15 changed files with 114 additions and 209 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 include .env
-SERVICES = actualbudget gitea homepage linkding nextcloud photoprism restic syncthing traefik uptime-kuma
+SERVICES = actualbudget gitea homepage linkding nextcloud photoprism restic syncthing traefik
 # Default target: upload .env files for all services
 upload: $(addprefix upload-,$(SERVICES))
--- a/README.md
+++ b/README.md
@ -1,172 +0,0 @@
 # 🌐 Self-hosted
 ## 🛠️ Setup instructions
 ### 🛠️ Configuration Setup
 1. **Create `.env` File:** Add a `.env` file in your local repository with the following variables:
 ```
 REMOTE_USER=
 REMOTE_HOST=
 REMOTE_PATH=
 ```
 These variables will be utilized by the `Makefile` to synchronize configurations from your local environment to the server without exposing sensitive information in your Git repository.
 ### Set up Tailscale
 Tailscale provides a seamless way to connect your devices to your internal network securely.
 #### 🛠️ Installation and Configuration Steps
 1. Add Tailscale’s package signing key and repository:
 ```
 curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
 curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
 ```
 2. Install Tailscale:
 ```
 sudo apt-get update
 sudo apt-get install tailscale
 ```
 3. Connect your machine to your Tailscale network and authenticate in your browser:
 ```
 sudo tailscale up
 ```
 4. Find your Tailscale IPv4 address by running:
 ```
 tailscale ip -4
 ```
 #### 🛠️ Preparing the System
 Update System and Install Dependencies: Update the package list and install essential dependencies.
 ```
 sudo apt update
 sudo apt install ca-certificates curl gnupg lsb-release
 ```
 #### 🔑 Adding Docker Repository
 1. Add Docker's GPG key
 ```
 sudo mkdir -p /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 sudo chmod a+r /etc/apt/keyrings/docker.gpg
 ```
 2. Add Docker Repository
 ```
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 ```
 #### 🚀 Installing Docker and Docker Compose
 ```
 sudo apt update
 sudo apt install docker-ce docker-ce-cli containerd.io
 sudo docker --version && docker compose version
 ```
 ### Set up Docker
 #### 🔄 Removing Old Docker Versions
 **1. Remove Existing Docker Packages:** Ensure you have a clean slate by removing any existing Docker packages.
 ```
 sudo apt remove docker docker-engine docker.io containerd runc
 ```
 **2. Delete Existing Repositories:** Remove any existing Docker repositories to avoid conflicts.
 ```
 sudo rm /etc/apt/sources.list.d/docker.list
 ```
 ## 📦 Adding a new service
 1. **Create Service Directory:** Inside your repository, create a new directory under `/service` for your new self-hosted service.
 2. **Add Configuration Files:**
 - Place the `docker-compose.yml `file inside the newly created service directory.
 - If additional configuration files like .env or app.ini are required for your service, add them to the same directory.
 3. **Synchronize Configuration:** To upload the `.env` file (or any other necessary configuration files) to the server, run the following command:
 ```bash
 make upload-{service_name}
 ```
 Replace `{service_name}` with the name of your service directory. This command will sync the configurations to the specified server path using the variables defined in your `.env` file.
 ## 🛠️ Storage
 ### 📦 Mounting a New Volume Using Hetzner's Storage Box
 This guide walks you through the process of mounting a Storage Box folder (`nextcloud_data`) to a specific mount point (`/mnt/nextcloud_data`) on your server.
 #### 📝 Prerequisites
 Create a sub-account in Hetzner's Robot Control Panel with SSH and Samba support enabled.
 Note down the sub-account username and the generated password provided by Hetzner.
 #### 🚀 Steps to Mount the Storage Box
 1. **SSH into the Storage Box:** Connect to your Storage Box via SSH using the sub-account username and the provided password.
 ```bash
 ssh -p23 SB_USERNAME@SB_USERNAME.your-storagebox.de
 ```
 2. **Create a Directory:** Inside the Storage Box, create a new directory named `nextcloud_data`.
 ```bash
 mkdir nextcloud_data
 ```
 3. **Update /etc/fstab:** Add an entry to the `/etc/fstab` file on your server to automatically mount the Storage Box folder to `/mnt/nextcloud_data.` Replace `YOUR_PATH` with `nextcloud_data` and `YOUR_MOUNT_POINT` with `/mnt/nextcloud_data`.
 ```
 //SB_USERNAME.your-storagebox.de/YOUR_PATH /YOUR_MOUNT_POINT cifs seal,vers=3,iocharset=utf8,rw,credentials=/etc/secure_config/cifs-nextcloud-credentials.txt,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0
 ```
 4. **Create Credentials File:** Add a credentials file (`cifs-nextcloud-credentials.txt`) in `/etc/secure_config` directory on your server with the sub-account username and password.
 ```
 username=SB_SUBACCOUNT_USERNAME
 password=SB_SUBACCOUNT_PASSWORD
 ```
 5. **Mount and test:** Mount the Storage Box folder using the mount -a command and verify the mount status.
 ```bash
 mount -a
 ```
 6. **Verify Mount Point:** Ensure that the Storage Box is correctly mounted by checking the mount point using the df -h command.
 ```bash
 df -h
 ```
 #### Troubleshooting
 **mount: /mnt/nextcloud_data: mount(2) system call failed: No route to host. dmesg(1) may have more information after failed mount system call.**
 Make sure Samba support is enabled.
 ### Volume encryption
 To be added
 ## 🧰 Maintenance
 ### Backup
 To be added
 ### Monitoring
 To be added
 ## 🐞 Troubleshooting
 To be added
--- a/actualbudget/README.md
+++ b/actualbudget/README.md
@ -0,0 +1,11 @@
 # actual budget
 Set up env
 ```
 ACTUAL_HTTPS_KEY=''
 ACTUAL_HTTPS_CERT=''
 ```
 ## Improvements
 - Set up https via Tailscale https://tailscale.com/kb/1153/enabling-https?ref=traefik.io
--- a/docs/backup.md
+++ b/docs/backup.md
@ -0,0 +1 @@
 # backup strategy
--- a/docs/domain-management.md
+++ b/docs/domain-management.md
--- a/docs/encryption.md
+++ b/docs/encryption.md
@ -0,0 +1,3 @@
 # Encryption
 https://wilw.dev/notes/volume-encryption
--- a/docs/mounting-new-volumes.md
+++ b/docs/mounting-new-volumes.md
@ -0,0 +1,48 @@
 # Mounting new volumes
 1. ssh to storagebox
 ```
 ssh -p23 u382808@u382808.your-storagebox.de
 ```
 2. Create a new directory
 ```
 mkdir photoprism_import_data
 ```
 3. Navigate to [Hetzner cloud storage](https://robot.hetzner.com/storage). Create a new sub-account. Allow Samba, SSH, external reachability.
 4. ssh to server
 5. Create new credentials in `/etc/secure_config`:
 ```
 username=(storagebox username)
 password=(storagebox password)
 ```
 6. Make mount directory
 ```
 sudo mkdir /mnt/photoprism_import_data
 ```
 6. Update /etc/fstab
 ```
 //u382808-sub3.your-storagebox.de/u382808-sub3 /mnt/photoprism_import_data cifs seal,vers=3,iocharset=utf8,rw,credentials=/etc/secure_config/.cifs-credentials-photoprism-import.txt,uid=1000,gid=1001,forceuid,forcegid,file_mode=0770,dir_mode=0770 0 0
 ```
 7. Mount
 ```
 mount -a
 ```
 8. Verify that the storage box is mounted correctly:
 ```
 df -h
 ```
--- a/docs/vpn.md
+++ b/docs/vpn.md
@ -0,0 +1,8 @@
 # VPN
 Tailscale
 https://login.tailscale.com/admin/dns
 magicdns
 stork-vibe.ts.net
 https://tailscale.com/kb/1081/magicdns
--- a/gitea/README.md
+++ b/gitea/README.md
@ -0,0 +1,8 @@
 # Gitea
 Set up env
 ```
 DB_USER=''
 DB_PASSWORD=''
 ```
--- a/homepage/config/bookmarks.yaml
+++ b/homepage/config/bookmarks.yaml
@ -1,11 +1,11 @@
 - Development:
    - Backblaze:
-        - icon: si-backblaze
+        href: https://secure.backblaze.com/b2_buckets.htm
-          href: https://secure.backblaze.com/b2_buckets.htm
+        icon: si-backblaze
    - Tailscale:
-        - href: https://login.tailscale.com/admin/machines/100.104.163.2
+        href: https://login.tailscale.com/admin/machines/100.104.163.2
 - Daily:
    - Protonmail:
        - icon: si-protonmail
-          href: https://protonmail.com/
+          href: https://protonmail.com/
--- a/nextcloud/README.md
+++ b/nextcloud/README.md
@ -0,0 +1,3 @@
 # nextcloud
 To be added
--- a/photoprism/README.md
+++ b/photoprism/README.md
@ -1,10 +1,23 @@
 # photoprism
 ## Configuration
 Setup `.env`:
 ```
 PHOTOPRISM_DATABASE_PASSWORD=''
 ``
 ## Troubleshooting
 Mariadb refuses access to photoprism
 https://github.com/photoprism/photoprism/issues/1173
 ```
 ```
 ## PhotoSync
 Server: 100.104.163.2
@ -14,4 +27,4 @@ Password:
 Directory: originals
 Use SSL: off
-Setup an Autotransfer trigger in PhotoSync to automatically upload new photos and videos when I attach charger.
+Setup an Autotransfer trigger in PhotoSync to automatically upload new photos and videos when I attach charger
--- a/restic/README.md
+++ b/restic/README.md
@ -1,43 +1,37 @@
-# Restic Backup and Restore Guide
+# restic
-## 📚 Useful Commands
+## Future improvements
 - Set up with Docker secrets
 - Add notification
-### 🔄 Restoring Files from a Running Docker Compose Container
+## Useful commands
-**1. Identify Latest Snapshot for the Host:** Execute the following command to find the latest snapshot for the current host and note down the ID.
+Restoring files on a host where the container is already running via Docker Compose:
 ```
 # Find the latest snapshot for the current host (note the ID)
 docker-compose exec app restic snapshots -H <HOSTNAME>
-```
+# Restore the given file on the host
 **2. Restore Specific File:** Use the snapshot ID to restore the desired file on the host.
 ```
 docker-compose exec app restic restore --include /path/to/file <ID>
 ```
-### 📋 Listing Snapshots
+List snapshots
 ```
 docker compose run --rm backup snapshots
 ```
-### 🌐 Accessing Backblaze Files Locally
+View files uploaded in Backblaze
 In local, download via `brew install b2-tools`
 - In local, download via `brew install b2-tools`
 - In server
 ## Known issues
 ### 🚫 Ciphertext Verification Failure
 ```
 Fatal: config or key 2327d55bb96f4cab846b07cc8ffe5906c88c3e657f326a506ccfcf95cd8fd1e7 is damaged: ciphertext verification failed
 ```
 [Related issue](https://github.com/djmaze/resticker/issues/48)
 ### ⚠️ Pruning and Backup Operations
 Do not run both prune and backup at the same time. When initializing, need to run individually.
 ```
--- a/traefik/README.md
+++ b/traefik/README.md
@ -1,7 +1,5 @@
 # Traefik
 ## Create Docker network
 ```
 docker network create \
  --driver=bridge \
@ -9,3 +7,5 @@ docker network create \
  --internal=false \
  traefik_network
 ```
 Add test 1wehbesg
--- a/uptime-kuma/docker-compose.yml
+++ b/uptime-kuma/docker-compose.yml
@ -1,12 +0,0 @@
 version: '3.8'
 services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    restart: always
    ports:
      - "${HOST}:4005:3001"
    volumes:
      - ${PWD}/data:/app/data
      - /var/run/docker.sock:/var/run/docker.sock:ro
		`@ -0,0 +1,3 @@`
							`# Encryption`

							`https://wilw.dev/notes/volume-encryption`