Q2AoYBXPcXKJgA0GA).

 ## Software

-I use Proxmox VE as my hypervisor. I currently have 1 VM running Debian 12 (Bookworm) which is my main server. Based on some viewpoints from the [Linux Unplugged][linux-unplugged] podcast, I'm planning to move to Debian as my main OS because proxmos is based on Debian and I can use the same tools on both the host and the VMs or use Arch Linux as my main OS because of the rolling release model because I use it on my workstation. I'm still undecided on which one to use.
+I use Proxmox VE as my hypervisor and run Debian 12 (Bookworm) on the VMs.

-I use ZFS for my storage. I have a single pool made up of 1x 2 TB SSD. I'm planning to add another pool for my backups. Currently, backups are stored on the SSD which hosts the OS.
+For VM provisioning, I use [Terraform](https://www.terraform.io/) and my scripts can be found [here](./terraform). I use [ansible](https://docs.ansible.com/) to bootstrap the VMs and the scripts can be found [here](./ansible).

-![proxmox-dashboard][proxmox-dashboard]
+![proxmox-dashboard](./assets/proxmox.png)

 ## Services

-I use the following services:
-
-![services][services]
-
-### portainer
-
-Portainer is a lightweight management UI that allows me to easily manage my different Docker environments (Docker hosts or containers). It is meant to be as simple to deploy as it is to use.
-
-My portainer configuration files can be found in the [portainer-compose][portainer-compose] directory.
-
-![portainer dashboard][portainer-dashboard]
-
-### uptime-kuma
-
-uptime-kuma is a fancy self-hosted monitoring tool. It monitors the uptime of my websites and the status of my services. It uses a beautiful dashboard to display the status of your monitored sites.
-
-My uptime-kuma configuration files can be found in the [uptime-kuma-compose][uptime-kuma-compose] directory.
-
-![uptime-kuma dashboard][uptime-kuma-dashboard]
+Here are some of the notable services that I use:

 ### heimdall

 Heimdall is a dashboard for all my web applications. It is a way to organize all the applications that I use daily.

-My heimdall configuration files can be found in the [heimdall-compose][heimdall-compose] directory.
-
-![heimdall dashboard][heimdall-dashboard]
-
-### postgres
-
-Postgres is a relational database management system. I use it to store data for my applications. I use it for my [nextcloud][nextcloud-compose].
-
-My postgres configuration files can be found in the [postgres-compose][postgres-compose] directory.
-
-### nextcloud
-
-Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server.
-
-My nextcloud configuration files can be found in the [nextcloud-compose][nextcloud-compose] directory.
-
-![nextcloud dashboard][nextcloud-dashboard]
-
-### littlelink
-
-Littlelink is a lightweight DIY alternative to services like Linktree, Retriever, and Linkin.bio. It is a single page that you can host on your server listing all your important links.
-
-My littlelink configuration files can be found in the [littlelink-compose][littlelink-compose] directory.
-
-### ntp
-
-NTP is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. I use it to synchronize the time on my local network.
-
-My ntp configuration files can be found in the [ntp-compose][ntp-compose] directory.
+![heimdall dashboard](./assets/heimdall.png)

 ### cloudflared

 Cloudflared is a lightweight tunnel daemon that proxies any localhost HTTP traffic through the Cloudflare network. I use it to expose my services to the internet.

-My cloudflared configuration files can be found in the [cloudflared-compose][cloudflared-compose] directory.
-
-### pihole
-
-Pi-hole is a Linux network-level advertisement and Internet tracker blocking application that acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. I use it to block ads on my local network. I have running alongside unbound to provide DNS. Unbound is a validating, recursive, and caching DNS resolver. I use it to provide DNS resolution for my services.
-
-My pihole configuration files can be found in the [pihole-compose][pihole-compose] directory.
-
-![pihole dashboard][pihole-dashboard]
-
-### swagger-editor
-
-Swagger Editor lets you edit OpenAPI specifications in YAML inside your browser and preview documentation in real-time. I use it to edit my OpenAPI specifications. Since I am a backend developer, I use it to document my APIs.
-
-My swagger-editor configuration files can be found in the [swagger-editor][swagger-editor] directory.
-
 ### immich

 Immich is a photo album that I use to store all my photos. I use it to store all my photos. Immich is divided into several services, which are run as individual docker containers.

-1. `immich-server` - Handle and respond to REST API requests
-2. `immich-microservices` - Execute background jobs (thumbnail generation, metadata extraction, transcoding, etc.)
-3. `immich-machine-learning` - Execute machine-learning models
-4. `postgres` - Persistent data storage
-5. `redis`- Queue management for immich-microservices
+![immich dashboard](./assets/immich.png)

-My immich configuration files can be found in the [immich-compose][immich-compose] directory.
+## Other Resources

-![immich dashboard][immich-dashboard]
-
-### redis
-
-Redis is an in-memory data structure store, used as a distributed, in-memory key–value database, cache and message broker, with optional durability. I use it to store data for my applications. I use it for my [immich][immich-compose] application.
-
-My redis configuration files can be found in the [redis-compose][redis-compose] directory.
-
-### vaultwarden
-
-Vaultwarden is a lightweight implementation of the Bitwarden API, written in Rust, supports password management and generation, and can be self-hosted. I use it to store my passwords.
-
-My vaultwarden configuration files can be found in the [vaultwarden-compose][vaultwarden-compose] directory.
-
-### opengist
-
-OpenGist is a lightweight implementation of the GitHub Gist API, written in Rust, supports creating, editing, deleting, and listing gists, and can be self-hosted. I use it to store my code snippets.
-
-My opengist configuration files can be found in the [opengist-compose][opengist-compose] directory.
-
-### speedtest-tracker
-
-Speedtest Tracker is a self-hosted internet performance tracking application that runs speedtest checks against Ookla's Speedtest service. I use it to track my internet speeds.
-
-My speedtest-tracker configuration files can be found in the [speedtest-tracker-compose][speedtest-tracker-compose] directory.
-
-![speedtest-tracker dashboard][speedtest-tracker-dashboard]
-
-### kavita
-
-Kavita is a fast, feature rich, cross platform reading server. Built with a focus for manga and the goal of being a full solution for all your reading needs. Setup your own server and share your reading collection with your friends and family.
-
-My kavita configuration files can be found in the [kavita-compose][kavita-compose] directory.
-
-## endlessh
-
-endlessh is an SSH tarpit that slowly sends an endless banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.
-
-My endlessh configuration files can be found in the [endlessh-compose][endlessh-compose] directory.
-
-## dozzle
-
-dozzle is a simple container log viewer for Docker. It is designed to be very minimalistic and fit into the Docker ecosystem without extra dependencies.
-
-My dozzle configuration files can be found in the [dozzle-compose][dozzle-compose] directory.
-
-![dozzle dashboard][dozzle-dashboard]
-
-[website]: https://rodneyosodo.com
-[twitter]: https://twitter.com/b1ackd0t
-[cft]: https://www.cloudflare.com/products/tunnel/
-[odin-image]: ./assets/odin.jpg
-[computers]: ./assets/computers.jpg
-[Immich-photo-album]: https://immich.rodneyosodo.com/share/dgJE3wNLnS0ntsFlABuRwvkzCGHZeMBueTNo2NmtVKT-3mM1SYaK--p-ENXRGxph0oY
-[linux-unplugged]: https://linuxunplugged.com/
-[proxmox-dashboard]: ./assets/proxmox.png
-[services]: ./assets/homelab-arch.png
-[portainer-compose]: ./docker-compose/portainer/
-[portainer-dashboard]: ./assets/portainer.png
-[uptime-kuma-compose]: ./docker-compose/uptime-kuma/
-[uptime-kuma-dashboard]: ./assets/uptime-kuma.png
-[heimdall-compose]: ./docker-compose/heimdall/
-[heimdall-dashboard]: ./assets/heimdall.png
-[postgres-compose]: ./docker-compose/postgres/
-[nextcloud-compose]: ./docker-compose/nextcloud/
-[nextcloud-dashboard]: ./assets/nextcloud.png
-[littlelink-compose]: ./docker-compose/littlelink/
-[ntp-compose]: ./docker-compose/ntp/
-[cloudflared-compose]: ./docker-compose/cloudflared/
-[pihole-compose]: ./docker-compose/pihole/
-[pihole-dashboard]: ./assets/pihole.png
-[swagger-editor]: ./docker-compose/swagger-editor/
-[immich-compose]: ./docker-compose/immich/
-[immich-dashboard]: ./assets/immich.png
-[redis-compose]: ./docker-compose/redis/
-[vaultwarden-compose]: ./docker-compose/vaultwarden/
-[opengist-compose]: ./docker-compose/opengist/
-[speedtest-tracker-compose]: ./docker-compose/speedtest-tracker/
-[speedtest-tracker-dashboard]: ./assets/speedtest.png
-[kavita-compose]: ./docker-compose/kavita/
-[endlessh-compose]: ./docker-compose/endlessh/
-[dozzle-compose]: ./docker-compose/dozzle/
-[dozzle-dashboard]: ./assets/dozzle.png
+- [My blog](https://rodneyosodo.com)
+- [Dotfiles](https://github.com/rodneyosodo/dotfiles)
@@ -0,0 +1,50 @@
+.PHONY: install
+install:
+	ansible-galaxy role install ctorgalson.nerdfonts
+
+.PHONY: ping
+ping:
+	ansible-playbook playbooks/ping.yaml
+
+.PHONY: setup-odin
+setup-odin:
+	ansible-playbook playbooks/odin.yaml
+
+.PHONY: setup-heimdall
+setup-heimdall:
+	@echo "Setting up Heimdall..."
+	@read -p "Enter WiFi SSID: " WIFI_SSID; \
+	read -sp "Enter WiFi Password: " WIFI_PASSWORD; \
+	echo ""; \
+	ansible-playbook playbooks/heimdall.yaml --ask-pass -e "wifi_ssid=$$WIFI_SSID wifi_password=$$WIFI_PASSWORD"
+
+.PHONY: setup-bohr
+setup-bohr:
+	ansible-playbook playbooks/bohr.yaml
+
+.PHONY: install-zsh
+install-zsh:
+	ansible-playbook playbooks/zsh.yaml
+
+.PHONY: setup-homelab
+setup-homelab:
+	ansible-playbook playbooks/homelab.yaml
+
+.PHONY: setup-tana
+setup-tana:
+	ansible-playbook playbooks/tana.yaml
+
+.PHONY: help
+help:
+	@echo "This Makefile provides a set of commands to manage ansible services."
+	@echo "It allows you to setup, install, and manage various services on your ansible infrastructure."
+	@echo ""
+	@echo "Usage:"
+	@echo "  make install        - Install ansible roles"
+	@echo "  make ping           - Ping all hosts"
+	@echo "  make setup-odin     - Setup odin"
+	@echo "  make setup-heimdall - Setup heimdall"
+	@echo "  make setup-bohr     - Setup bohr"
+	@echo "  make install-zsh    - Install zsh"
+	@echo "  make setup-homelab  - Setup homelab"
+	@echo "  make setup-tana     - Setup tana"
@@ -0,0 +1,15 @@
+# Ansible Playbooks
+
+This directory contains the Ansible playbooks for my homelab.
+
+## Requirements
+
+- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+
+## Usage
+
+Run the following command to see a list of available targets:
+
+```bash
+make help
+```
@@ -0,0 +1,5 @@
+[defaults]
+INVENTORY = ./inventory/hosts.yaml
+
+[ssh_connection]
+pipelining = True
@@ -0,0 +1,59 @@
+servers:
+  hosts:
+    odin:
+      ansible_host: odin
+      ansible_connection: ssh
+      ansible_user: root
+    bohr:
+      ansible_host: bohr
+      ansible_connection: ssh
+      ansible_user: rodneyosodo
+    tana:
+      ansible_host: tana
+      ansible_connection: ssh
+      ansible_user: rodneyosodo
+    heimdall:
+      ansible_host: heimdall
+      ansible_connection: ssh
+      ansible_user: root
+
+pc:
+  hosts:
+    thor:
+      ansible_host: thor
+      ansible_connection: ssh
+      ansible_user: rodneyosodo
+
+laptop:
+  hosts:
+    snotra:
+      ansible_host: snotra
+
+backup:
+  hosts:
+    heimdall:
+      ansible_host: heimdall
+      ansible_connection: ssh
+      ansible_user: root
+
+    local-heimdall:
+      ansible_host: 192.168.100.107
+      ansible_connection: ssh
+      ansible_user: root
+
+kubernetes:
+  hosts:
+    galana:
+      ansible_host: tana
+      ansible_connection: ssh
+      ansible_user: rodneyosodo
+
+    turkwel:
+      ansible_host: turkwel
+      ansible_connection: ssh
+      ansible_user: rodneyosodo
+
+    yala:
+      ansible_host: yala
+      ansible_connection: ssh
+      ansible_user: rodneyosodo
@@ -0,0 +1,95 @@
+# Set the directory we want to store zinit and plugins
+ZINIT_HOME="${XDG_DATA_HOME:-${HOME}/.local/share}/zinit/zinit.git"
+
+# Download Zinit, if it's not there yet
+if [ ! -d "$ZINIT_HOME" ]; then
+   mkdir -p "$(dirname $ZINIT_HOME)"
+   git clone https://github.com/zdharma-continuum/zinit.git "$ZINIT_HOME"
+fi
+
+# Download fzf, if it's not installed
+if [ ! -d "$HOME/.fzf" ]; then
+  git clone --depth 1 https://github.com/junegunn/fzf.git ~/.fzf
+  $HOME/.fzf/install
+fi
+
+# Source/Load zinit
+source "${ZINIT_HOME}/zinit.zsh"
+
+# Add in Powerlevel10k
+zinit ice depth=1; zinit light romkatv/powerlevel10k
+
+# Add in zsh plugins
+zinit light zsh-users/zsh-syntax-highlighting
+zinit light zsh-users/zsh-completions
+zinit light zsh-users/zsh-autosuggestions
+zinit light Aloxaf/fzf-tab
+
+# Add in snippets
+zinit snippet OMZP::git
+zinit snippet OMZP::ssh-agent
+zinit snippet OMZP::bgnotify
+zinit snippet OMZP::dotenv
+zinit snippet OMZP::git-prompt
+zinit snippet OMZP::virtualenv
+zinit snippet OMZP::aliases
+zinit snippet OMZP::kubectl
+zinit snippet OMZP::kubectx
+zinit snippet OMZP::command-not-found
+
+# Load completions
+autoload -Uz compinit && compinit
+
+zinit cdreplay -q
+
+# To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
+[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
+
+# Keybindings
+bindkey -e
+bindkey '^p' history-search-backward
+bindkey '^n' history-search-forward
+bindkey '^[w' kill-region
+
+# History
+HISTSIZE=5000
+HISTFILE=~/.zsh_history
+SAVEHIST=$HISTSIZE
+HISTDUP=erase
+setopt appendhistory
+setopt sharehistory
+setopt hist_ignore_space
+setopt hist_ignore_all_dups
+setopt hist_save_no_dups
+setopt hist_ignore_dups
+setopt hist_find_no_dups
+
+# Completion styling
+zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}'
+zstyle ':completion:*' list-colors "${(s.:.)LS_COLORS}"
+zstyle ':completion:*' menu no
+zstyle ':fzf-tab:complete:cd:*' fzf-preview 'ls --color $realpath'
+
+zstyle :omz:plugins:ssh-agent agent-forwarding yes
+zstyle :omz:plugins:ssh-agent identities github
+zstyle :omz:plugins:ssh-agent lifetime 30d
+
+
+# Aliases
+alias ls='ls --color'
+alias c='clear'
+
+# Shell integrations
+eval "$(fzf --zsh)"
+eval `ssh-agent -s`
+
+if [ -f "~/.ssh/github" ]; then
+  ssh-add ~/.ssh/github
+fi
+
+# Functions
+function genpasswd() {
+  local length=$1
+  [ -z "$length" ] && length=16
+  tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${length} | xargs
+}
@@ -0,0 +1,14 @@
+[Unit]
+Description=Sync the time with bohr NTP server
+After=tailscaled.service
+Requires=tailscaled.service
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/ntpdate bohr
+Restart=on-failure
+RestartSec=10
+TimeoutSec=60
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,12 @@
+[Unit]
+Description=Sync the time with bohr NTP server
+After=tailscaled.service
+Requires=tailscaled.service
+
+[Timer]
+OnCalendar=daily
+OnBootSec=5min
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,16 @@
+[Unit]
+Description=Connect to wifi
+After=network.target
+Requires=network.target
+
+[Service]
+Type=simple
+# Add the environment variables to the service
+Environment="WIFI_SSID={{ wifi_ssid }}" "WIFI_PASSWORD={{ wifi_password }}"
+ExecStart=/usr/bin/nmcli d wifi connect $WIFI_SSID password $WIFI_PASSWORD
+Restart=on-failure
+TimeoutSec=60
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,68 @@
+- name: Setup Docker Server
+  hosts: "bohr"
+  become: yes
+  tasks:
+    - name: Update package lists
+      ansible.builtin.apt:
+        update_cache: yes
+        cache_valid_time: 3600
+
+    - name: Update all packages to their latest version
+      ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+    - name: Remove useless packages from the cache
+      ansible.builtin.apt:
+        autoclean: yes
+
+    - name: Remove dependencies that are no longer required and purge their configuration files
+      ansible.builtin.apt:
+        autoremove: yes
+        purge: true
+
+    - name: Run the equivalent of "apt-get clean" as a separate step
+      ansible.builtin.apt:
+        clean: yes
+
+    - name: Install Applications
+      ansible.builtin.apt:
+        name:
+          - git
+          - tar
+          - p7zip
+          - unzip
+          - curl
+          - wget
+          - make
+          - vim
+          - zsh
+          - python3
+          - ripgrep
+          - fd-find
+          - fontconfig
+          - qemu-guest-agent
+          - vainfo
+          - radeontop
+          - iperf
+          - htop
+          - btop
+          - dosfstools
+        state: present
+
+    - name: Download AMDGPU Installer
+      ansible.builtin.get_url:
+        url: https://repo.radeon.com/amdgpu-install/6.3.1/ubuntu/jammy/amdgpu-install_6.3.60301-1_all.deb
+        dest: /tmp/amdgpu-install_6.3.60301-1_all.deb
+
+    - name: Setup AMDGPU Drivers
+      ansible.builtin.shell: |
+        sudo apt install -y /tmp/amdgpu-install_6.3.60301-1_all.deb
+        amdgpu-install -y
+
+    - name: Setup Neovim
+      ansible.builtin.shell: |
+        curl -sL https://github.com/neovim/neovim/releases/latest/download/nvim-linux64.tar.gz | sudo tar -xzf - --strip-components=1 --overwrite -C /usr
+        rm -rf ~/.config/nvim
+        git clone https://github.com/LazyVim/starter ~/.config/nvim
+        rm -rf ~/.config/nvim/.git
@@ -0,0 +1,205 @@
+- name: Setup proxmox backup server
+  hosts: "backup"
+  become: yes
+  tasks:
+    - name: Configure network interfaces file
+      copy:
+        dest: /etc/network/interfaces
+        content: |
+          auto lo
+          iface lo inet loopback
+
+          iface wlo1 inet dhcp
+
+          auto enp1s0
+          iface enp1s0 inet dhcp
+
+          source /etc/network/interfaces.d/*
+        backup: yes
+
+    - name: Install network-manager
+      ansible.builtin.package:
+        state: present
+        name: network-manager
+
+    - name: Configure NetworkManager.conf
+      copy:
+        dest: /etc/NetworkManager/NetworkManager.conf
+        content: |
+          [main]
+          plugins=ifupdown,keyfile
+
+          [ifupdown]
+          managed=true
+        backup: yes
+
+    - name: Restart NetworkManager
+      ansible.builtin.systemd_service:
+        name: NetworkManager
+        state: restarted
+        daemon_reload: true
+
+    - name: Enable WiFi
+      command: nmcli r wifi on
+      ignore_errors: yes
+
+    - name: Connect to WiFi network
+      command: nmcli d wifi connect "{{ wifi_ssid }}" password "{{ wifi_password }}"
+      when: wifi_ssid is defined and wifi_password is defined
+      ignore_errors: yes
+
+    - name: Comment out enterprise repository
+      ansible.builtin.lineinfile:
+        path: /etc/apt/sources.list.d/pbs-enterprise.list
+        line: deb https://enterprise.proxmox.com/debian/pbs bookworm pbs-enterprise
+        state: absent
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+
+    - name: Add Proxmox repository to sources.list
+      ansible.builtin.lineinfile:
+        path: /etc/apt/sources.list
+        line: deb http://download.proxmox.com/debian bookworm pve-no-subscription
+        state: present
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+
+    - name: Update package lists
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: Update all packages to their latest version
+      ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+    - name: Remove useless packages from the cache
+      ansible.builtin.apt:
+        autoclean: true
+
+    - name: Remove dependencies that are no longer required and purge their configuration files
+      ansible.builtin.apt:
+        autoremove: true
+        purge: true
+
+    - name: Run the equivalent of "apt-get clean" as a separate step
+      ansible.builtin.apt:
+        clean: true
+
+    - name: Enable IOMMU (PCI Passthrough)
+      ansible.builtin.replace:
+        backup: true
+        path: /etc/default/grub
+        regexp: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet"'
+        replace: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"'
+
+    - name: Edit /etc/modules
+      ansible.builtin.blockinfile:
+        path: /etc/modules
+        prepend_newline: true
+        append_newline: true
+        backup: true
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+        block: |
+          vfio
+          vfio_iommu_type1
+          vfio_pci
+          vfio_virqfd
+
+    - name: Reduce the GRUB delay
+      ansible.builtin.replace:
+        backup: true
+        path: /etc/default/grub
+        regexp: 'GRUB_TIMEOUT="5"'
+        replace: 'GRUB_TIMEOUT="3"'
+
+    - name: Update grub
+      ansible.builtin.command: update-grub
+
+    - name: Install Applications
+      ansible.builtin.apt:
+        name:
+          - sudo
+          - git
+          - tar
+          - unzip
+          - curl
+          - wget
+          - make
+          - vim
+          - zsh
+          - python3
+          - ripgrep
+          - fd-find
+          - iperf
+          - htop
+          - btop
+          - ntpdate
+        state: present
+
+    - name: Update NTP
+      ansible.builtin.shell: ntpdate bohr
+
+    - name: Copy NTP Update systemd service
+      ansible.builtin.copy:
+        src: assets/ntp-update/ntp-update.service
+        dest: /etc/systemd/system/ntp-update.service
+        mode: "0644"
+
+    - name: Copy NTP Update systemd timer
+      ansible.builtin.copy:
+        src: assets/ntp-update/ntp-update.timer
+        dest: /etc/systemd/system/ntp-update.timer
+        mode: "0644"
+
+    - name: Start NTP Update
+      ansible.builtin.systemd_service:
+        name: ntp-update
+        state: started
+        enabled: true
+
+    - name: Copy WiFi Connect systemd service
+      ansible.builtin.template:
+        src: assets/wifi-connect/wifi-connect.service.j2
+        dest: /etc/systemd/system/wifi-connect.service
+        mode: "0644"
+      vars:
+        wifi_ssid: "{{ wifi_ssid }}"
+        wifi_password: "{{ wifi_password }}"
+
+    - name: Start NTP Update
+      ansible.builtin.systemd_service:
+        name: ntp-update
+        state: started
+        enabled: true
+
+    - name: Start WiFi Connect
+      ansible.builtin.systemd_service:
+        name: wifi-connect
+        state: started
+        enabled: true
+
+    - name: Setup Neovim
+      ansible.builtin.shell: |
+        curl -sL https://github.com/neovim/neovim/releases/latest/download/nvim-linux64.tar.gz | sudo tar -xzf - --strip-components=1 --overwrite -C /usr
+        rm -rf ~/.config/nvim
+        git clone https://github.com/LazyVim/starter ~/.config/nvim
+        rm -rf ~/.config/nvim/.git
+
+    - name: Download microcode updates
+      ansible.builtin.get_url:
+        url: https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/pbs_microcode.sh
+        dest: /tmp/install-microcode.sh
+        mode: 0755
+
+    - name: Print message
+      ansible.builtin.debug:
+        msg: Make sure to run bash /tmp/install-microcode.sh to install microcode updates
@@ -0,0 +1,33 @@
+- name: Setup Docker Server
+  hosts: "bohr"
+  become: yes
+  tasks:
+    - name: Install Applications
+      ansible.builtin.apt:
+        name:
+          - git
+
+    - name: Setup Homelab
+      ansible.builtin.shell: |
+        cd /home/{{ ansible_user }}
+        mkdir -p docker-volumes
+        if [ ! -d "homelab" ]; then
+          git clone https://github.com/rodneyosodo/homelab.git
+        fi
+        cd homelab
+        if [ ! -f "docker-compose/.env" ]; then
+          cp docker-compose/default.env docker-compose/.env
+        fi
+        docker compose -f docker-compose/docker-compose.yaml pull
+
+    - name: Recursively change ownership of a directory
+      ansible.builtin.file:
+        path: /home/{{ ansible_user }}/homelab/
+        state: directory
+        recurse: yes
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+
+    - name: Print message
+      ansible.builtin.debug:
+        msg: Populate environment variables in homelab/docker-compose/default.env
@@ -0,0 +1,133 @@
+- name: Setup proxmox server
+  hosts: "odin"
+  become: yes
+  tasks:
+    - name: Add Proxmox repository to sources.list
+      ansible.builtin.lineinfile:
+        path: /etc/apt/sources.list
+        line: deb http://download.proxmox.com/debian bookworm pve-no-subscription
+        state: present
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+
+    - name: Comment out enterprise repository
+      ansible.builtin.lineinfile:
+        path: /etc/apt/sources.list.d/pve-enterprise.list
+        line: deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
+        state: absent
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+
+    - name: Comment out ceph repository
+      ansible.builtin.lineinfile:
+        path: /etc/apt/sources.list.d/ceph.list
+        line: deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
+        state: absent
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+
+    - name: Update package lists
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: Update all packages to their latest version
+      ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+    - name: Remove useless packages from the cache
+      ansible.builtin.apt:
+        autoclean: true
+
+    - name: Remove dependencies that are no longer required and purge their configuration files
+      ansible.builtin.apt:
+        autoremove: true
+        purge: true
+
+    - name: Run the equivalent of "apt-get clean" as a separate step
+      ansible.builtin.apt:
+        clean: true
+
+    - name: Enable IOMMU (PCI Passthrough)
+      ansible.builtin.replace:
+        backup: true
+        path: /etc/default/grub
+        regexp: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet"'
+        replace: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on"'
+
+    - name: Edit /etc/modules
+      ansible.builtin.blockinfile:
+        path: /etc/modules
+        prepend_newline: true
+        append_newline: true
+        backup: true
+        create: true
+        mode: 0644
+        owner: root
+        group: root
+        block: |
+          vfio
+          vfio_iommu_type1
+          vfio_pci
+          vfio_virqfd
+
+    - name: Update grub
+      ansible.builtin.command: update-grub
+
+    - name: Install Applications
+      ansible.builtin.apt:
+        name:
+          - sudo
+          - git
+          - tar
+          - unzip
+          - curl
+          - wget
+          - make
+          - vim
+          - zsh
+          - python3
+          - ripgrep
+          - fd-find
+          - bpytop
+          - thefuck
+          - fontconfig
+          - libegl1
+          - libgl1
+          - iperf
+          - htop
+          - btop
+        state: present
+
+    - name: Setup Neovim
+      ansible.builtin.shell: |
+        curl -sL https://github.com/neovim/neovim/releases/latest/download/nvim-linux64.tar.gz | sudo tar -xzf - --strip-components=1 --overwrite -C /usr
+        rm -rf ~/.config/nvim
+        git clone https://github.com/LazyVim/starter ~/.config/nvim
+        rm -rf ~/.config/nvim/.git
+
+    - name: Download microcode updates
+      ansible.builtin.get_url:
+        url: https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/microcode.sh
+        dest: /tmp/install-microcode.sh
+        mode: 0755
+
+    - name: Create cron job to reboot the server every week on Friday at 7:00 PM
+      ansible.builtin.cron:
+        backup: true
+        name: Reboot server every week on Friday at 7:00 PM
+        weekday: "5"
+        minute: "0"
+        hour: "19"
+        job: "/usr/sbin/reboot"
+
+    - name: Print message
+      ansible.builtin.debug:
+        msg: Make sure to run bash /tmp/install-microcode.sh to install microcode updates
@@ -0,0 +1,9 @@
+- name: Ping all hosts
+  hosts: "servers"
+  tasks:
+    - name: Ping all hosts
+      ansible.builtin.ping:
+
+    - name: Print message
+      ansible.builtin.debug:
+        msg: Hello world
@@ -0,0 +1,59 @@
+- name: Setup Tana For Backup and Sync
+  hosts: "tana"
+  become: yes
+  tasks:
+    - name: Update package lists
+      ansible.builtin.apt:
+        update_cache: yes
+        cache_valid_time: 3600
+
+    - name: Update all packages to their latest version
+      ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+    - name: Remove useless packages from the cache
+      ansible.builtin.apt:
+        autoclean: yes
+
+    - name: Remove dependencies that are no longer required and purge their configuration files
+      ansible.builtin.apt:
+        autoremove: yes
+        purge: true
+
+    - name: Run the equivalent of "apt-get clean" as a separate step
+      ansible.builtin.apt:
+        clean: yes
+
+    - name: Install Applications
+      ansible.builtin.apt:
+        name:
+          - git
+          - curl
+          - wget
+          - make
+          - vim
+          - bpytop
+          - qemu-guest-agent
+          - syncthing
+          - borgbackup
+          - iperf
+          - htop
+          - btop
+        state: present
+      register: install
+
+    - name: Start Syncthing
+      ansible.builtin.systemd_service:
+        name: syncthing@rodneyosodo
+        state: started
+        enabled: true
+      register: syncthing
+
+    - name: Setup backups folder
+      ansible.builtin.file:
+        path: /home/rodneyosodo/backups
+        state: directory
+        owner: rodneyosodo
+        group: rodneyosodo
+        mode: 0755
@@ -0,0 +1,47 @@
+- name: Install zsh
+  hosts: "bohr"
+  vars:
+    nf_user: "{{ ansible_user }}"
+    nf_group: "{{ nf_user }}"
+    nf_single_fonts:
+      - "Meslo/L/Regular/MesloLGLNerdFontMono-Regular.ttf"
+  tasks:
+    - name: Install Git
+      ansible.builtin.package:
+        state: present
+        name: git
+      become: true
+
+    - name: Install Curl
+      ansible.builtin.package:
+        state: present
+        name: curl
+      become: true
+
+    - name: Install zsh
+      ansible.builtin.package:
+        name: zsh
+        state: present
+      become: true
+
+    - name: Install unzip
+      ansible.builtin.package:
+        name: unzip
+        state: present
+      become: true
+
+    - name: Ensure zsh is the default shell
+      user:
+        name: "{{ ansible_user }}"
+        shell: "/usr/bin/zsh"
+      become: true
+
+    - name: "Include ansible-role-nerdfonts"
+      include_role:
+        name: "ctorgalson.nerdfonts"
+
+    - name: Copy ZSHRC config
+      ansible.builtin.copy:
+        src: assets/.zshrc
+        dest: ~/.zshrc
+        mode: "0644"
@@ -1,67 +0,0 @@
-# Basement to Brilliance: The Unexpected Perks of Running a Homelab
-
-In the dimly lit confines of my house, I embarked on a journey from De-Googling my life to creating a homelab that would evolve into a brilliant tapestry of technology and learning. Hi, I'm [Rodney Osodo](https://rodneyosodo.com/), known as [@blackd0t](https://twitter.com/b1ackd0t) on Twitter, and I'm not just a software engineer; I'm the curator of my homelab adventure. The walls of my homelab are adorned with servers and the hum of endless possibilities as I dive into the world of new technologies and host my projects. This digital playground, my homelab, has become the canvas for my exploration.
-
-With goals ranging from liberating myself from the clutches of Google to creating a robust, highly available infrastructure for my projects, each checkbox became a stepping stone toward homelab brilliance. The allure of a scalable environment with no single point of failure beckoned me, pushing the boundaries of my understanding. Learning new technologies isn't just a task; it is a thrilling adventure, and having fun is the north star guiding my every endeavour.
-
-Reaching the point where I can proudly declare, "I have a homelab," feels like a significant milestone. It might not be the most expansive setup, but it's mine – a carefully curated space where technology and creativity intertwine.
-
-The heartbeat of my homelab is a Raspberry Pi (Heimdall), dutifully serving as a backup server running. Alongside it stands a mini PC (Odin), my trusted central server, orchestrating various services. Another mini PC, Hœnir, proudly takes on the role of my main workstation, where countless lines of code come to life. My laptop, Dellingr, transforms into a mobile workstation for those on-the-go moments, ensuring productivity knows no bounds. As my homelab continues to evolve, there's a promise of more servers on the horizon, each waiting to join the ensemble. The journey has just begun, and the prospect of enhancing my homelab with additional servers and services makes the future brim with possibilities.
-
-## heimdall
-
- 64-bit Raspberry Pi OS Lite (Debian 12 running kernel: 6.1)
- Raspberry Pi 4 Model B
- 4GB RAM
- 64 GB SD Card
- 1x 4TB HDD as data disk
-
-This server is used exclusively as a backup server. I use it to back up my homelab machines and possibly my family's machines. When selecting Heimdall's hardware, reliability took precedence over sheer power. The Raspberry Pi 4, known for its affordability and stability, became the natural choice. Opting for the 4GB RAM version ensured the smooth operation of the 64-bit OS and the backup software, creating a balance between performance and cost-effectiveness. I chose a 64GB SD card for the OS to accommodate the necessary storage, while a 4TB HDD is the data disk. The intention was not only to store backups but also to maintain multiple copies for added reliability.
-
-However, the journey had its challenges. An unforeseen block size discrepancy between the Raspberry Pi (using 512 blocks) and the HDD (with a 4096 block size) led to an unfortunate compatibility issue. Here is the [issue](https://forums.raspberrypi.com/viewtopic.php?t=334314). Despite attempts to integrate the Proxmox Backup Server, both as the base OS or containerised, the hurdles persisted, prompting a reevaluation of the setup. Here is the [issue](https://forum.proxmox.com/threads/pbs-on-a-raspberry-pi.85051/).
-
-In response to these challenges, I will transition Heimdall's duties to an Intel N100 mini PC. This upgrade aims to overcome the compatibility issues and provide a seamless environment for backup operations.
-
-## odin
-
- Proxmox 8.1.4 (Debian 12 running kernel: 6.5.11-7-pve)
- AMD Ryzen 7 4800H with Radeon Graphics (16) @ 1.4GHz - 2.9GHz
- 32 GB DDR4-3200 Memory
- 1x 1 TB NVMe SSD as boot disk
- 1x 2 TB HDD as data disk
-
-My primary server is hosted on this machine. I use it to run all of my virtualised and containerised services. At the moment, I have a VM called Bohr that runs all my services. I will add more VMs soon for testing and running Kubernetes.
-
-I chose the AMD Ryzen 7 4800H with Radeon Graphics (16) @ 1.4GHz - 2.9GHz because it's cheap and reliable. I picked the 32 GB DDR4-3200 Memory to have enough RAM to run the OS and the services. I will upgrade to 64 GB DDR4-3200 Memory as soon as my needs grow. I chose the 1 TB NVMe SSD as the boot disk. I picked the 2 TB HDD as a data disk because I wanted enough storage for the VMS. I will probably increase the number of VMs as my needs grow. I will add more storage as my needs grow.
-
-This server is the most powerful in my homelab. It runs proxmox as the base OS. I have configured proxmox to use ZFS as the storage backend. It utilises the 2 TB HDD as the data disk. ZFS is pretty cool. It allows me to create snapshots of the data disk. I can use these snapshots to restore the data disk to a previous state. I can also use these snapshots to create clones of the data disk. I have also configured scheduled backups of the VM. This happens every night at 2 AM.
-
-Currently, I'm running all my services on a single VM. The services I'm running are:
-
- Portainer - is a lightweight management UI that allows you to manage your different Docker environments easily. It consists of a single container that can run on any Docker engine. Portainer allows you to manage all your Docker resources (containers, images, volumes, networks and more)
- uptime-kuma - is a self-hosted monitoring service that you can use to keep track of the health of your applications, websites, and APIs. You can configure it to watch services with different types of health checks and set up email notifications for when there are problems.
- heimdall - is a way to easily organise all those links to your most used websites and web applications. Simplicity is the key to Heimdall.
- postgres - is an open-source database with a strong reputation for its reliability, flexibility, and support of open technical standards. It is designed to handle a range of workloads, from single machines to data warehouses or Web services with many concurrent users.
- nextcloud - is a self-hosted, open-source file-sharing and collaboration platform that allows users to store, access, and share their data from any device or location. Nextcloud was created as a fork of ownCloud. It serves as my replacement for Google Drive.
- littlelink - is an open-source DIY Linktree alternative.
- NTP - is a communication protocol that allows the synchronisation of clocks across devices using TCP/IP communication. It synchronises the time on your local system to a centralised NTP server.
- cloudflared - is a tunnelling daemon that proxies any local webserver through the Cloudflare network. It secures traffic, hides your origin server IP address, and blocks malicious traffic.
- pihole - a DNS sinkhole that protects your devices from unwanted content without installing client-side software. It is installed on a server and configured to block queries to known ad-serving domains. I use it to block ads, tracking, and malware. It also serves as a DNS server with unbound as the upstream DNS server.
- swagger-editor - is a browser-based editor where you can write OpenAPI specs.
- immich - is a photo album I use to store all my photos. I use it to store all my photos. Immich is divided into several services run as individual docker containers. It serves as my replacement for Google Photos.
- Redis - is an open-source, in-memory data structure store used as a database, cache, and message broker. It stores data in memory and is often used as a cache.
- vaultwarden - is an alternative implementation of the Bitwarden server API written in Rust. It is compatible with upstream Bitwarden clients. I use it to store my passwords and other sensitive information. It serves as my replacement for Google passwords.
- opengist - is an open-source, self-hosted, web-based code snippet manager. I used it to store code snippets.
- speedtest-tracker - is a self-hosted, open source, lightweight, and easy-to-use speed test tracker. I use it to track my internet speed.
- dozzle - is a simple container log viewer for Docker. I use it to view logs of docker containers.
- endlessh - is an SSH tarpit that sends an endless, random SSH banner very slowly. It keeps SSH clients locked up for hours or even days. Instead of bothering a real server, the purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit.
-
-## Conclusion
-
-In the grand scheme of my homelab evolution, I'm gearing up for a transformative leap to version 2.0. The impending upgrade involves adding new machines and expanding services, marking a significant architectural shift with the introduction of Kubernetes. The decision between k3s and k8s is yet to be finalised as I immerse myself in the intricacies of these powerful orchestration tools, navigating the vast landscape of containerised deployments.
-
-Beyond the orchestration prowess of Kubernetes, version 2.0 heralds the dawn of Infrastructure as Code (IaC). Terraform will take the reins, orchestrating the provisioning of machines, while Ansible handles the configuration of services deftly. This dual approach ensures a streamlined, automated, and scalable infrastructure, paving the way for efficient management and future expansion.
-
-The endgame for this ambitious homelab upgrade is nothing short of a highly available marvel. By eliminating single points of failure, both in hardware and software, I aim to fortify the foundation of my homelab. Every system and byte of data will be diligently backed up and protected, forming an impenetrable fortress of resilience. I will implement load balancing and failover mechanisms to guarantee the highest service availability, creating a homelab that meets and exceeds my expectations.
-
-The roadmap includes continuous monitoring to ensure peak performance and the implementation of a reliable failover strategy for all services. As the curtains rise on version 2.0, I anticipate a landscape reshaped by the evolving workloads, promising a dynamic and ever-improving homelab environment in the coming weeks and years. The journey ahead is discovery, growth, and the relentless pursuit of homelab excellence.
@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-
-# This script is used to start and stop docker-compose services
-# It can also be used to generate a new docker-compose file
-
-if [ "$1" == "start" ]; then
-    docker compose -f docker-compose/docker-compose.yaml --env-file docker-compose/.env up -d
-elif [ "$1" == "stop" ]; then
-    docker compose -f docker-compose/docker-compose.yaml --env-file docker-compose/.env down
-elif [ "$1" == "generate" ]; then
-    echo "Generating docker-compose file"
-    echo "What is the name of the service?"
-    read -r serviceName
-    mkdir -p docker-compose/"$serviceName"
-    cp docker-compose/compose-template.yaml docker-compose/"$serviceName"/docker-compose.yaml
-    sed -i "s/service_name/$serviceName/g" docker-compose/"$serviceName"/docker-compose.yaml
-    {
-        echo "  - path: ./$serviceName/docker-compose.yaml"
-        echo "    project_directory: .."
-        echo "    env_file: docker-compose/.env"
-        echo ""
-    } >>docker-compose/docker-compose.yaml
-    echo "Docker-compose file for $serviceName generated"
-else
-    echo "Please specify start or stop as argument"
-fi
@@ -0,0 +1,57 @@
+TEMPLATE_FILE = compose-template.yaml
+MAIN_COMPOSE = docker-compose.yaml
+
+start: ## Start docker compose services
+	@docker compose -f $(MAIN_COMPOSE) --env-file .env up -d
+
+restart: ## Restart docker compose services
+	@docker compose -f $(MAIN_COMPOSE) --env-file .env up -d --force-recreate
+
+stop: ## Stop docker compose services
+	@docker compose -f $(MAIN_COMPOSE) --env-file .env down
+
+pull: ## Pull latest images needed by docker compose services
+	@docker compose -f $(MAIN_COMPOSE) --env-file .env pull
+
+clean: ## Stop docker composition and remove orphans
+	@docker compose -f $(MAIN_COMPOSE) --env-file .env down --remove-orphans
+
+generate: ## Generate a compose file for new service
+	@if [ -z "$(service)" ]; then \
+		echo "Usage: make generate service=<service_name>"; \
+		exit 1; \
+	fi
+	@echo "Generating docker-compose file for service: $(service)"
+	@mkdir -p $(service)
+	@cp $(TEMPLATE_FILE) $(service)/docker-compose.yaml
+	@sed -i "s/service_name/$(service)/g" $(service)/docker-compose.yaml
+	@echo "  - path: ./$(service)/docker-compose.yaml" >> $(MAIN_COMPOSE)
+	@echo "    project_directory: .." >> $(MAIN_COMPOSE)
+	@echo "    env_file: .env" >> $(MAIN_COMPOSE)
+	@echo "" >> $(MAIN_COMPOSE)
+	@echo "Docker-compose file for $(service) generated"
+
+validate: ## Validate that all images in docker compose config exist in registry
+	@IMAGES=$$(docker compose config --images); \
+	FAILED=0; \
+	for IMG in $$IMAGES; do \
+		echo "Checking if image exists in registry: $$IMG"; \
+		if docker manifest inspect "$$IMG" >/dev/null 2>&1; then \
+			echo "✅ Valid: $$IMG exists in the registry."; \
+		else \
+			echo "❌ Invalid: $$IMG could not be found or accessed."; \
+			FAILED=1; \
+		fi; \
+	done; \
+	if [ $$FAILED -ne 0 ]; then \
+		echo "Error: One or more Docker Compose images are invalid in the registry."; \
+		exit 1; \
+	fi; \
+	echo "All images are valid. Proceeding with CI pipeline."
+
+help: ## Show this help message
+	@which awk > /dev/null || (echo "awk not found. Please install it from https://www.gnu.org/software/gawk/manual/gawk.html" && exit 1)
+	@echo ""
+	@echo "This Makefile provides a set of commands to manage Docker Compose services."
+	@echo "It allows you to start, stop, restart, pull, and generate new services."
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[$$()% a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-28s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
@@ -0,0 +1,11 @@
+# Docker Compose
+
+This folder contains the Docker Compose configuration files for the Homelab services.
+
+## Usage
+
+Run the following command to see the available commands:
+
+```bash
+make help
+```
@@ -0,0 +1,46 @@
+services:
+  atuin:
+    container_name: atuin
+    image: ghcr.io/atuinsh/atuin:18.16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command: start
+    volumes:
+      - ~/docker-volumes/atuin/config:/config
+    depends_on:
+      - atuin-db
+    ports:
+      - ${ATUIN_PORT}:${ATUIN_PORT}
+    environment:
+      - ATUIN_HOST=${ATUIN_HOST}
+      - ATUIN_PORT=${ATUIN_PORT}
+      - ATUIN_OPEN_REGISTRATION=${ATUIN_OPEN_REGISTRATION}
+      - ATUIN_DB_URI=${ATUIN_POSTGRES_URL}
+      - RUST_LOG=${ATUIN_RUST_LOG}
+
+  atuin-db:
+    container_name: atuin-db
+    image: docker.io/postgres:16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/atuin/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${ATUIN_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${ATUIN_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${ATUIN_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${ATUIN_POSTGRES_USER}' -d '${ATUIN_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
@@ -1,12 +1,14 @@
 services:
  cloudflared:
    container_name: cloudflared
-    image: cloudflare/cloudflared:2024.1.5
+    image: docker.io/cloudflare/cloudflared:2026.5.2
    restart: unless-stopped
-    command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TOKEN}
+    command: tunnel --metrics 0.0.0.0:4090 --no-autoupdate run --token ${CLOUDFLARE_TOKEN}
    networks:
      - homelab-network
    environment:
-      - ${CLOUDFLARE_TOKEN}=${CLOUDFLARE_TOKEN}
+      - CLOUDFLARE_TOKEN=${CLOUDFLARE_TOKEN}
    security_opt:
      - no-new-privileges:true
+    ports:
+      - 4090:4090
@@ -0,0 +1,176 @@
+services:
+  dawarich-app:
+    container_name: dawarich-app
+    image: docker.io/freikin/dawarich:1.7.11
+    volumes:
+      - ~/docker-volumes/dawarich/public:/var/app/public
+      - ~/docker-volumes/dawarich/watched:/var/app/tmp/imports/watched
+      - ~/docker-volumes/dawarich/storage:/var/app/storage
+      - ~/docker-volumes/dawarich/db_data:/dawarich_db_data
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - 5000:5000
+      - 9394:9394
+    stdin_open: true
+    tty: true
+    entrypoint: web-entrypoint.sh
+    command: ["bin/rails", "server", "-p", "5000", "-b", "::"]
+    restart: on-failure
+    environment:
+      - RAILS_ENV=production
+      - REDIS_URL=${DAWARICH_REDIS_URL}
+      - DATABASE_HOST=dawarich-db
+      - DATABASE_PORT=5432
+      - DATABASE_USERNAME=${DAWARICH_POSTGRES_USER}
+      - DATABASE_PASSWORD=${DAWARICH_POSTGRES_PASSWORD}
+      - DATABASE_NAME=${DAWARICH_POSTGRES_DB}
+      - MIN_MINUTES_SPENT_IN_CITY=60
+      - APPLICATION_HOSTS=${DAWARICH_APPLICATION_HOSTS}
+      - TIME_ZONE=Africa/Nairobi
+      - DISTANCE_UNIT=km
+      - APPLICATION_PROTOCOL=http
+      - PROMETHEUS_EXPORTER_ENABLED=true
+      - PROMETHEUS_EXPORTER_HOST=0.0.0.0
+      - PROMETHEUS_EXPORTER_PORT=9394
+      - METRICS_USERNAME=${DAWARICH_METRICS_USERNAME}
+      - METRICS_PASSWORD=${DAWARICH_METRICS_PASSWORD}
+      - SECRET_KEY_BASE=${DAWARICH_SECRET_KEY_BASE}
+      - RAILS_LOG_TO_STDOUT="true"
+      - SELF_HOSTED=true
+      - STORE_GEODATA=true
+      - SMTP_SERVER=${SMTP_HOST}
+      - SMTP_PORT=${SMTP_PORT}
+      - SMTP_DOMAIN=${MAIL_DOMAIN}
+      - SMTP_USERNAME=${SMTP_NAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - SMTP_FROM=${MAIL_FROM_ADDRESS}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "wget -qO - http://127.0.0.1:5000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'",
+        ]
+      interval: 10s
+      retries: 30
+      start_period: 30s
+      timeout: 10s
+    depends_on:
+      dawarich-db:
+        condition: service_healthy
+        restart: true
+      dawarich-redis:
+        condition: service_healthy
+        restart: true
+    deploy:
+      resources:
+        limits:
+          cpus: "0.50" # Limit CPU usage to 50% of one core
+          memory: "4G" # Limit memory usage to 4GB
+
+  dawarich-sidekiq:
+    container_name: dawarich-sidekiq
+    image: docker.io/freikin/dawarich:1.7.11
+    volumes:
+      - ~/docker-volumes/dawarich/public:/var/app/public
+      - ~/docker-volumes/dawarich/watched:/var/app/tmp/imports/watched
+      - ~/docker-volumes/dawarich/storage:/var/app/storage
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    stdin_open: true
+    tty: true
+    entrypoint: sidekiq-entrypoint.sh
+    command: ["bundle", "exec", "sidekiq"]
+    restart: on-failure
+    environment:
+      - RAILS_ENV=production
+      - REDIS_URL=${DAWARICH_REDIS_URL}
+      - DATABASE_HOST=dawarich-db
+      - DATABASE_PORT=5432
+      - DATABASE_USERNAME=${DAWARICH_POSTGRES_USER}
+      - DATABASE_PASSWORD=${DAWARICH_POSTGRES_PASSWORD}
+      - DATABASE_NAME=${DAWARICH_POSTGRES_DB}
+      - APPLICATION_HOSTS=${DAWARICH_APPLICATION_HOSTS}
+      - BACKGROUND_PROCESSING_CONCURRENCY=10
+      - APPLICATION_PROTOCOL=http
+      - PROMETHEUS_EXPORTER_ENABLED=true
+      - PROMETHEUS_EXPORTER_HOST=dawarich-sidekiq
+      - PROMETHEUS_EXPORTER_PORT=9394
+      - METRICS_USERNAME=${DAWARICH_METRICS_USERNAME}
+      - METRICS_PASSWORD=${DAWARICH_METRICS_PASSWORD}
+      - SECRET_KEY_BASE=${DAWARICH_SECRET_KEY_BASE}
+      - RAILS_LOG_TO_STDOUT="true"
+      - SELF_HOSTED=true
+      - STORE_GEODATA=true
+      - SMTP_SERVER=${SMTP_HOST}
+      - SMTP_PORT=${SMTP_PORT}
+      - SMTP_DOMAIN=${MAIL_DOMAIN}
+      - SMTP_USERNAME=${SMTP_NAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - SMTP_FROM=${MAIL_FROM_ADDRESS}
+    healthcheck:
+      test: ["CMD-SHELL", "pgrep -f sidekiq"]
+      interval: 10s
+      retries: 30
+      start_period: 30s
+      timeout: 10s
+    depends_on:
+      dawarich-db:
+        condition: service_healthy
+        restart: true
+      dawarich-redis:
+        condition: service_healthy
+        restart: true
+      dawarich-app:
+        condition: service_healthy
+        restart: true
+
+  dawarich-db:
+    container_name: dawarich-db
+    image: docker.io/postgis/postgis:17-3.5-alpine
+    restart: always
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    shm_size: 1G
+    volumes:
+      - ~/docker-volumes/dawarich/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${DAWARICH_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${DAWARICH_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${DAWARICH_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${DAWARICH_POSTGRES_USER}' -d '${DAWARICH_POSTGRES_DB}'",
+        ]
+      interval: 10s
+      retries: 5
+      start_period: 30s
+      timeout: 10s
+
+  dawarich-redis:
+    container_name: dawarich-redis
+    image: docker.io/redis:7.4-alpine
+    restart: always
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command: /bin/sh -c "redis-server --save 900 1 --save 300 10 --appendonly no --requirepass ${DAWARICH_REDIS_PASSWORD}"
+    volumes:
+      - ~/docker-volumes/dawarich/redis:/data
+    environment:
+      - REDIS_PASSWORD=${DAWARICH_REDIS_PASSWORD}
+    healthcheck:
+      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
+      interval: 10s
+      retries: 5
+      start_period: 30s
+      timeout: 10s
@@ -0,0 +1,138 @@
+## SMTP
+SMTP_HOST="0.0.0.0"
+SMTP_PORT="9001"
+SMTP_SECURE=""
+SMTP_AUTHTYPE=""
+SMTP_NAME=""
+MAIL_FROM_ADDRESS=""
+SMTP_PASSWORD=""
+MAIL_DOMAIN=""
+
+## CLOUDFLARED
+CLOUDFLARE_TOKEN=""
+
+## DOCUSEAL
+DOCUSEAL_POSTGRES_USER=""
+DOCUSEAL_POSTGRES_PASSWORD=""
+DOCUSEAL_POSTGRES_DB=""
+DOCUSEAL_POSTGRES_URL=""
+
+## GITEA
+GITEA_POSTGRES_DB=""
+GITEA_POSTGRES_USER=""
+GITEA_POSTGRES_PASSWORD=""
+GITEA_RUNNER_REGISTRATION_TOKEN=""
+
+## HEDGEDOC
+HEDGEDOC_ALLOW_EMAIL_REGISTER=""
+HEDGEDOC_DOMAIN_URL=""
+HEDGEDOC_SESSION_SECRET=""
+
+### HEDGEDOC POSTGRES
+HEDGEDOC_POSTGRES_USER=""
+HEDGEDOC_POSTGRES_PASSWORD=""
+HEDGEDOC_POSTGRES_DB=""
+HEDGEDOC_POSTGRES_URL=""
+
+## IMMICH
+
+### IMMICH REDIS
+IMMICH_REDIS_PASSWORD=""
+
+### IMMICH POSTGRES
+IMMICH_POSTGRES_USER=""
+IMMICH_POSTGRES_PASSWORD=""
+IMMICH_POSTGRES_DB=""
+
+## MEALIE
+MEALIE_BASE_URL=""
+
+## NEXTCLOUD
+NEXTCLOUD_TRUSTED_DOMAINS=""
+
+### NEXTCLOUD POSTGRES
+NEXTCLOUD_POSTGRES_USER=""
+NEXTCLOUD_POSTGRES_PASSWORD=""
+NEXTCLOUD_POSTGRES_DB=""
+
+## PIHOLE
+PIHOLE_WEBPASSWORD=""
+
+## SPEEDTEST_TRACKER
+SPEEDTEST_TRACKER_APP_KEY=""
+
+### SPEEDTEST_TRACKER POSTGRES
+SPEEDTEST_TRACKER_POSTGRES_USER=""
+SPEEDTEST_TRACKER_POSTGRES_PASSWORD=""
+SPEEDTEST_TRACKER_POSTGRES_DB=""
+
+## VAULTWARDEN
+VAULTWARDEN_DOMAIN=""
+
+## KENER
+KENER_SECRET_KEY=""
+KENER_ORIGIN=""
+
+## KENER DB
+KENER_POSTGRES_USER=""
+KENER_POSTGRES_PASSWORD=""
+KENER_POSTGRES_DB=""
+KENER_POSTGRES_URL=""
+
+## KENER REDIS
+KENER_REDIS_PASSWORD=""
+KENER_REDIS_URL=""
+
+## ATUIN
+ATUIN_HOST="0.0.0.0"
+ATUIN_PORT="9002"
+ATUIN_OPEN_REGISTRATION=""
+ATUIN_RUST_LOG=""
+
+## ATUIN DB
+ATUIN_POSTGRES_USER=""
+ATUIN_POSTGRES_PASSWORD=""
+ATUIN_POSTGRES_DB=""
+ATUIN_POSTGRES_URL=""
+
+## KARAKEEP
+OPENAI_API_KEY=""
+KARAKEEP_NEXTAUTH_URL=""
+KARAKEEP_NEXTAUTH_SECRET=""
+KARAKEEP_MEILI_MASTER_KEY=""
+
+## DAWARICH
+DAWARICH_APPLICATION_HOSTS="localhost,::1,127.0.0.1"
+DAWARICH_SECRET_KEY_BASE=""
+DAWARICH_METRICS_USERNAME=""
+DAWARICH_METRICS_PASSWORD=""
+
+### DAWARICH POSTGRES
+DAWARICH_POSTGRES_USER=""
+DAWARICH_POSTGRES_PASSWORD=""
+DAWARICH_POSTGRES_DB=""
+DAWARICH_POSTGRES_URL="postgresql://${DAWARICH_POSTGRES_USER}:${DAWARICH_POSTGRES_PASSWORD}@dawarich-db:5432/${DAWARICH_POSTGRES_DB}"
+
+### DAWARICH REDIS
+DAWARICH_REDIS_PASSWORD=""
+DAWARICH_REDIS_URL=redis://dawarich-redis:6379
+
+### RUSTFS
+RUSTFS_ACCESS_KEY=""
+RUSTFS_SECRET_KEY=""
+
+### PAPERLESS
+PAPERLESS_SECRET_KEY=""
+PAPERLESS_API_TOKEN=""
+PAPERLESS_USERNAME=""
+PAPERLESS_PUBLIC_URL=""
+
+### PAPERLESS REDIS
+PAPERLESS_REDIS_PASSWORD=""
+PAPERLESS_REDIS_URL=""
+
+### PAPERLESS POSTGRES
+PAPERLESS_POSTGRES_USER=""
+PAPERLESS_POSTGRES_PASSWORD=""
+PAPERLESS_POSTGRES_DB=""
+PAPERLESS_POSTGRES_URL=""
@@ -1,4 +1,3 @@
-version: "3.7"
 name: "homelab"

 networks:
@@ -13,58 +12,76 @@ networks:
 include:
  - path: ./portainer/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
-  - path: ./uptime-kuma/docker-compose.yaml
-    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./heimdall/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
-  - path: ./postgres/docker-compose.yaml
-    project_directory: ..
-    env_file: docker-compose/.env
-  - path: ./nextcloud/docker-compose.yaml
-    project_directory: ..
-    env_file: docker-compose/.env
-  - path: ./littlelink/docker-compose.yaml
-    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./ntp/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./cloudflared/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./pihole/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./swagger-editor/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./immich/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
-  - path: ./redis/docker-compose.yaml
-    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./vaultwarden/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./opengist/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./speedtest-tracker/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
-  - path: ./kavita/docker-compose.yaml
-    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./dozzle/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
  - path: ./endlessh/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
+  - path: ./mealie/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./docuseal/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./gitea/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./hedgedoc/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./kener/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./watcharr/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./atuin/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./karakeep/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./prometheus/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./dawarich/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
+  - path: ./rustfs/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
  - path: ./ollama/docker-compose.yaml
    project_directory: ..
-    env_file: docker-compose/.env
+    env_file: .env
+  - path: ./paperless/docker-compose.yaml
+    project_directory: ..
+    env_file: .env
@@ -0,0 +1,41 @@
+services:
+  docuseal:
+    container_name: docuseal
+    image: docker.io/docuseal/docuseal:3.0.2
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/docuseal/data:/data
+    ports:
+      - 4010:3000
+    depends_on:
+      - docuseal-db
+    environment:
+      - DATABASE_URL=${DOCUSEAL_POSTGRES_URL}
+
+  docuseal-db:
+    container_name: docuseal-db
+    image: docker.io/postgres:16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/docuseal/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${DOCUSEAL_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${DOCUSEAL_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${DOCUSEAL_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${DOCUSEAL_POSTGRES_USER}' -d '${DOCUSEAL_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
@@ -1,7 +1,7 @@
 services:
  dozzle:
    container_name: dozzle
-    image: amir20/dozzle:v6.1.1
+    image: docker.io/amir20/dozzle:v10.6.3
    restart: unless-stopped
    networks:
      - homelab-network
@@ -9,5 +9,10 @@ services:
      - no-new-privileges:true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ~/docker-volumes/dozzle/data:/data
    ports:
      - 3070:8080
+    environment:
+      - DOZZLE_NO_ANALYTICS=true
+      - DOZZLE_ENABLE_ACTIONS=true
+      - DOZZLE_ENABLE_SHELL=true
@@ -1,12 +1,17 @@
 services:
  endlessh:
    container_name: endlessh
-    image: linuxserver/endlessh:latest
+    image: ghcr.io/shizunge/endlessh-go:latest
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
+    command:
+      - "-enable_prometheus"
+      - "-logtostderr"
+      - "-v=3"
+      - "-geoip_supplier=ip-api"
    environment:
      - PUID=1000
      - PGID=1000
@@ -15,6 +20,6 @@ services:
      - MAXLINES=32
      - MAXCLIENTS=4096
      - LOGFILE=false
-      - BINDFAMILY=
    ports:
-      - 22:2222
+      - 1111:2222
+      - 2112:2112
@@ -0,0 +1,81 @@
+services:
+  gitea:
+    container_name: gitea
+    image: docker.io/gitea/gitea:1.26.2
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=gitea-db
+      - GITEA__database__NAME=${GITEA_POSTGRES_DB}
+      - GITEA__database__USER=${GITEA_POSTGRES_USER}
+      - GITEA__database__PASSWD=${GITEA_POSTGRES_PASSWORD}
+      - GITEA__mailer__ENABLED=true
+      - GITEA__mailer__FROM=${MAIL_FROM_ADDRESS}
+      - GITEA__mailer__PROTOCOL=smtps
+      - GITEA__mailer__SMTP_ADDR=${SMTP_HOST}
+      - GITEA__mailer__USER=${SMTP_NAME}
+      - GITEA__mailer__PASSWD="""${SMTP_PASSWORD}"""
+      - GITEA__service__DISABLE_REGISTRATION=true
+      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
+    volumes:
+      - ~/docker-volumes/gitea/data:/data/
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - 4020:3000
+      - 4021:22
+    healthcheck:
+      test: ["CMD", "curl", "-f", "https://git.rodneyosodo.com"]
+      interval: 10s
+      retries: 3
+      start_period: 30s
+      timeout: 10s
+
+  gitea-db:
+    container_name: gitea-db
+    image: docker.io/postgres:16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/gitea/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${GITEA_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${GITEA_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${GITEA_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${GITEA_POSTGRES_USER}' -d '${GITEA_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  gitea-runner:
+    container_name: gitea-runner
+    image: docker.io/gitea/runner:1.0.7
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - GITEA_INSTANCE_URL=https://git.rodneyosodo.com
+      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
+    volumes:
+      - ~/docker-volumes/gitea/runner/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    depends_on:
+      gitea:
+        condition: service_healthy
+        restart: true
@@ -0,0 +1,49 @@
+services:
+  hedgedoc:
+    container_name: hedgedoc
+    image: quay.io/hedgedoc/hedgedoc:1.10.8
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - CMD_PORT=3050
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_ALLOW_EMAIL_REGISTER=${HEDGEDOC_ALLOW_EMAIL_REGISTER}
+      - CMD_IMAGE_UPLOAD_TYPE=filesystem
+      - CMD_DOMAIN=${HEDGEDOC_DOMAIN_URL}
+      - CMD_SESSION_SECRET=${HEDGEDOC_SESSION_SECRET}
+      - CMD_DB_URL=${HEDGEDOC_POSTGRES_URL}
+      - NODE_ENV=production
+      - DEBUG=false
+    volumes:
+      - ~/docker-volumes/hedgedoc/uploads:/hedgedoc/public/uploads
+    ports:
+      - 3050:3050
+    depends_on:
+      - hedgedoc-db
+
+  hedgedoc-db:
+    container_name: hedgedoc-db
+    image: docker.io/postgres:16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/hedgedoc/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${HEDGEDOC_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${HEDGEDOC_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${HEDGEDOC_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${HEDGEDOC_POSTGRES_USER}' -d '${HEDGEDOC_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
@@ -1,7 +1,7 @@
 services:
  heimdall:
    container_name: heimdall
-    image: linuxserver/heimdall:2.5.8
+    image: docker.io/linuxserver/heimdall:2.7.6
    restart: unless-stopped
    networks:
      - homelab-network
@@ -1,26 +1,28 @@
 services:
  immich-server:
    container_name: immich-server
-    image: ghcr.io/immich-app/immich-server:v1.94.1
+    image: ghcr.io/immich-app/immich-server:v2.7.5
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
-    command: ["start.sh", "immich"]
+    devices:
+      - /dev/dri:/dev/dri
    volumes:
-      - ~/docker-volumes/immich-images:/usr/src/app/upload
+      - ~/docker-volumes/immich/images:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    ports:
-      - 2090:3001
+      - 2090:2283
    depends_on:
-      - redis
+      - immich-redis
      - immich-postgres
    environment:
+      - IMMICH_VERSION=v2.3.1
      - TZ=Africa/Nairobi
-      - REDIS_HOSTNAME=redis
+      - REDIS_HOSTNAME=immich-redis
      - REDIS_PORT=6379
-      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - REDIS_PASSWORD=${IMMICH_REDIS_PASSWORD}
      - DB_HOSTNAME=immich-postgres
      - DB_PORT=5432
      - DB_USERNAME=${IMMICH_POSTGRES_USER}
@@ -32,57 +34,51 @@ services:
          memory: 4G
        reservations:
          memory: 2G
-
-  immich-microservices:
-    container_name: immich-microservices
-    image: ghcr.io/immich-app/immich-server:v1.94.1
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    security_opt:
-      - no-new-privileges:true
-    devices:
-      - /dev/dri:/dev/dri # If using Intel QuickSync or VAAPI
-    command: ["start.sh", "microservices"]
-    volumes:
-      - ~/docker-volumes/immich-images:/usr/src/app/upload
-      - /etc/localtime:/etc/localtime:ro
-    depends_on:
-      - redis
-      - immich-postgres
-    environment:
-      - TZ=Africa/Nairobi
-      - REDIS_HOSTNAME=redis
-      - REDIS_PORT=6379
-      - REDIS_PASSWORD=${REDIS_PASSWORD}
-      - DB_HOSTNAME=immich-postgres
-      - DB_PORT=5432
-      - DB_USERNAME=${IMMICH_POSTGRES_USER}
-      - DB_PASSWORD=${IMMICH_POSTGRES_PASSWORD}
-      - DB_DATABASE_NAME=${IMMICH_POSTGRES_DB}
+    healthcheck:
+      disable: false

  immich-machine-learning:
    container_name: immich-machine-learning
-    image: ghcr.io/immich-app/immich-machine-learning:v1.94.1
+    image: ghcr.io/immich-app/immich-machine-learning:v2.7.5
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
    volumes:
-      - ~/docker-volumes/immich-cache:/cache
+      - ~/docker-volumes/immich/cache:/cache
+    healthcheck:
+      disable: false

  immich-postgres:
    container_name: immich-postgres
-    image: tensorchord/pgvecto-rs:pg14-v0.1.11
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
    environment:
-      POSTGRES_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
-      POSTGRES_USER: ${IMMICH_POSTGRES_USER}
-      POSTGRES_DB: ${IMMICH_POSTGRES_DB}
+      - POSTGRES_PASSWORD=${IMMICH_POSTGRES_PASSWORD}
+      - POSTGRES_USER=${IMMICH_POSTGRES_USER}
+      - POSTGRES_DB=${IMMICH_POSTGRES_DB}
+      - POSTGRES_INITDB_ARGS="--data-checksums"
+      - DB_STORAGE_TYPE=HDD
    volumes:
-      - ~/docker-volumes/immich-postgres-data:/var/lib/postgresql/data
+      - ~/docker-volumes/immich/postgres-data:/var/lib/postgresql/data
+
+  immich-redis:
+    container_name: immich-redis
+    image: docker.io/redis:7.2.5
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command: /bin/sh -c "redis-server --requirepass ${IMMICH_REDIS_PASSWORD}"
+    volumes:
+      - ~/docker-volumes/immich/redis:/data
+    ports:
+      - 6379:6379
+    environment:
+      - REDIS_PASSWORD=${IMMICH_REDIS_PASSWORD}
@@ -0,0 +1,62 @@
+services:
+  karakeep-app:
+    container_name: karakeep-app
+    image: ghcr.io/karakeep-app/karakeep:0.32.0
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/karakeep/data:/data
+    ports:
+      - 4070:4070
+    environment:
+      - PORT=4070
+      - API_URL=http://localhost:4070
+      - NEXTAUTH_URL=${KARAKEEP_NEXTAUTH_URL}
+      - NEXTAUTH_SECRET=${KARAKEEP_NEXTAUTH_SECRET}
+      - MEILI_ADDR=http://karakeep-meilisearch:7700
+      - MEILI_MASTER_KEY=${KARAKEEP_MEILI_MASTER_KEY}
+      - BROWSER_WEB_URL=http://karakeep-chrome:9222
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - OPENAI_API_KEY=ollama
+      - OPENAI_BASE_URL=http://ollama:11434/v1
+      - INFERENCE_TEXT_MODEL=llama3.2:3b
+      - INFERENCE_IMAGE_MODEL=minicpm-v:8b
+      - DATA_DIR=/data
+      - DISABLE_SIGNUPS=false
+      - CRAWLER_STORE_SCREENSHOT=true
+      - CRAWLER_FULL_PAGE_SCREENSHOT=true
+      - CRAWLER_ENABLE_ADBLOCKER=true
+
+  karakeep-chrome:
+    container_name: karakeep-chrome
+    image: gcr.io/zenika-hub/alpine-chrome:124
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command:
+      - --no-sandbox
+      - --disable-gpu
+      - --disable-dev-shm-usage
+      - --remote-debugging-address=0.0.0.0
+      - --remote-debugging-port=9222
+      - --hide-scrollbars
+
+  karakeep-meilisearch:
+    container_name: karakeep-meilisearch
+    image: docker.io/getmeili/meilisearch:v1.43.0
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - MEILI_NO_ANALYTICS=true
+      - MEILI_ADDR=http://127.0.0.1:7700
+      - MEILI_MASTER_KEY=${KARAKEEP_MEILI_MASTER_KEY}
+    volumes:
+      - ~/docker-volumes/karakeep/meilisearch:/meili_data
@@ -1,16 +0,0 @@
-services:
-  kavita:
-    container_name: kavita
-    image: jvmilazz0/kavita:0.7.13
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    security_opt:
-      - no-new-privileges:true
-    volumes:
-      - ~/docker-volumes/kavita/manga:/manga
-      - ~/docker-volumes/kavita/config:/kavita/config
-    ports:
-      - "3050:5000"
-    environment:
-      - TZ=Africa/Nairobi
@@ -0,0 +1,59 @@
+- name: Website
+  description: Personal website
+  tag: "website"
+  image: "https://avatars.githubusercontent.com/u/28790446"
+  cron: "*/5 * * * *"
+  defaultStatus: "UP"
+  api:
+    method: GET
+    url: https://rodneyosodo.com
+
+- name: Gist
+  description: Self-hosted pastebin powered by Git, open-source alternative to Github Gist.
+  tag: "opengist"
+  image: "https://raw.githubusercontent.com/thomiceli/opengist/master/public/opengist.svg"
+  cron: "*/5 * * * *"
+  defaultStatus: "UP"
+  api:
+    method: GET
+    url: https://gist.rodneyosodo.com
+
+- name: Gitea
+  description: Gitea is a painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD.
+  tag: "gitea"
+  image: "https://about.gitea.com/gitea-text.svg"
+  cron: "*/5 * * * *"
+  defaultStatus: "UP"
+  api:
+    method: GET
+    url: https://git.rodneyosodo.com
+
+- name: Hedgedoc
+  description: HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor.
+  tag: "hedgedoc"
+  image: "https://hedgedoc.org/images/banner/hedgedoc_banner_color_horizontal.svg"
+  cron: "*/5 * * * *"
+  defaultStatus: "UP"
+  api:
+    method: GET
+    url: https://hedgedoc.rodneyosodo.com
+
+- name: Immich
+  description: High-performance self-hosted photo and video management solution
+  tag: "immich"
+  image: "https://avatars.githubusercontent.com/u/109746326"
+  cron: "*/5 * * * *"
+  defaultStatus: "UP"
+  api:
+    method: GET
+    url: https://immich.rodneyosodo.com
+
+- name: Nextcloud
+  description: A safe home for all your data.
+  tag: "nextcloud"
+  image: "https://avatars.githubusercontent.com/u/19211038"
+  cron: "*/5 * * * *"
+  defaultStatus: "UP"
+  api:
+    method: GET
+    url: https://nextcloud.rodneyosodo.com
@@ -0,0 +1,3 @@
+database:
+  sqlite:
+    dbName: kener.db
@@ -0,0 +1,43 @@
+title: "Kener -  Open-Source and Modern Status Page"
+siteName: "Kener.ing"
+home: "/"
+logo: "/logo.png"
+favicon: "/logo96.png"
+theme: "system"
+themeToggle: true
+github:
+  owner: "rodneyosodo"
+  repo: "homelab"
+  incidentSince: 72
+metaTags:
+  description: "rodneyosodo - Kener: Open-source modern looking Node.js status page tool, designed to make service monitoring and incident handling a breeze. It offers a sleek and user-friendly interface that simplifies tracking service outages and improves how we communicate during incidents. And the best part? Kener integrates seamlessly with GitHub, making incident management a team effort—making it easier for us to track and fix issues together in a collaborative and friendly environment."
+  keywords: "rodneyosodo, Node.js status page, Incident management tool, Service monitoring, Service outage tracking, Real-time status updates, GitHub integration for incidents, Open-source status page, Node.js monitoring application, Service reliability, User-friendly incident management, Collaborative incident resolution, Seamless outage communication, Service disruption tracker, Real-time incident alerts, Node.js status reporting"
+  og:description: "rodneyosodo - Kener: Open-source Node.js status page tool, designed to make service monitoring and incident handling a breeze. It offers a sleek and user-friendly interface that simplifies tracking service outages and improves how we communicate during incidents. And the best part? Kener integrates seamlessly with GitHub, making incident management a team effort—making it easier for us to track and fix issues together in a collaborative and friendly environment."
+  og:image: "https://kener.ing/ss.png"
+  og:title: "rodneyosodo - Kener - Open-Source and Modern looking Node.js Status Page for Effortless Incident Management"
+  og:type: "website"
+  og:site_name: "rodneyosodo - Kener"
+  twitter:card: "summary_large_image"
+  twitter:site: "@_rajnandan_"
+  twitter:creator: "@_rajnandan_"
+  twitter:image: "https://kener.ing/ss.png"
+  twitter:title: "rodneyosodo - Kener: Open-Source and Modern looking Node.js Status Page for Effortless Incident Management"
+  twitter:description: "rodneyosodo - Kener: Open-source Node.js status page tool, designed to make service monitoring and incident handling a breeze. It offers a sleek and user-friendly interface that simplifies tracking service outages and improves how we communicate during incidents. And the best part? Kener integrates seamlessly with GitHub, making incident management a team effort—making it easier for us to track and fix issues together in a collaborative and friendly environment."
+nav:
+  - name: "Documentation"
+    url: "/docs"
+  - name: "Github"
+    url: "https://github.com/rodneyosodo/homelab"
+hero:
+  title: rodneyosodo services
+  subtitle: Anything and everything that can break, will break. Be prepared.
+footerHTML: |
+  Made using
+  <a href="https://github.com/rajnandan1/kener" target="_blank" rel="noreferrer" class="font-medium underline underline-offset-4">
+    Kener
+  </a>
+  an open source status page system built with Svelte and TailwindCSS.
+i18n:
+  defaultLocale: "en"
+  locales:
+    en: "English"
@@ -0,0 +1,66 @@
+services:
+  kener:
+    container_name: kener
+    image: docker.io/rajnandan1/kener:v4.0.23
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - TZ=Africa/Nairobi
+      - PUID=1000
+      - PGID=1000
+      - PORT=4040
+      - KENER_SECRET_KEY=${KENER_SECRET_KEY}
+      - ORIGIN=${KENER_ORIGIN}
+      - DATABASE_URL=${KENER_POSTGRES_URL}
+      - REDIS_URL=${KENER_REDIS_URL}
+      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_PORT=${SMTP_PORT}
+      - SMTP_USER=${SMTP_NAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - SMTP_SENDER=${MAIL_FROM_ADDRESS}
+      - SMTP_SECURE=1
+    ports:
+      - 4040:4040
+    volumes:
+      - ~/docker-volumes/kener/data:/app/database
+
+  kener-db:
+    container_name: kener-db
+    image: docker.io/postgres:16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/kener/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${KENER_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${KENER_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${KENER_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${KENER_POSTGRES_USER}' -d '${KENER_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  kener-redis:
+    container_name: kener-redis
+    image: docker.io/redis:8-alpine
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command: /bin/sh -c "redis-server --requirepass ${KENER_REDIS_PASSWORD}"
+    volumes:
+      - ~/docker-volumes/kener/redis:/data
+    environment:
+      - REDIS_PASSWORD=${KENER_REDIS_PASSWORD}
@@ -1,40 +0,0 @@
-services:
-  littlelink:
-    container_name: littlelink
-    image: ghcr.io/techno-tim/littlelink-server:latest
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    environment:
-      - META_TITLE=Rodney Osodo LittleLink
-      - META_DESCRIPTION=Software Engineer | Content Creator | Homelab | 🇰🇪
-      - META_AUTHOR=Rodney Osodo
-      - META_KEYWORDS=HomeLab, Software Engineering, Mechatronics Engineering
-      - LANG=en
-      - META_INDEX_STATUS=all
-      - OG_SITE_NAME=Rodney Osodo
-      - OG_TITLE=Rodney Osodo
-      - OG_DESCRIPTION=The home of Rodney Osodo
-      - OG_URL=https://rodneyosodo.com
-      - OG_IMAGE=https://pbs.twimg.com/profile_images/1266015480206237704/j78P7w8U_400x400.jpg
-      - OG_IMAGE_WIDTH=400
-      - OG_IMAGE_HEIGHT=400
-      - THEME=Dark
-      - FAVICON_URL=https://pbs.twimg.com/profile_images/1266015480206237704/j78P7w8U_400x400.jpg
-      - AVATAR_URL=https://pbs.twimg.com/profile_images/1266015480206237704/j78P7w8U_400x400.jpg
-      - AVATAR_2X_URL=https://pbs.twimg.com/profile_images/1266015480206237704/j78P7w8U_400x400.jpg
-      - AVATAR_ALT=Rodney Osodo Profile Pic
-      - NAME=RodneyOsodo
-      - BIO=Software Engineer | Content Creator | Homelab | 🇰🇪
-      - BUTTON_ORDER=GITHUB,TIKTOK,TWITTER,LINKED_IN,YOUTUBE,INSTAGRAM
-      - GITHUB=https://github.com/rodneyosodo
-      - TIKTOK=https://www.tiktok.com/@b1ackd0t
-      - TWITTER=https://twitter.com/b1ackd0t
-      - LINKED_IN=https://www.linkedin.com/in/rodneyosodo/
-      - YOUTUBE=https://www.youtube.com/@rodneyosodo
-      - INSTAGRAM=https://www.instagram.com/rodneyosodo/
-      - FOOTER=Rodney Osodo © 2022
-    ports:
-      - 2040:3000
-    security_opt:
-      - no-new-privileges:true
@@ -0,0 +1,25 @@
+services:
+  mealie:
+    container_name: mealie
+    image: docker.io/hkotel/mealie:v3.19.2
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/mealie:/app/data/
+    ports:
+      - 3040:9000
+    environment:
+      - TZ=Africa/Nairobi
+      - ALLOW_SIGNUP=true
+      - BASE_URL=${MEALIE_BASE_URL}
+      - DB_ENGINE=sqlite # Postgres has some issues with migrations
+      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_PORT=${SMTP_PORT}
+      - SMTP_FROM_NAME=${SMTP_NAME}
+      - SMTP_AUTH_STRATEGY=TLS
+      - SMTP_FROM_EMAIL=${MAIL_FROM_ADDRESS}
+      - SMTP_USER=${SMTP_NAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
@@ -1,22 +0,0 @@
-services:
-  nextcloud:
-    container_name: nextcloud
-    image: nextcloud:28.0.2
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    ports:
-      - 2030:80
-    volumes:
-      - ~/docker-volumes/nextcloud:/var/www/html
-    environment:
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=${POSTGRES_DB}
-      - POSTGRES_HOST=postgres
-      # TODO: Add SMTP settings
-      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} # or edit config/config.php https://docs.nextcloud.com/server/28/admin_manual/installation/installation_wizard.html#trusted-domains
-    security_opt:
-      - no-new-privileges:true
-    depends_on:
-      - postgres
@@ -1,7 +1,7 @@
 services:
  ntp:
    container_name: ntp
-    image: cturra/ntp:latest
+    image: docker.io/cturra/ntp:latest
    restart: unless-stopped
    networks:
      - homelab-network
@@ -1,31 +1,35 @@
 services:
  ollama:
    container_name: ollama
-    image: ollama/ollama:0.1.23
+    image: docker.io/ollama/ollama:0.24.0
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
+    environment:
+      - TZ=Africa/Nairobi
+      - OLLAMA_KEEP_ALIVE=15m
+      - OLLAMA_HOST=0.0.0.0:11434
+      - OLLAMA_MODELS=ollama-models
    volumes:
-      - ~/docker-volumes/ollama:/root/.ollama
-    tty: true
+      - ~/docker-volumes/ollama/data:/root/.ollama
+      - ~/docker-volumes/ollama/models:/ollama-models

-  ollama-webui:
-    container_name: ollama-webui
-    image: ghcr.io/ollama-webui/ollama-webui:main
+  open-webui:
+    container_name: open-webui
+    image: ghcr.io/open-webui/open-webui:v0.9.5
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
-    volumes:
-      - ~/docker-volumes/ollama-webui:/app/backend/data
+    environment:
+      - TZ=Africa/Nairobi
+      - OLLAMA_BASE_URL=http://ollama:11434
    depends_on:
      - ollama
    ports:
-      - 3060:8080
-    environment:
-      - OLLAMA_API_BASE_URL=http://ollama:11434/api
-    extra_hosts:
-      - host.docker.internal:host-gateway
+      - 5020:8080
+    volumes:
+      - ~/docker-volumes/open-webui/data:/app/backend/data
@@ -1,17 +1,25 @@
 services:
  opengist:
    container_name: opengist
-    image: ghcr.io/thomiceli/opengist:1.6.1
+    image: ghcr.io/thomiceli/opengist:1.12.2
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
    ports:
-      - 3020:6157 # HTTP port
+      - 3020:6157
+      - 3021:3021
      # - 2222:2222 # SSH port, can be removed if you don't use SSH
    volumes:
      - ~/docker-volumes/opengist:/opengist
    environment:
-      UID: 1000
-      GID: 1000
+      - UID=1000
+      - GID=1000
+      - OG_EXTERNAL_URL=https://gist.rodneyosodo.com
+      - OG_GIT_DEFAULT_BRANCH=main
+      - OG_METRICS_ENABLED=true
+      - OG_METRICS_HOST=0.0.0.0
+      - OG_METRICS_PORT=3021
+      - OG_SSH_GIT_ENABLED=false
+      - OG_LOG_LEVEL=warn
@@ -0,0 +1,160 @@
+services:
+  paperless:
+    container_name: paperless
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - PAPERLESS_TIME_ZONE=Africa/Nairobi
+      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
+      - PAPERLESS_OCR_LANGUAGE=eng
+      - PAPERLESS_REDIS=${PAPERLESS_REDIS_URL}
+      - PAPERLESS_DBENGINE=postgresql
+      - PAPERLESS_DBHOST=paperless-db
+      - PAPERLESS_DBNAME=${PAPERLESS_POSTGRES_DB}
+      - PAPERLESS_DBUSER=${PAPERLESS_POSTGRES_USER}
+      - PAPERLESS_DBPASS=${PAPERLESS_POSTGRES_PASSWORD}
+      - PAPERLESS_TIKA_ENABLED=1
+      - PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://gotenberg:3000
+      - PAPERLESS_TIKA_ENDPOINT=http://tika:9998
+    depends_on:
+      - paperless-db
+      - paperless-redis
+      - gotenberg
+      - tika
+    ports:
+      - 5030:8000
+    volumes:
+      - ~/docker-volumes/paperless/data:/usr/src/paperless/data
+      - ~/docker-volumes/paperless/media:/usr/src/paperless/media
+      - ~/docker-volumes/paperless/export:/usr/src/paperless/export
+      - ~/docker-volumes/paperless/consume:/usr/src/paperless/consume
+
+  paperless-db:
+    container_name: paperless-db
+    image: docker.io/postgres:18
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ~/docker-volumes/paperless/db:/var/lib/postgresql
+    environment:
+      - POSTGRES_USER=${PAPERLESS_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${PAPERLESS_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${PAPERLESS_POSTGRES_DB}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${PAPERLESS_POSTGRES_USER}' -d '${PAPERLESS_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  paperless-redis:
+    container_name: paperless-redis
+    image: docker.io/redis:8
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command: /bin/sh -c "redis-server --requirepass ${PAPERLESS_REDIS_PASSWORD}"
+    volumes:
+      - ~/docker-volumes/paperless/redis:/data
+    environment:
+      - REDIS_PASSWORD=${PAPERLESS_REDIS_PASSWORD}
+
+  gotenberg:
+    container_name: gotenberg
+    image: docker.io/gotenberg/gotenberg:8.33
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+
+  tika:
+    container_name: tika
+    image: docker.io/apache/tika:latest
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+
+  paperless-ai:
+    container_name: paperless-ai
+    image: docker.io/clusterzx/paperless-ai:latest
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    depends_on:
+      - ollama
+      - paperless
+    ports:
+      - 5031:3000
+    environment:
+      - TZ=Africa/Nairobi
+      - PAPERLESS_API_URL=http://paperless:8000/api
+      - PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
+      - PAPERLESS_USERNAME=${PAPERLESS_USERNAME}
+      - AI_PROVIDER=ollama
+      - OLLAMA_API_URL=http://ollama:11434
+      - OLLAMA_MODEL=llama3.2:3b
+      - RAG_SERVICE_URL=http://localhost:8000
+      - RAG_SERVICE_ENABLED=true
+      - SCAN_INTERVAL=*/30 * * * *
+      - PAPERLESS_URL=http://paperless:8000/api
+    volumes:
+      - ~/docker-volumes/paperless/ai/data:/app/data
+
+  paperless-gpt:
+    container_name: paperless-gpt
+    image: docker.io/icereed/paperless-gpt:v0.25.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    depends_on:
+      - ollama
+      - paperless
+    ports:
+      - 5032:8080
+    environment:
+      - TZ=Africa/Nairobi
+      - PAPERLESS_BASE_URL=http://paperless:8000
+      - PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
+      - PAPERLESS_PUBLIC_URL=${PAPERLESS_PUBLIC_URL}
+      - LLM_PROVIDER=ollama
+      - LLM_MODEL=llama3.2:3b
+      - OLLAMA_HOST=http://ollama:11434
+      - OLLAMA_CONTEXT_LENGTH=8192
+      - TOKEN_LIMIT=1000
+      - LLM_LANGUAGE=English
+      - OCR_PROVIDER=llm
+      - VISION_LLM_PROVIDER=ollama
+      - VISION_LLM_MODEL=minicpm-v:8b
+      - AUTO_OCR_TAG=paperless-gpt-ocr-auto
+      - AUTO_TAG=paperless-gpt-auto
+      - MANUAL_TAG=paperless-gpt-manual
+      - PDF_OCR_TAGGING=true
+      - PDF_OCR_COMPLETE_TAG=paperless-gpt-ocr-complete
+      - PDF_UPLOAD=false
+      - PDF_REPLACE=false
+      - LOG_LEVEL=info
+    volumes:
+      - ~/docker-volumes/paperless/gpt/prompts:/app/prompts
@@ -1,27 +1,26 @@
 services:
  pihole:
    container_name: pihole
-    image: pihole/pihole:2024.01.0
+    image: docker.io/pihole/pihole:2026.05.0
    restart: unless-stopped
    networks:
      homelab-network:
        ipv4_address: 172.30.0.100
    ports:
-      - "53:53/tcp"
-      - "53:53/udp"
-      - "67:67/udp"
-      - "2050:80/tcp"
+      - 53:53/tcp
+      - 53:53/udp
+      - 2050:80/tcp
    environment:
      - TZ=Africa/Nairobi
-      - WEBPASSWORD=${PIHOLE_WEBPASSWORD}
-      - PIHOLE_DNS_=172.30.0.101#2051
-      - DNSMASQ_LISTENING=all
-      - VIRTUAL_HOST=pihole.yourdomain.com
+      - PIHOLE_DNS_=172.30.0.101#2052
+      - PIHOLE_UID=1000
+      - PIHOLE_GID=1000
+      - FTLCONF_webserver_api_password=${PIHOLE_WEBPASSWORD}
+      - FTLCONF_dns_listeningMode=ALL
+      - FTLCONF_dns_upstreams=172.30.0.101#2052
    volumes:
      - ~/docker-volumes/pihole:/etc/pihole
      - ~/docker-volumes/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
-    cap_add:
-      - NET_ADMIN
    security_opt:
      - no-new-privileges:true
    depends_on:
@@ -29,7 +28,7 @@ services:

  unbound:
    container_name: unbound
-    image: mvance/unbound:1.19.0
+    image: docker.io/mvance/unbound:1.22.0
    restart: unless-stopped
    networks:
      homelab-network:
@@ -37,7 +36,7 @@ services:
    volumes:
      - ./docker-compose/pihole/unbound/unbound.conf:/opt/unbound/etc/unbound/unbound.conf
    ports:
-      - "2051:53/tcp"
-      - "2051:53/udp"
+      - 2052:53/tcp
+      - 2052:53/udp
    security_opt:
      - no-new-privileges:true
@@ -55,7 +55,7 @@ server:

    # Listen to for queries from clients and answer from this network interface
    # and port.
-    interface: 0.0.0.0@2051
+    interface: 0.0.0.0@2052
    # interface: ::0
    port: 53

@@ -101,7 +101,7 @@ server:
    # Level 3: Gives query level information, output per query.
    # Level 4:  Gives algorithm level information.
    # Level 5: Logs client identification for cache misses.
-    verbosity: 0
+    verbosity: 2

    ###########################################################################
    # PERFORMANCE SETTINGS
@@ -1,17 +1,12 @@
-volumes:
-  portainer-data:
-    driver: local
-
 services:
  portainer:
    container_name: portainer
-    image: portainer/portainer-ce:2.19.4
+    image: docker.io/portainer/portainer-ce:2.42.0
    restart: unless-stopped
    networks:
      - homelab-network
    ports:
      - 9443:9443
-      - 8000:8000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ~/docker-volumes/portainer-data:/data
@@ -1,17 +0,0 @@
-services:
-  postgres:
-    container_name: postgres
-    image: postgres:16.1
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    environment:
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=${POSTGRES_DB}
-    ports:
-      - 5432:5432
-    volumes:
-      - ~/docker-volumes/postgres-data:/var/lib/postgresql/data
-    security_opt:
-      - no-new-privileges:true
@@ -0,0 +1,15 @@
+services:
+  prometheus:
+    container_name: prometheus
+    image: docker.io/prom/prometheus:v3.12.0
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - 4081:9090
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./docker-compose/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - ~/docker-volumes/prometheus/data:/prometheus
@@ -0,0 +1,34 @@
+global:
+  scrape_interval: 15s
+  scrape_timeout: 10s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: prometheus
+    honor_timestamps: true
+    metrics_path: /metrics
+    scheme: http
+    static_configs:
+      - targets:
+          - localhost:9090
+
+  - job_name: cloudflared
+    static_configs:
+      - targets:
+          - cloudflared:4090
+
+  - job_name: dawarich-app
+    static_configs:
+      - targets:
+          - dawarich-app:9394
+          - dawarich-sidekiq:9394
+
+  - job_name: endlessh
+    static_configs:
+      - targets:
+          - endlessh:2112
+
+  - job_name: opengist
+    static_configs:
+      - targets:
+          - opengist:3021
@@ -1,16 +0,0 @@
-services:
-  redis:
-    container_name: redis
-    image: redis:7.2.4
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    security_opt:
-      - no-new-privileges:true
-    command: /bin/sh -c "redis-server --requirepass ${REDIS_PASSWORD}"
-    volumes:
-      - ~/docker-volumes/redis:/data
-    ports:
-      - 6379:6379
-    environment:
-      - REDIS_PASSWORD=${REDIS_PASSWORD}
@@ -0,0 +1,40 @@
+services:
+  rustfs:
+    container_name: rustfs
+    image: docker.io/rustfs/rustfs:latest
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - "5010:5010" # S3 API port
+      - "5011:5011" # Console port
+    environment:
+      - RUSTFS_ADDRESS=0.0.0.0:5010
+      - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:5011
+      - RUSTFS_CONSOLE_ENABLE=true
+      - RUSTFS_EXTERNAL_ADDRESS=:5010 # Same as internal since no port mapping
+      - RUSTFS_CORS_ALLOWED_ORIGINS=*
+      - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
+      - RUSTFS_ACCESS_KEY=${RUSTFS_ACCESS_KEY}
+      - RUSTFS_SECRET_KEY=${RUSTFS_SECRET_KEY}
+      - RUSTFS_OBS_LOGGER_LEVEL=info
+      # Object Cache
+      - RUSTFS_OBJECT_CACHE_ENABLE=true
+      - RUSTFS_OBJECT_CACHE_TTL_SECS=300
+    volumes:
+      - ~/docker-volumes/rustfs/data:/data
+      - ~/docker-volumes/rustfs/logs:/app/logs
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "sh",
+          "-c",
+          "curl -f http://localhost:5010/health && curl -f http://localhost:5011/rustfs/console/health",
+        ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
@@ -1,27 +1,56 @@
 services:
  speedtest-tracker:
    container_name: speedtest-tracker
-    image: ghcr.io/alexjustesen/speedtest-tracker:v0.14.5
+    image: docker.io/linuxserver/speedtest-tracker:1.14.3
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
    ports:
-      - '3030:80'
-      - '3031:443'
+      - 3030:80
+      - 3031:443
    environment:
      - PUID=1000
      - PGID=1000
+      - TZ=Africa/Nairobi
      - DB_CONNECTION=pgsql
-      - DB_USERNAME=${POSTGRES_USER}
-      - DB_PASSWORD=${POSTGRES_PASSWORD}
-      - DB_DATABASE=${POSTGRES_DB}
-      - DB_HOST=postgres
+      - DB_USERNAME=${SPEEDTEST_TRACKER_POSTGRES_USER}
+      - DB_PASSWORD=${SPEEDTEST_TRACKER_POSTGRES_PASSWORD}
+      - DB_DATABASE=${SPEEDTEST_TRACKER_POSTGRES_DB}
+      - DB_HOST=speedtest-tracker-db
      - DB_PORT=5432
+      - APP_KEY=${SPEEDTEST_TRACKER_APP_KEY}
+      - APP_TIMEZONE=Africa/Nairobi
+      - DISPLAY_TIMEZONE=Africa/Nairobi
+      - SPEEDTEST_SCHEDULE="*/15 * * * *"
+      - SPEEDTEST_SERVERS="8402,37726,38255"
    volumes:
-      - /etc/localtime:/etc/localtime:ro
      - ~/docker-volumes/speedtest-tracker/config:/config
      - ~/docker-volumes/speedtest-tracker/web:/etc/ssl/web
    depends_on:
-      - postgres
+      - speedtest-tracker-db
+
+  speedtest-tracker-db:
+    container_name: speedtest-tracker-db
+    image: docker.io/postgres:16.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    environment:
+      - POSTGRES_USER=${SPEEDTEST_TRACKER_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${SPEEDTEST_TRACKER_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${SPEEDTEST_TRACKER_POSTGRES_DB}
+    volumes:
+      - ~/docker-volumes/speedtest-tracker/postgres-data:/var/lib/postgresql/data
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U '${SPEEDTEST_TRACKER_POSTGRES_USER}' -d '${SPEEDTEST_TRACKER_POSTGRES_DB}'",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
@@ -1,11 +1,11 @@
 services:
  swagger-editor:
    container_name: swagger-editor
-    image: swaggerapi/swagger-editor:v4.12.1
+    image: docker.io/swaggerapi/swagger-editor:v5.5.2
    restart: unless-stopped
    networks:
      - homelab-network
    security_opt:
      - no-new-privileges:true
    ports:
-      - 2080:8080
+      - 2080:80
@@ -1,14 +0,0 @@
-services:
-  uptime-kuma:
-    container_name: uptime-kuma
-    image: louislam/uptime-kuma:1.23.11
-    restart: unless-stopped
-    networks:
-      - homelab-network
-    ports:
-      - 3001:3001
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ~/docker-volumes/uptime-kuma-data:/app/data
-    security_opt:
-      - no-new-privileges:true
@@ -1,7 +1,7 @@
 services:
  vaultwarden:
    container_name: vaultwarden
-    image: vaultwarden/server:1.30.3
+    image: docker.io/vaultwarden/server:1.36.0
    restart: unless-stopped
    networks:
      - homelab-network
@@ -9,5 +9,8 @@ services:
      - no-new-privileges:true
    volumes:
      - ~/docker-volumes/vaultwarden-data:/data
+    environment:
+      - SIGNUPS_ALLOWED=false
+      - DOMAIN=${VAULTWARDEN_DOMAIN}
    ports:
      - 3010:80
@@ -0,0 +1,13 @@
+services:
+  watcharr:
+    container_name: watcharr
+    image: ghcr.io/sbondco/watcharr:v3.0.1
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - 4060:3080
+    volumes:
+      - ~/docker-volumes/watcharr-data:/data
@@ -0,0 +1,46 @@
+# Heimdall Proxmox Backup Server Setup
+
+## Requirements
+
+- [Proxmox Backup Server](https://proxmox.com/en/downloads/proxmox-backup-server) 3.3 or higher
+
+## Installation
+
+1. Flash the Heimdall Proxmox Backup Server image to a USB drive.
+
+```bash
+# writing an ISO image to a USB stick using the dd command
+sudo dd if=proxmox-backup-server_3.3-1.iso of=/dev/sda1 bs=1M conv=sync status=progress
+```
+
+2. Boot the Heimdall Proxmox Backup Server.
+3. Configure the server with.
+   - DISK: zfs raid0 (raid0)
+4. Reboot the server.
+
+## Post Installation
+
+1. Connect to ethernet port.
+2. Login to the server UI.
+3. Run ansible playbooks.
+
+```bash
+cd ~/homelab/ansible
+make setup-heimdall
+```
+
+6. Run smart monitoring:
+
+   ```bash
+   smartctl -a /dev/sda
+   ```
+
+7. Run the following commands:
+
+   ```bash
+   curl -fsSL https://tailscale.com/install.sh | sh
+   tailscale up --ssh --accept-routes --advertise-exit-node
+   zpool import -f nyika
+   ```
+
+8. Login to the tailscale UI.
@@ -0,0 +1,28 @@
+# Kubernetes
+
+## Requirements
+
+- [Galana](../terraform/galana)
+- [Turkwel](../terraform/turkwel)
+- [Yala](../terraform/yala)
+
+## Setup
+
+### Galana
+
+```bash
+ssh rodneyosodo@galana
+curl -sfL https://get.k3s.io | sh -
+sudo scp /etc/rancher/k3s/k3s.yaml rodneyosodo@thor:/home/rodneyosodo/Downloads/k3s-config
+sudo cat /var/lib/rancher/k3s/server/node-token
+```
+
+Change server address to `https://galana:6443`
+
+### Turkwel & Yala
+
+```bash
+ssh rodneyosodo@turkwel
+ssh rodneyosodo@yala
+curl -sfL https://get.k3s.io | K3S_URL=https://galana:6443 K3S_TOKEN=mynodetoken sh -
+```
@@ -12,6 +12,8 @@ usermod -aG sudo rodneyosodo

 ## Disable DVD/ISO CD-ROM Package Repository

+This is on debian
+
 ```bash
 nano /etc/apt/sources.list
 ```
@@ -22,35 +24,8 @@ comment line
 # deb cdrom:[Debian GNU/Linux 12.4.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20231210-17:57]/ bookworm main non-free-firmware
 ```

-## Install Updates
-
-```bash
-apt update && apt upgrade -y && apt install sudo -y
-```
-
-## Logout from root and current user
-
-```bash
-exit
-```
-
-```bash
-exit
-```
-
-## Install nala (apt package manager)
-
-```bash
-sudo apt install nala
-sudo nala fetch
-```
-
 ## Install software

-```bash
-sudo nala install ssh openssh-server git vim htop bpytop neofetch p7zip tar curl wget make thefuck python3-pip
-```
-
 ## Install docker

 ```bash
@@ -65,12 +40,6 @@ sudo systemctl enable docker.service
 sudo systemctl enable containerd.service
 ```

-## Install vscode server
-
-```bash
-curl -fsSL https://code-server.dev/install.sh | sh
-```
-
 ## Disable GRUB delay

 ```bash
@@ -80,13 +49,7 @@ sudo update-grub

 ## Setup git

-```bash
-git config --global user.email "28790446+rodneyosodo@users.noreply.github.com"
-git config --global user.name "Rodney Osodo"
-git config --global push.autoSetupRemote true
-git config --global commit.gpgsign true
-git config --global core.editor vim
-```
+Use dotfiles found [here](https://github.com/rodneyosodo/dotfiles/tree/main/config)

 ```bash
 mkdir ~/.ssh
@@ -95,8 +58,8 @@ mkdir ~/.ssh
 copy ssh key

 ```bash
-scp ~/.ssh/github rodneyosodo@192.168.100.32:/home/rodneyosodo/.ssh/
-scp ~/.ssh/github.pub rodneyosodo@192.168.100.32:/home/rodneyosodo/.ssh/
+scp ~/.ssh/github rodneyosodo@bohr:/home/rodneyosodo/.ssh/
+scp ~/.ssh/github.pub rodneyosodo@bohr:/home/rodneyosodo/.ssh/
 ```

 ```bash
@@ -174,3 +137,62 @@ sudo systemctl restart sshd
 ```bash
 ssh -2 rodneyosodo@192.168.100.32
 ```
+
+## Install tailscale
+
+```bash
+curl -fsSL https://tailscale.com/install.sh | sh
+sudo tailscale up --ssh
+```
+
+## Setup Syncthing On Remote Host
+
+Port forward to localhost:1111
+
+```bash
+ssh rodneyosodo@tana -L 1111:localhost:8384
+```
+
+### Clear disk storage
+
+```bash
+fdisk /dev/sda
+```
+
+```bash
+ Command (m for help): p
+ Command (m for help): d
+ Command (m for help): w
+```
+
+## Passthrough USB nic to VM:
+
+```bash
+usb-devices
+```
+
+```bash
+T:  Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  5 Spd=5000 MxCh= 0
+D:  Ver= 3.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs=  2
+P:  Vendor=0bda ProdID=8153 Rev=31.00
+S:  Manufacturer=Realtek
+S:  Product=USB 10/100/1000 LAN
+S:  SerialNumber=001000001
+C:  #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=288mA
+I:  If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=00 Driver=r8152
+E:  Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
+E:  Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
+E:  Ad=83(I) Atr=03(Int.) MxPS=   2 Ivl=16ms
+```
+
+```bash
+qm set 110 -usb0 host=0bda:8153,usb3=yes
+```
+
+## Create a new user and add it to the sudo group
+
+```bash
+adduser rodneyosodo
+usermod -aG sudo rodneyosodo
+su - rodneyosodo
+```
@@ -0,0 +1,50 @@
+# Odin Proxmox Setup
+
+## Requirements
+
+- [Proxmox VE](https://www.proxmox.com/en/downloads) 8.2 or higher
+
+## Installation
+
+1. Flash the Odin Proxmox image to a USB drive.
+
+```bash
+# writing an ISO image to a USB stick using the dd command
+sudo dd if=proxmox-ve_8.2-2.iso of=/dev/sdc bs=1M conv=sync status=progress
+```
+
+2. Boot the Odin Proxmox server.
+3. Configure the server with.
+   - DISK: btrfs raid0 (raid0)
+4. Reboot the server.
+
+## Post Installation
+
+1. Login to the server UI.
+2. Enable ZFS, done in the Proxmox VE web interface.
+3. Make proxmox VLAN aware on UI.
+4. Change DNS to `1.1.1.1` and `8.8.8.8`
+5. Run the following commands:
+
+   ```bash
+   curl -fsSL https://tailscale.com/install.sh | sh
+   tailscale up --ssh --accept-routes --advertise-exit-node
+   zpool import -f yatta
+   ```
+
+6. Login to the tailscale UI.
+7. Run ansible playbooks.
+
+   ```bash
+   cd ~/homelab/ansible
+   make setup-odin
+   ```
+
+8. Enable smart monitoring:
+
+   ```bash
+   smartctl -a /dev/sda
+   ```
+
+9. Add cloud images to proxmox UI.
+   - [Ubuntu 24.04 LTS (noble-server-amd64)](https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img)
@@ -0,0 +1,554 @@
+# Tests
+
+## 1. Network IO
+
+We can use the `iperf` tool to measure the network bandwidth.
+
+To measure the network bandwidth, we need to run the following command on the server, bohr:
+
+```bash
+iperf -s -p 5200
+```
+
+Then, run the following command on the client, desktop:
+
+```bash
+iperf -c 192.168.100.32 -p 5200 --hide-ips
+```
+
+While using ethernet cable connected to the router:
+
+```bash
+------------------------------------------------------------
+Client connecting to (**hidden**), TCP port 5200
+TCP window size: 16.0 KByte (default)
+------------------------------------------------------------
+[  1] local *.*.*.79 port 55392 connected with *.*.*.85 port 5200
+[ ID] Interval       Transfer     Bandwidth
+[  1] 0.0000-10.0420 sec  1.03 GBytes   882 Mbits/sec
+```
+
+The above output shows that the network bandwidth between my PC and the home server inside the LAN is 882 Mbits/sec.
+
+To run the test on the internet, we need to run the following command on the client:
+
+```bash
+iperf -c ping.online.net -p 5200 --hide-ips
+```
+
+```bash
+------------------------------------------------------------
+Client connecting to (**hidden**), TCP port 5200
+TCP window size: 16.0 KByte (default)
+------------------------------------------------------------
+[  1] local *.*.*.14 port 50456 connected with *.*.*.21 port 5200
+[ ID] Interval       Transfer     Bandwidth
+[  1] 0.0000-9.6136 sec  35.6 MBytes  31.1 Mbits/sec
+```
+
+The above output shows that the network bandwidth between my PC and the server on the internet is 19.6 Mbits/sec.
+
+## 2. CPU
+
+We can use the `lscpu` tool to get the CPU model.
+
+```bash
+lscpu
+```
+
+```bash
+Architecture:             x86_64
+  CPU op-mode(s):         32-bit, 64-bit
+  Address sizes:          48 bits physical, 48 bits virtual
+  Byte Order:             Little Endian
+CPU(s):                   16
+  On-line CPU(s) list:    0-15
+Vendor ID:                AuthenticAMD
+  BIOS Vendor ID:         Advanced Micro Devices, Inc.
+  Model name:             AMD Ryzen 7 4800H with Radeon Graphics
+    BIOS Model name:      AMD Ryzen 7 4800H with Radeon Graphics          Unknown CPU @ 2.9GHz
+    BIOS CPU family:      107
+    CPU family:           23
+    Model:                96
+    Thread(s) per core:   2
+    Core(s) per socket:   8
+    Socket(s):            1
+    Stepping:             1
+    Frequency boost:      enabled
+    CPU(s) scaling MHz:   108%
+    CPU max MHz:          2900.0000
+    CPU min MHz:          1400.0000
+    BogoMIPS:             5789.09
+    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rd
+                          tscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe
+                          popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce top
+                          oext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep
+                           bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero ir
+                          perf xsaveerptr rdpru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshol
+                          d avic v_vmsave_vmload vgif v_spec_ctrl umip rdpid overflow_recov succor smca
+Virtualization features:
+  Virtualization:         AMD-V
+Caches (sum of all):
+  L1d:                    256 KiB (8 instances)
+  L1i:                    256 KiB (8 instances)
+  L2:                     4 MiB (8 instances)
+  L3:                     8 MiB (2 instances)
+NUMA:
+  NUMA node(s):           1
+  NUMA node0 CPU(s):      0-15
+```
+
+## 3. Memory
+
+We can use the `lsmem` tool to get the memory model.
+
+```bash
+lsmem
+```
+
+```bash
+RANGE                                 SIZE  STATE REMOVABLE BLOCK
+0x0000000000000000-0x000000107fffffff  66G online       yes  0-32
+
+Memory block size:         2G
+Total online memory:      66G
+Total offline memory:      0B
+```
+
+## 4. Disk
+
+NVMe SSD is used to install the operating system, proxmox and hold backups for the VMS locally. HDD is used to hold the virtual machines.
+Currently, I have not configured any RAID level for the HDD.
+
+To test the disk performance, we can use the `dd` tool to write and read data from the disk.
+
+```bash
+dd if=/dev/zero of=/tmp/test bs=64k count=64k conv=fdatasync
+```
+
+Results from bohr:
+
+```bash
+65536+0 records in
+65536+0 records out
+4294967296 bytes (4.3 GB, 4.0 GiB) copied, 4.44474 s, 966 MB/s
+```
+
+### Benchmark utilities
+
+#### bench.sh for my PC
+
+```bash
+wget -qO- bench.sh | bash
+```
+
+```bash
+-------------------- A Bench.sh Script By Teddysun -------------------
+ Version            : v2024-11-11
+ Usage              : wget -qO- bench.sh | bash
+----------------------------------------------------------------------
+ CPU Model          : AMD Ryzen 7 7735HS with Radeon Graphics
+ CPU Cores          : 16 @ 4341.376 MHz
+ CPU Cache          : 512 KB
+ AES-NI             : ✓ Enabled
+ VM-x/AMD-V         : ✓ Enabled
+ Total Disk         : 4.6 TB (3.0 TB Used)
+ Total Mem          : 27.1 GB (11.0 GB Used)
+ Total Swap         : 54.3 GB (14.5 MB Used)
+ System uptime      : 0 days, 7 hour 28 min
+ Load average       : 4.40, 2.48, 2.08
+ OS                 : Arch Linux
+ Arch               : x86_64 (64 Bit)
+ Kernel             : 6.13.8-arch1-1
+ TCP CC             : cubic
+ Virtualization     : Dedicated
+ IPv4/IPv6          : ✓ Online / ✗ Offline
+Prepended http:// to 'ipinfo.io/org'
+Prepended http:// to 'ipinfo.io/city'
+Prepended http:// to 'ipinfo.io/country'
+Prepended http:// to 'ipinfo.io/region
+ Organization       : AS33771 Safaricom Limited
+ Location           : Nairobi / KE
+ Region             : Nairobi Area
+----------------------------------------------------------------------
+I/O Speed(1st run) : 965 MB/s
+I/O Speed(2nd run) : 890 MB/s
+I/O Speed(3rd run) : 820 MB/s
+I/O Speed(average) : 891.7 MB/s
+----------------------------------------------------------------------
+Node Name        Upload Speed      Download Speed      Latency
+Speedtest.net    28.81 Mbps        27.86 Mbps          11.37 ms
+Paris, FR        29.52 Mbps        32.82 Mbps          169.86 ms
+Amsterdam, NL    29.94 Mbps        29.65 Mbps          175.93 ms
+Shanghai, CN     1.91 Mbps         26.48 Mbps          566.82 ms
+Hong Kong, CN    27.50 Mbps        31.24 Mbps          188.28 ms
+Singapore, SG    30.39 Mbps        34.24 Mbps          247.31 ms
+Tokyo, JP        30.50 Mbps        29.29 Mbps          292.47 ms
+----------------------------------------------------------------------
+Finished in        : 4 min 15 sec
+Timestamp          : 2025-03-29 12:55:35 EAT
+----------------------------------------------------------------------
+```
+
+## nench for my PC
+
+```bash
+(wget -qO- wget.racing/nench.sh | bash; wget -qO- wget.racing/nench.sh | bash) 2>&1 | tee nench.log
+```
+
+```bash
+Prepended http:// to 'wget.racing/nench.sh'
+-------------------------------------------------
+ nench.sh v2019.07.20 -- https://git.io/nench.sh
+ benchmark timestamp:    2025-03-29 10:02:20 UTC
+-------------------------------------------------
+
+Processor:    AMD Ryzen 7 7735HS with Radeon Graphics
+CPU cores:    16
+Frequency:    4586.167 MHz
+RAM:          27Gi
+Swap:         54Gi
+Kernel:       Linux 6.13.8-arch1-1 x86_64
+
+Disks:
+nvme0n1  931.5G  SSD
+zram0   54.3G  SSD
+
+CPU: SHA256-hashing 500 MB
+    0.312 seconds
+CPU: bzip2-compressing 500 MB
+    2.422 seconds
+CPU: AES-encrypting 500 MB
+    0.574 seconds
+
+ioping: seek rate
+    min/avg/max/mdev = 63.3 us / 77.9 us / 7.78 ms / 55.2 us
+ioping: sequential read speed
+    generated 21.9 k requests in 5.00 s, 5.36 GiB, 4.39 k iops, 1.07 GiB/s
+
+dd: sequential write speed
+    1st run:    1049.04 MiB/s
+    2nd run:    1049.04 MiB/s
+    3rd run:    1049.04 MiB/s
+    average:    1049.04 MiB/s
+
+IPv4 speedtests
+    your IPv4:    105.163.158.xxxx
+
+    Cachefly CDN:         3.57 MiB/s
+    Leaseweb (NL):        0.02 MiB/s
+    Softlayer DAL (US):   0.00 MiB/s
+    Online.net (FR):      3.46 MiB/s
+    OVH BHS (CA):         3.00 MiB/s
+
+No IPv6 connectivity detected
+-------------------------------------------------
+```
+
+## bench.sh for bohr
+
+```bash
+wget -qO- bench.sh | bash
+```
+
+```bash
+-------------------- A Bench.sh Script By Teddysun -------------------
+ Version            : v2024-11-11
+ Usage              : wget -qO- bench.sh | bash
+----------------------------------------------------------------------
+ CPU Model          : QEMU Virtual CPU version 2.5+
+ CPU Cores          : 8 @ 2894.560 MHz
+ CPU Cache          : 512 KB
+ AES-NI             : ✓ Enabled
+ VM-x/AMD-V         : ✗ Disabled
+ Total Disk         : 492.1 GB (221.8 GB Used)
+ Total Mem          : 19.5 GB (4.3 GB Used)
+ System uptime      : 0 days, 1 hour 1 min
+ Load average       : 0.46, 0.78, 1.09
+ OS                 : Debian GNU/Linux 12
+ Arch               : x86_64 (64 Bit)
+ Kernel             : 6.1.0-32-amd64
+ TCP CC             :
+ Virtualization     : KVM
+ IPv4/IPv6          : ✓ Online / ✗ Offline
+ Organization       : AS33771 Safaricom Limited
+ Location           : Nairobi / KE
+ Region             : Nairobi Area
+----------------------------------------------------------------------
+I/O Speed(1st run) : 792 MB/s
+I/O Speed(2nd run) : 917 MB/s
+I/O Speed(3rd run) : 765 MB/s
+I/O Speed(average) : 824.7 MB/s
+----------------------------------------------------------------------
+Node Name        Upload Speed      Download Speed      Latency
+Speedtest.net    28.86 Mbps        28.90 Mbps          11.98 ms
+Paris, FR        29.67 Mbps        32.36 Mbps          176.92 ms
+Amsterdam, NL    29.83 Mbps        34.01 Mbps          176.65 ms
+Shanghai, CN     2.80 Mbps         31.05 Mbps          928.30 ms
+Hong Kong, CN    30.31 Mbps        33.44 Mbps          186.17 ms
+Singapore, SG    29.66 Mbps        32.97 Mbps          245.92 ms
+Tokyo, JP        32.60 Mbps        36.11 Mbps          294.09 ms
+----------------------------------------------------------------------
+Finished in        : 4 min 9 sec
+Timestamp          : 2025-03-29 10:08:54 UTC
+----------------------------------------------------------------------
+```
+
+## nench for bohr
+
+```bash
+(wget -qO- wget.racing/nench.sh | bash; wget -qO- wget.racing/nench.sh | bash) 2>&1 | tee nench.log
+```
+
+```bash
+-------------------------------------------------
+ nench.sh v2019.07.20 -- https://git.io/nench.sh
+ benchmark timestamp:    2025-03-29 10:09:26 UTC
+-------------------------------------------------
+
+Processor:    QEMU Virtual CPU version 2.5+
+CPU cores:    8
+Frequency:    2894.560 MHz
+RAM:          19Gi
+bash: line 156: swapon: command not found
+Swap:         -
+Kernel:       Linux 6.1.0-32-amd64 x86_64
+
+Disks:
+sda    500G  HDD
+
+CPU: SHA256-hashing 500 MB
+    1.856 seconds
+CPU: bzip2-compressing 500 MB
+    3.691 seconds
+CPU: AES-encrypting 500 MB
+    0.633 seconds
+
+ioping: seek rate
+    min/avg/max/mdev = 71.5 us / 151.2 us / 10.2 ms / 151.9 us
+ioping: sequential read speed
+    generated 19.8 k requests in 5.00 s, 4.83 GiB, 3.96 k iops, 989.8 MiB/s
+
+dd: sequential write speed
+    1st run:    635.15 MiB/s
+    2nd run:    1049.04 MiB/s
+    3rd run:    1049.04 MiB/s
+    average:    911.08 MiB/s
+
+IPv4 speedtests
+    your IPv4:    105.163.158.xxxx
+
+    Cachefly CDN:         0.00 MiB/s
+    Leaseweb (NL):        0.01 MiB/s
+    Softlayer DAL (US):   0.00 MiB/s
+    Online.net (FR):      3.34 MiB/s
+    OVH BHS (CA):         2.99 MiB/s
+
+No IPv6 connectivity detected
+-------------------------------------------------
+```
+
+## bench.sh for odin
+
+```bash
+wget -qO- bench.sh | bash
+```
+
+```bash
+-------------------- A Bench.sh Script By Teddysun -------------------
+ Version            : v2024-11-11
+ Usage              : wget -qO- bench.sh | bash
+----------------------------------------------------------------------
+ CPU Model          : AMD Ryzen 7 4800H with Radeon Graphics
+ CPU Cores          : 16 @ 3028.863 MHz
+ CPU Cache          : 512 KB
+ AES-NI             : ✓ Enabled
+ VM-x/AMD-V         : ✓ Enabled
+ Total Disk         : 2.7 TB (812.7 GB Used)
+ Total Mem          : 62.2 GB (28.6 GB Used)
+ System uptime      : 0 days, 1 hour 13 min
+ Load average       : 1.43, 2.68, 2.45
+ OS                 : Debian GNU/Linux 12
+ Arch               : x86_64 (64 Bit)
+ Kernel             : 6.8.12-8-pve
+ TCP CC             : cubic
+ Virtualization     : Dedicated
+ IPv4/IPv6          : ✓ Online / ✗ Offline
+ Organization       : AS33771 Safaricom Limited
+ Location           : Nairobi / KE
+ Region             : Nairobi Area
+----------------------------------------------------------------------
+I/O Speed(1st run) : 863 MB/s
+I/O Speed(2nd run) : 857 MB/s
+I/O Speed(3rd run) : 858 MB/s
+I/O Speed(average) : 859.3 MB/s
+----------------------------------------------------------------------
+Node Name        Upload Speed      Download Speed      Latency
+Speedtest.net    28.88 Mbps        23.81 Mbps          12.06 ms
+Paris, FR        29.41 Mbps        30.77 Mbps          175.75 ms
+Amsterdam, NL    29.99 Mbps        20.28 Mbps          182.95 ms
+Shanghai, CN     0.75 Mbps         19.41 Mbps          569.65 ms
+Hong Kong, CN    30.65 Mbps        28.06 Mbps          187.84 ms
+Singapore, SG    29.69 Mbps        28.38 Mbps          256.93 ms
+Tokyo, JP        30.95 Mbps        28.11 Mbps          294.33 ms
+----------------------------------------------------------------------
+Finished in        : 4 min 4 sec
+Timestamp          : 2025-03-29 13:19:57 EAT
+----------------------------------------------------------------------
+```
+
+## nench for odin
+
+```bash
+(wget -qO- wget.racing/nench.sh | bash; wget -qO- wget.racing/nench.sh | bash) 2>&1 | tee nench.log
+```
+
+```bash
+-------------------------------------------------
+ nench.sh v2019.07.20 -- https://git.io/nench.sh
+ benchmark timestamp:    2025-03-29 10:13:07 UTC
+-------------------------------------------------
+
+Processor:    AMD Ryzen 7 4800H with Radeon Graphics
+CPU cores:    16
+Frequency:    4240.619 MHz
+RAM:          62Gi
+Swap:         -
+Kernel:       Linux 6.8.12-8-pve x86_64
+
+Disks:
+nvme0n1  953.9G  SSD
+sda    1.8T  HDD
+
+CPU: SHA256-hashing 500 MB
+    1.787 seconds
+CPU: bzip2-compressing 500 MB
+    3.584 seconds
+CPU: AES-encrypting 500 MB
+    0.667 seconds
+
+ioping: seek rate
+    min/avg/max/mdev = 39.3 us / 68.5 us / 76.4 ms / 286.4 us
+ioping: sequential read speed
+    generated 22.2 k requests in 5.00 s, 5.42 GiB, 4.44 k iops, 1.08 GiB/s
+
+dd: sequential write speed
+    1st run:    872.61 MiB/s
+    2nd run:    899.31 MiB/s
+    3rd run:    872.61 MiB/s
+    average:    881.51 MiB/s
+
+IPv4 speedtests
+    your IPv4:    105.163.158.xxxx
+
+    Cachefly CDN:         3.26 MiB/s
+    Leaseweb (NL):        0.01 MiB/s
+    Softlayer DAL (US):   0.00 MiB/s
+    Online.net (FR):      2.59 MiB/s
+    OVH BHS (CA):         0.05 MiB/s
+
+No IPv6 connectivity detected
+-------------------------------------------------
+```
+
+## bench.sh for heimdall
+
+```bash
+wget -qO- bench.sh | bash
+```
+
+```bash
+-------------------- A Bench.sh Script By Teddysun -------------------
+ Version            : v2024-11-11
+ Usage              : wget -qO- bench.sh | bash
+----------------------------------------------------------------------
+ CPU Model          : Intel(R) N100
+ CPU Cores          : 4 @ 3120.872 MHz
+ CPU Cache          : 6144 KB
+ AES-NI             : ✓ Enabled
+ VM-x/AMD-V         : ✓ Enabled
+ Total Disk         : 0 (0 Used)
+ Total Mem          : 15.4 GB (8.2 GB Used)
+ System uptime      : 1 days, 13 hour 26 min
+ Load average       : 0.30, 0.13, 0.05
+ OS                 : Debian GNU/Linux 12
+ Arch               : x86_64 (64 Bit)
+ Kernel             : 6.8.12-8-pve
+ TCP CC             : cubic
+ Virtualization     : Dedicated
+ IPv4/IPv6          : ✓ Online / ✗ Offline
+ Organization       : AS33771 Safaricom Limited
+ Location           : Nairobi / KE
+ Region             : Nairobi Area
+ ----------------------------------------------------------------------
+  I/O Speed(1st run) : 3.8 GB/s
+  I/O Speed(2nd run) : 3.8 GB/s
+  I/O Speed(3rd run) : 3.8 GB/s
+  I/O Speed(average) : 3891.2 MB/s
+ ----------------------------------------------------------------------
+  Node Name        Upload Speed      Download Speed      Latency
+  Speedtest.net    29.34 Mbps        28.20 Mbps          13.04 ms
+  Paris, FR        28.77 Mbps        32.70 Mbps          204.76 ms
+  Amsterdam, NL    32.06 Mbps        29.57 Mbps          197.91 ms
+  Hong Kong, CN    31.28 Mbps        33.47 Mbps          190.52 ms
+  Singapore, SG    29.12 Mbps        31.90 Mbps          259.39 ms
+  Tokyo, JP        33.39 Mbps        33.98 Mbps          306.92 ms
+ ----------------------------------------------------------------------
+  Finished in        : 3 min 51 sec
+  Timestamp          : 2025-03-29 14:06:11 EAT
+ ----------------------------------------------------------------------
+```
+
+## nench for heimdall
+
+```bash
+(wget -qO- wget.racing/nench.sh | bash; wget -qO- wget.racing/nench.sh | bash) 2>&1 | tee nench.log
+```
+
+```bash
+-------------------------------------------------
+ nench.sh v2019.07.20 -- https://git.io/nench.sh
+ benchmark timestamp:    2025-03-29 11:00:29 UTC
+-------------------------------------------------
+
+Processor:    Intel(R) N100
+CPU cores:    4
+Frequency:    2900.792 MHz
+RAM:          15Gi
+Swap:         -
+Kernel:       Linux 6.8.12-8-pve x86_64
+
+Disks:
+nvme0n1  476.9G  SSD
+sda    3.6T  HDD
+
+CPU: SHA256-hashing 500 MB
+    2.134 seconds
+CPU: bzip2-compressing 500 MB
+    3.813 seconds
+CPU: AES-encrypting 500 MB
+    0.630 seconds
+
+ioping: seek rate
+    min/avg/max/mdev = 1.63 us / 2.17 us / 106.3 us / 756 ns
+ioping: sequential read speed
+    generated 225.2 k requests in 5.00 s, 55.0 GiB, 45.0 k iops, 11.0 GiB/s
+
+dd: sequential write speed
+    1st run:    3051.76 MiB/s
+    2nd run:    2956.39 MiB/s
+    3rd run:    3051.76 MiB/s
+    average:    3019.97 MiB/s
+
+IPv4 speedtests
+    your IPv4:    105.163.158.xxxx
+
+    Cachefly CDN:         3.48 MiB/s
+    Leaseweb (NL):        0.02 MiB/s
+    Softlayer DAL (US):   0.00 MiB/s
+    Online.net (FR):      3.49 MiB/s
+    OVH BHS (CA):         0.83 MiB/s
+
+No IPv6 connectivity detected
+-------------------------------------------------
+```
@@ -1,34 +0,0 @@
-# Installation
-
-## Install softwares
-
-```bash
-sudo apt install git vim htop neofetch p7zip unrar tar flac curl wget make thefuck python-pip
-```
-
-## Install bpytop
-
-```bash
-pip install bpytop --break-system-packages
-```
-
-## Install docker
-
-```bash
-sudo bash -c "$(wget -qLO - https://get.docker.com)"
-```
-
-post installation
-
-```bash
-sudo groupadd docker
-sudo usermod -aG docker $USER
-sudo systemctl enable docker.service
-sudo systemctl enable containerd.service
-```
-
-## Install vscode server
-
-```bash
-curl -fsSL https://code-server.dev/install.sh | sh
-```
@@ -1,105 +0,0 @@
-# Proxmox Installation
-
-## Requirements
-
- [Proxmox VE](https://www.proxmox.com/en/downloads) 8.1 or higher
-
-## Installation
-
-1. Edit `/etc/apt/sources.list` and add the following line:
-
-   ```bash
-   # not for production use
-   deb http://download.proxmox.com/debian bookworm pve-no-subscription
-   ```
-
-2. Edit `/etc/apt/sources.list.d/pve-enterprise.list` and comment out the following line:
-
-   ```bash
-   # deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
-   ```
-
-3. Edit `/etc/apt/sources.list.d/ceph.list` and comment out the following line:
-
-   ```bash
-   # deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
-   ```
-
-4. Update the package lists and upgrade the packages:
-
-   ```bash
-   apt update && apt upgrade -y
-   ```
-
-5. Clear disk storage:
-
-   ```bash
-   fdisk /dev/sda
-   ```
-
-   ```bash
-    Command (m for help): p
-    Command (m for help): d
-    Command (m for help): w
-   ```
-
-6. Enable ZFS, done in the Proxmox VE web interface.
-7. Enable smart monitoring:
-
-   ```bash
-   smartctl -a /dev/sda
-   ```
-
-8. Turn [IOMMU (PCI Passthrough)](https://pve.proxmox.com/wiki/PCI_Passthrough)
-
-   Edit `/etc/default/grub` and add the following line:
-
-   ```bash
-   GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on"
-   ```
-
-   Update grub:
-
-   ```bash
-   update-grub
-   ```
-
-   Edit `/etc/modules` and add the following line:
-
-   ```bash
-   vfio
-   vfio_iommu_type1
-   vfio_pci
-   vfio_virqfd
-   ```
-
-9. Make proxmox VLAN aware on UI:
-10. Adding microcode updates:
-
-    ```bash
-    bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/microcode.sh)"
-    ```
-
-11. Passthrough USB nic to VM:
-
-    ```bash
-    usb-devices
-    ```
-
-    ```bash
-    T:  Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  5 Spd=5000 MxCh= 0
-    D:  Ver= 3.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs=  2
-    P:  Vendor=0bda ProdID=8153 Rev=31.00
-    S:  Manufacturer=Realtek
-    S:  Product=USB 10/100/1000 LAN
-    S:  SerialNumber=001000001
-    C:  #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=288mA
-    I:  If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=00 Driver=r8152
-    E:  Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
-    E:  Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
-    E:  Ad=83(I) Atr=03(Int.) MxPS=   2 Ivl=16ms
-    ```
-
-    ```bash
-    qm set 110 -usb0 host=0bda:8153,usb3=yes
-    ```
@@ -0,0 +1,33 @@
+# Terraform Playbooks
+
+This directory contains the Terraform configuration files for my homelab.
+
+## Requirements
+
+- [Terraform](https://developer.hashicorp.com/terraform/install)
+
+## Usage
+
+### Initialize
+
+```bash
+terraform init
+```
+
+### Plan
+
+```bash
+terraform plan
+```
+
+### Apply
+
+```bash
+terraform apply
+```
+
+### Destroy
+
+```bash
+terraform destroy
+```
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bpg/proxmox" {
+  version     = "0.66.3"
+  constraints = "0.66.3"
+  hashes = [
+    "h1:pvHmVDhXF7Yv45MxTiB0nY3NEkFkCh4AJ5nYU1jYoK8=",
+    "zh:372c7e42af71ea4be52fd61a9b29caa8cff913c38c2e639d84797060f0e78f8a",
+    "zh:45b15873f78b13051fa8eaf59bc1d480ad1feaba7074ea97fb3775787a9bdadb",
+    "zh:50792893b1d7441e39433b10ad706a14468fb43326842b06e2bc95fb3c9801fb",
+    "zh:591ad7b8d2d4f12d617201caf5bacddca69e68ba396e6ff60d9d1ca0ee59a6f5",
+    "zh:8d63f1eaf8a1731abffed0ef1ce15423bd56faebb1819743884841f7f9ab4126",
+    "zh:90400a0beb68c99e262f9a6bc93daf9dfaeefdb3af673c2a86c17853c73fa868",
+    "zh:9c0ff725d5a0c2095144a6eeb8c98fb9a3dc5f36c80e526ad63b51ce4094973a",
+    "zh:a099fea3db1a858fc8688bf9e711a2962ab83fbb94d6507a773239aba8985834",
+    "zh:a2a4d184e923e5d2ad92ebc414cba87c82b3c38e4183a825fbac573f7f8f5076",
+    "zh:be762328a2608a2bb0a0a265964af57efe403bb3b11aa0fc2863355855fc4b9f",
+    "zh:c84c8e17dc739132f85c2041a2493f7caa1f08850c4ee427462c98552a114371",
+    "zh:d3daa7e19371fbedc3f4ddab47feb099205c6141ebc2fa1236b36aad52173723",
+    "zh:d64ad91e29a6291ababd9ca86b32e6a36f50b806ca1079e74005a7ca2d037a8b",
+    "zh:dc7eb38a771762570523f01cf6ae8def5b5f8acd5e173ca06b48f4f8511b7227",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}
@@ -0,0 +1,37 @@
+# Bohr
+
+This directory contains the Terraform configuration files for my homelab server.
+
+## Requirements
+
+- [Terraform](https://developer.hashicorp.com/terraform/install)
+
+## Environment Variables
+
+Create a copy of the [`terraform.tfvars.example`](./terraform.tfvars.example) file and rename it to `terraform.tfvars`.
+
+```bash
+cp terraform.tfvars.example terraform.tfvars
+```
+
+Edit the `terraform.tfvars` file and update the values.
+
+## Usage
+
+### Plan
+
+```bash
+terraform plan
+```
+
+### Apply
+
+```bash
+terraform apply
+```
+
+### Destroy
+
+```bash
+terraform destroy
+```
@@ -0,0 +1,42 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+
+disable_root: true
+
+users:
+  - default
+  - name: ${username}
+    gecos: ${vm_username_gecos}
+    groups: sudo
+    sudo:
+      - ALL=(ALL:ALL) NOPASSWD:ALL
+    shell: /bin/bash
+
+chpasswd:
+  list: |
+    ${username}:${password}
+  expire: false
+
+ssh_pwauth: false
+
+hostname: ${hostname}
+create_hostname_file: true
+fqdn: ${fqdn}
+
+packages:
+  - curl
+  - qemu-guest-agent
+  - git
+  - nala
+  - sshpass
+
+runcmd:
+  - curl -fsSL https://get.docker.com | sh
+  - groupadd docker
+  - usermod -aG docker ${username}
+  - sudo systemctl enable docker.service
+  - sudo systemctl enable containerd.service
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --accept-routes --advertise-exit-node --authkey=${tailscale_auth_key}
+  - qemu-ga -d
@@ -0,0 +1,117 @@
+resource "proxmox_virtual_environment_vm" "debian_vm" {
+  name      = "bohr"
+  node_name = "odin"
+  vm_id     = 300
+  on_boot   = true
+  tags      = ["docker", "debian", "production"]
+  bios      = "ovmf"
+
+  operating_system {
+    type = "l26"
+  }
+
+  efi_disk {
+    datastore_id = "yatta"
+    file_format  = "raw"
+    type         = "4m"
+  }
+
+  agent {
+    enabled = true
+  }
+
+  disk {
+    datastore_id = "yatta"
+    file_id      = "local-btrfs:iso/debian-12-generic-amd64.img"
+    size         = 500
+    interface    = "scsi0"
+  }
+
+  cpu {
+    architecture = "x86_64"
+    cores        = 8
+    sockets      = 1
+    type         = "host" // https://github.com/rustfs/rustfs/issues/968
+  }
+
+  memory {
+    dedicated = 20480
+    floating  = 20480
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+
+  initialization {
+    datastore_id      = "yatta"
+    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+
+    ip_config {
+      ipv4 {
+        address = "192.168.100.32/24"
+        gateway = "192.168.100.1"
+      }
+    }
+
+    dns {
+      servers = ["1.1.1.1", "8.8.8.8", "100.100.100.100"]
+    }
+  }
+
+  serial_device {
+    device = "socket"
+  }
+
+  keyboard_layout = "en-us"
+
+  machine = "q35"
+
+  scsi_hardware = "virtio-scsi-single"
+
+  vga {
+    memory = 512
+    type   = "virtio-gl"
+  }
+}
+
+variable "vm_username" {
+  type        = string
+  description = "VM username"
+}
+
+variable "vm_password" {
+  type        = string
+  description = "VM password for the user"
+}
+
+variable "vm_username_gecos" {
+  type        = string
+  description = "VM username gecos"
+}
+
+variable "vm_hostname" {
+  type        = string
+  description = "VM hostname"
+}
+
+variable "vm_fqdn" {
+  type        = string
+  description = "VM fqdn"
+}
+
+variable "tailscale_auth_key" {
+  type        = string
+  description = "Tailscale auth key"
+}
+
+resource "proxmox_virtual_environment_file" "cloud_config" {
+  content_type = "snippets"
+  datastore_id = "local-btrfs"
+  node_name    = "odin"
+
+  source_raw {
+    data      = templatefile("cloudinit.tfpl", { username = var.vm_username, vm_username_gecos = var.vm_username_gecos, password = var.vm_password, hostname = var.vm_hostname, fqdn = var.vm_fqdn, tailscale_auth_key = var.tailscale_auth_key })
+    file_name = "cloud-init.yaml"
+  }
+}
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.66.3"
+    }
+  }
+}
+
+variable "proxmox_url" {
+  type        = string
+  description = "Proxmox URL"
+}
+
+variable "proxmox_username" {
+  type        = string
+  description = "Proxmox username"
+}
+
+variable "proxmox_password" {
+  type        = string
+  description = "Proxmox password for the user"
+}
+
+provider "proxmox" {
+  endpoint = var.proxmox_url
+  username = var.proxmox_username
+  password = var.proxmox_password
+  insecure = true
+}
@@ -0,0 +1,12 @@
+# Proxmox
+proxmox_url=""
+proxmox_username=""
+proxmox_password=""
+
+# VM
+vm_username=""
+vm_username_gecos=""
+vm_password=""
+vm_hostname=""
+vm_fqdn=""
+tailscale_auth_key=""
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bpg/proxmox" {
+  version     = "0.66.3"
+  constraints = "0.66.3"
+  hashes = [
+    "h1:pvHmVDhXF7Yv45MxTiB0nY3NEkFkCh4AJ5nYU1jYoK8=",
+    "zh:372c7e42af71ea4be52fd61a9b29caa8cff913c38c2e639d84797060f0e78f8a",
+    "zh:45b15873f78b13051fa8eaf59bc1d480ad1feaba7074ea97fb3775787a9bdadb",
+    "zh:50792893b1d7441e39433b10ad706a14468fb43326842b06e2bc95fb3c9801fb",
+    "zh:591ad7b8d2d4f12d617201caf5bacddca69e68ba396e6ff60d9d1ca0ee59a6f5",
+    "zh:8d63f1eaf8a1731abffed0ef1ce15423bd56faebb1819743884841f7f9ab4126",
+    "zh:90400a0beb68c99e262f9a6bc93daf9dfaeefdb3af673c2a86c17853c73fa868",
+    "zh:9c0ff725d5a0c2095144a6eeb8c98fb9a3dc5f36c80e526ad63b51ce4094973a",
+    "zh:a099fea3db1a858fc8688bf9e711a2962ab83fbb94d6507a773239aba8985834",
+    "zh:a2a4d184e923e5d2ad92ebc414cba87c82b3c38e4183a825fbac573f7f8f5076",
+    "zh:be762328a2608a2bb0a0a265964af57efe403bb3b11aa0fc2863355855fc4b9f",
+    "zh:c84c8e17dc739132f85c2041a2493f7caa1f08850c4ee427462c98552a114371",
+    "zh:d3daa7e19371fbedc3f4ddab47feb099205c6141ebc2fa1236b36aad52173723",
+    "zh:d64ad91e29a6291ababd9ca86b32e6a36f50b806ca1079e74005a7ca2d037a8b",
+    "zh:dc7eb38a771762570523f01cf6ae8def5b5f8acd5e173ca06b48f4f8511b7227",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}
@@ -0,0 +1,37 @@
+# Galana
+
+This directory contains the Terraform configuration files for my homelab server.
+
+## Requirements
+
+- [Terraform](https://developer.hashicorp.com/terraform/install)
+
+## Environment Variables
+
+Create a copy of the [`terraform.tfvars.example`](./terraform.tfvars.example) file and rename it to `terraform.tfvars`.
+
+```bash
+cp terraform.tfvars.example terraform.tfvars
+```
+
+Edit the `terraform.tfvars` file and update the values.
+
+## Usage
+
+### Plan
+
+```bash
+terraform plan
+```
+
+### Apply
+
+```bash
+terraform apply
+```
+
+### Destroy
+
+```bash
+terraform destroy
+```
@@ -0,0 +1,36 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+
+disable_root: true
+
+users:
+  - default
+  - name: ${username}
+    gecos: ${vm_username_gecos}
+    groups: sudo
+    sudo:
+      - ALL=(ALL:ALL) NOPASSWD:ALL
+    shell: /bin/bash
+
+chpasswd:
+  list: |
+    ${username}:${password}
+  expire: false
+
+ssh_pwauth: false
+
+hostname: ${hostname}
+create_hostname_file: true
+fqdn: ${fqdn}
+
+packages:
+  - curl
+  - qemu-guest-agent
+  - git
+  - sshpass
+
+runcmd:
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --authkey=${tailscale_auth_key}
+  - qemu-ga -d
@@ -0,0 +1,117 @@
+resource "proxmox_virtual_environment_vm" "debian_vm" {
+  name      = "galana"
+  node_name = "odin"
+  vm_id     = 500
+  on_boot   = true
+  tags      = ["k8s", "master", "debian", "production"]
+  bios      = "ovmf"
+
+  operating_system {
+    type = "l26"
+  }
+
+  efi_disk {
+    datastore_id = "yatta"
+    file_format  = "raw"
+    type         = "4m"
+  }
+
+  agent {
+    enabled = true
+  }
+
+  disk {
+    datastore_id = "yatta"
+    file_id      = "local-btrfs:iso/debian-12-generic-amd64.img"
+    size         = 100
+    interface    = "scsi0"
+  }
+
+  cpu {
+    architecture = "x86_64"
+    cores        = 4
+    sockets      = 1
+    type         = "x86-64-v2-AES"
+  }
+
+  memory {
+    dedicated = 8192
+    floating  = 8192
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+
+  initialization {
+    datastore_id      = "yatta"
+    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+
+    ip_config {
+      ipv4 {
+        address = "192.168.100.50/24"
+        gateway = "192.168.100.1"
+      }
+    }
+
+    dns {
+      servers = ["1.1.1.1", "8.8.8.8", "100.100.100.100"]
+    }
+  }
+
+  serial_device {
+    device = "socket"
+  }
+
+  keyboard_layout = "en-us"
+
+  machine = "q35"
+
+  scsi_hardware = "virtio-scsi-single"
+
+  vga {
+    memory = 128
+    type   = "virtio-gl"
+  }
+}
+
+variable "vm_username" {
+  type        = string
+  description = "VM username"
+}
+
+variable "vm_password" {
+  type        = string
+  description = "VM password for the user"
+}
+
+variable "vm_username_gecos" {
+  type        = string
+  description = "VM username gecos"
+}
+
+variable "vm_hostname" {
+  type        = string
+  description = "VM hostname"
+}
+
+variable "vm_fqdn" {
+  type        = string
+  description = "VM fqdn"
+}
+
+variable "tailscale_auth_key" {
+  type        = string
+  description = "Tailscale auth key"
+}
+
+resource "proxmox_virtual_environment_file" "cloud_config" {
+  content_type = "snippets"
+  datastore_id = "local-btrfs"
+  node_name    = "odin"
+
+  source_raw {
+    data      = templatefile("cloudinit.tfpl", { username = var.vm_username, vm_username_gecos = var.vm_username_gecos, password = var.vm_password, hostname = var.vm_hostname, fqdn = var.vm_fqdn, tailscale_auth_key = var.tailscale_auth_key })
+    file_name = "galana-cloud-init.yaml"
+  }
+}
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.66.3"
+    }
+  }
+}
+
+variable "proxmox_url" {
+  type        = string
+  description = "Proxmox URL"
+}
+
+variable "proxmox_username" {
+  type        = string
+  description = "Proxmox username"
+}
+
+variable "proxmox_password" {
+  type        = string
+  description = "Proxmox password for the user"
+}
+
+provider "proxmox" {
+  endpoint = var.proxmox_url
+  username = var.proxmox_username
+  password = var.proxmox_password
+  insecure = true
+}
@@ -0,0 +1,12 @@
+# Proxmox
+proxmox_url=""
+proxmox_username=""
+proxmox_password=""
+
+# VM
+vm_username=""
+vm_username_gecos=""
+vm_password=""
+vm_hostname=""
+vm_fqdn=""
+tailscale_auth_key=""
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bpg/proxmox" {
+  version     = "0.66.3"
+  constraints = "0.66.3"
+  hashes = [
+    "h1:pvHmVDhXF7Yv45MxTiB0nY3NEkFkCh4AJ5nYU1jYoK8=",
+    "zh:372c7e42af71ea4be52fd61a9b29caa8cff913c38c2e639d84797060f0e78f8a",
+    "zh:45b15873f78b13051fa8eaf59bc1d480ad1feaba7074ea97fb3775787a9bdadb",
+    "zh:50792893b1d7441e39433b10ad706a14468fb43326842b06e2bc95fb3c9801fb",
+    "zh:591ad7b8d2d4f12d617201caf5bacddca69e68ba396e6ff60d9d1ca0ee59a6f5",
+    "zh:8d63f1eaf8a1731abffed0ef1ce15423bd56faebb1819743884841f7f9ab4126",
+    "zh:90400a0beb68c99e262f9a6bc93daf9dfaeefdb3af673c2a86c17853c73fa868",
+    "zh:9c0ff725d5a0c2095144a6eeb8c98fb9a3dc5f36c80e526ad63b51ce4094973a",
+    "zh:a099fea3db1a858fc8688bf9e711a2962ab83fbb94d6507a773239aba8985834",
+    "zh:a2a4d184e923e5d2ad92ebc414cba87c82b3c38e4183a825fbac573f7f8f5076",
+    "zh:be762328a2608a2bb0a0a265964af57efe403bb3b11aa0fc2863355855fc4b9f",
+    "zh:c84c8e17dc739132f85c2041a2493f7caa1f08850c4ee427462c98552a114371",
+    "zh:d3daa7e19371fbedc3f4ddab47feb099205c6141ebc2fa1236b36aad52173723",
+    "zh:d64ad91e29a6291ababd9ca86b32e6a36f50b806ca1079e74005a7ca2d037a8b",
+    "zh:dc7eb38a771762570523f01cf6ae8def5b5f8acd5e173ca06b48f4f8511b7227",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}
@@ -0,0 +1,37 @@
+# Tana
+
+This directory contains the Terraform configuration files for my homelab server.
+
+## Requirements
+
+- [Terraform](https://developer.hashicorp.com/terraform/install)
+
+## Environment Variables
+
+Create a copy of the [`terraform.tfvars.example`](./terraform.tfvars.example) file and rename it to `terraform.tfvars`.
+
+```bash
+cp terraform.tfvars.example terraform.tfvars
+```
+
+Edit the `terraform.tfvars` file and update the values.
+
+## Usage
+
+### Plan
+
+```bash
+terraform plan
+```
+
+### Apply
+
+```bash
+terraform apply
+```
+
+### Destroy
+
+```bash
+terraform destroy
+```
@@ -0,0 +1,36 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+
+disable_root: true
+
+users:
+  - default
+  - name: ${username}
+    gecos: ${vm_username_gecos}
+    groups: sudo
+    sudo:
+      - ALL=(ALL:ALL) NOPASSWD:ALL
+    shell: /bin/bash
+
+chpasswd:
+  list: |
+    ${username}:${password}
+  expire: false
+
+ssh_pwauth: false
+
+hostname: ${hostname}
+create_hostname_file: true
+fqdn: ${fqdn}
+
+packages:
+  - curl
+  - qemu-guest-agent
+  - git
+  - sshpass
+
+runcmd:
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --authkey=${tailscale_auth_key}
+  - qemu-ga -d
@@ -0,0 +1,117 @@
+resource "proxmox_virtual_environment_vm" "debian_vm" {
+  name      = "tana"
+  node_name = "odin"
+  vm_id     = 400
+  on_boot   = true
+  tags      = ["syncthing", "backup", "debian", "production"]
+  bios      = "ovmf"
+
+  operating_system {
+    type = "l26"
+  }
+
+  efi_disk {
+    datastore_id = "yatta"
+    file_format  = "raw"
+    type         = "4m"
+  }
+
+  agent {
+    enabled = true
+  }
+
+  disk {
+    datastore_id = "yatta"
+    file_id      = "local-btrfs:iso/debian-12-generic-amd64.img"
+    size         = 500
+    interface    = "scsi0"
+  }
+
+  cpu {
+    architecture = "x86_64"
+    cores        = 4
+    sockets      = 1
+    type         = "x86-64-v2-AES"
+  }
+
+  memory {
+    dedicated = 8192
+    floating  = 8192
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+
+  initialization {
+    datastore_id      = "yatta"
+    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+
+    ip_config {
+      ipv4 {
+        address = "192.168.100.40/24"
+        gateway = "192.168.100.1"
+      }
+    }
+
+    dns {
+      servers = ["1.1.1.1", "8.8.8.8", "100.100.100.100"]
+    }
+  }
+
+  serial_device {
+    device = "socket"
+  }
+
+  keyboard_layout = "en-us"
+
+  machine = "q35"
+
+  scsi_hardware = "virtio-scsi-single"
+
+  vga {
+    memory = 128
+    type   = "virtio-gl"
+  }
+}
+
+variable "vm_username" {
+  type        = string
+  description = "VM username"
+}
+
+variable "vm_password" {
+  type        = string
+  description = "VM password for the user"
+}
+
+variable "vm_username_gecos" {
+  type        = string
+  description = "VM username gecos"
+}
+
+variable "vm_hostname" {
+  type        = string
+  description = "VM hostname"
+}
+
+variable "vm_fqdn" {
+  type        = string
+  description = "VM fqdn"
+}
+
+variable "tailscale_auth_key" {
+  type        = string
+  description = "Tailscale auth key"
+}
+
+resource "proxmox_virtual_environment_file" "cloud_config" {
+  content_type = "snippets"
+  datastore_id = "local-btrfs"
+  node_name    = "odin"
+
+  source_raw {
+    data      = templatefile("cloudinit.tfpl", { username = var.vm_username, vm_username_gecos = var.vm_username_gecos, password = var.vm_password, hostname = var.vm_hostname, fqdn = var.vm_fqdn, tailscale_auth_key = var.tailscale_auth_key })
+    file_name = "tana-cloud-init.yaml"
+  }
+}
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.66.3"
+    }
+  }
+}
+
+variable "proxmox_url" {
+  type        = string
+  description = "Proxmox URL"
+}
+
+variable "proxmox_username" {
+  type        = string
+  description = "Proxmox username"
+}
+
+variable "proxmox_password" {
+  type        = string
+  description = "Proxmox password for the user"
+}
+
+provider "proxmox" {
+  endpoint = var.proxmox_url
+  username = var.proxmox_username
+  password = var.proxmox_password
+  insecure = true
+}
@@ -0,0 +1,12 @@
+# Proxmox
+proxmox_url=""
+proxmox_username=""
+proxmox_password=""
+
+# VM
+vm_username=""
+vm_username_gecos=""
+vm_password=""
+vm_hostname=""
+vm_fqdn=""
+tailscale_auth_key=""
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bpg/proxmox" {
+  version     = "0.66.3"
+  constraints = "0.66.3"
+  hashes = [
+    "h1:pvHmVDhXF7Yv45MxTiB0nY3NEkFkCh4AJ5nYU1jYoK8=",
+    "zh:372c7e42af71ea4be52fd61a9b29caa8cff913c38c2e639d84797060f0e78f8a",
+    "zh:45b15873f78b13051fa8eaf59bc1d480ad1feaba7074ea97fb3775787a9bdadb",
+    "zh:50792893b1d7441e39433b10ad706a14468fb43326842b06e2bc95fb3c9801fb",
+    "zh:591ad7b8d2d4f12d617201caf5bacddca69e68ba396e6ff60d9d1ca0ee59a6f5",
+    "zh:8d63f1eaf8a1731abffed0ef1ce15423bd56faebb1819743884841f7f9ab4126",
+    "zh:90400a0beb68c99e262f9a6bc93daf9dfaeefdb3af673c2a86c17853c73fa868",
+    "zh:9c0ff725d5a0c2095144a6eeb8c98fb9a3dc5f36c80e526ad63b51ce4094973a",
+    "zh:a099fea3db1a858fc8688bf9e711a2962ab83fbb94d6507a773239aba8985834",
+    "zh:a2a4d184e923e5d2ad92ebc414cba87c82b3c38e4183a825fbac573f7f8f5076",
+    "zh:be762328a2608a2bb0a0a265964af57efe403bb3b11aa0fc2863355855fc4b9f",
+    "zh:c84c8e17dc739132f85c2041a2493f7caa1f08850c4ee427462c98552a114371",
+    "zh:d3daa7e19371fbedc3f4ddab47feb099205c6141ebc2fa1236b36aad52173723",
+    "zh:d64ad91e29a6291ababd9ca86b32e6a36f50b806ca1079e74005a7ca2d037a8b",
+    "zh:dc7eb38a771762570523f01cf6ae8def5b5f8acd5e173ca06b48f4f8511b7227",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}
@@ -0,0 +1,37 @@
+# Turkwel
+
+This directory contains the Terraform configuration files for my homelab server.
+
+## Requirements
+
+- [Terraform](https://developer.hashicorp.com/terraform/install)
+
+## Environment Variables
+
+Create a copy of the [`terraform.tfvars.example`](./terraform.tfvars.example) file and rename it to `terraform.tfvars`.
+
+```bash
+cp terraform.tfvars.example terraform.tfvars
+```
+
+Edit the `terraform.tfvars` file and update the values.
+
+## Usage
+
+### Plan
+
+```bash
+terraform plan
+```
+
+### Apply
+
+```bash
+terraform apply
+```
+
+### Destroy
+
+```bash
+terraform destroy
+```
--- a/Show More
+++ b/Show More