# 🌐 Self-hosted

## πŸ› οΈ Setup instructions
### πŸ› οΈ Configuration Setup
1. **Create `.env` File:** Add a `.env` file in your local repository with the following variables:

```
REMOTE_USER=
REMOTE_HOST=
REMOTE_PATH=
```
These variables will be utilized by the `Makefile` to synchronize configurations from your local environment to the server without exposing sensitive information in your Git repository.

### Set up Tailscale
Tailscale provides a seamless way to connect your devices to your internal network securely.

#### πŸ› οΈ Installation and Configuration Steps

1. Add Tailscale’s package signing key and repository:
    
```
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
```
    
2. Install Tailscale:
    
```
sudo apt-get update
sudo apt-get install tailscale
```
    
3. Connect your machine to your Tailscale network and authenticate in your browser:
    
```
sudo tailscale up
```
    
4. Find your Tailscale IPv4 address by running:
    
```
tailscale ip -4
```

#### πŸ› οΈ Preparing the System

Update System and Install Dependencies: Update the package list and install essential dependencies.

```
sudo apt update
sudo apt install ca-certificates curl gnupg lsb-release
```

#### πŸ”‘ Adding Docker Repository

1. Add Docker's GPG key

```
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
```

2. Add Docker Repository

```
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```

#### πŸš€ Installing Docker and Docker Compose

```
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
sudo docker --version && docker compose version
```

### Set up Docker

#### πŸ”„ Removing Old Docker Versions

**1. Remove Existing Docker Packages:** Ensure you have a clean slate by removing any existing Docker packages.
```
sudo apt remove docker docker-engine docker.io containerd runc
```

**2. Delete Existing Repositories:** Remove any existing Docker repositories to avoid conflicts.
```
sudo rm /etc/apt/sources.list.d/docker.list
```

## πŸ“¦ Adding a new service
1. **Create Service Directory:** Inside your repository, create a new directory under `/service` for your new self-hosted service.

2. **Add Configuration Files:**
- Place the `docker-compose.yml `file inside the newly created service directory.
- If additional configuration files like .env or app.ini are required for your service, add them to the same directory.

3. **Synchronize Configuration:** To upload the `.env` file (or any other necessary configuration files) to the server, run the following command:

```bash
make upload-{service_name}
```
Replace `{service_name}` with the name of your service directory. This command will sync the configurations to the specified server path using the variables defined in your `.env` file.

## πŸ“¦ Make service publicly available

Add the following labels:

```
labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(${HOST})"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.docker.network=traefik_network"
```

Set `HOST` in your `.env` file.

Add your service to the `traefik_network` network:

```
networks:
      - traefik_network
```

Add:

```
networks:
  traefik_network:
    external: true
```

Rebuild Docker image:

```
docker compose up --build -d
```

## πŸ› οΈ Storage

### πŸ“¦ Mounting a New Volume Using Hetzner's Storage Box
 This guide walks you through the process of mounting a Storage Box folder (`nextcloud_data`) to a specific mount point (`/mnt/nextcloud_data`) on your server.

#### πŸ“ Prerequisites
Create a sub-account in Hetzner's Robot Control Panel with SSH and Samba support enabled.
Note down the sub-account username and the generated password provided by Hetzner.

#### πŸš€ Steps to Mount the Storage Box

1. **SSH into the Storage Box:** Connect to your Storage Box via SSH using the sub-account username and the provided password.

```bash
ssh -p23 SB_USERNAME@SB_USERNAME.your-storagebox.de
```

2. **Create a Directory:** Inside the Storage Box, create a new directory named `nextcloud_data`.

```bash
mkdir nextcloud_data
```

3. **Update /etc/fstab:** Add an entry to the `/etc/fstab` file on your server to automatically mount the Storage Box folder to `/mnt/nextcloud_data.` Replace `YOUR_PATH` with `nextcloud_data` and `YOUR_MOUNT_POINT` with `/mnt/nextcloud_data`.

```
//SB_USERNAME.your-storagebox.de/YOUR_PATH /YOUR_MOUNT_POINT cifs seal,vers=3,iocharset=utf8,rw,credentials=/etc/secure_config/cifs-nextcloud-credentials.txt,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0
```

4. **Create Credentials File:** Add a credentials file (`cifs-nextcloud-credentials.txt`) in `/etc/secure_config` directory on your server with the sub-account username and password.

```
username=SB_SUBACCOUNT_USERNAME
password=SB_SUBACCOUNT_PASSWORD
```

5. **Mount and test:** Mount the Storage Box folder using the mount -a command and verify the mount status.
```bash
mount -a
```

6. **Verify Mount Point:** Ensure that the Storage Box is correctly mounted by checking the mount point using the df -h command.

```bash
df -h
```

#### Troubleshooting

**mount: /mnt/nextcloud_data: mount(2) system call failed: No route to host. dmesg(1) may have more information after failed mount system call.**
Make sure Samba support is enabled.

### Volume encryption
To be added

## 🧰 Maintenance

### Backup
To be added

### Monitoring
To be added

## 🐞 Troubleshooting
### Firefox detected a potential security threat and did not continue to {host}.velouria.dev because this website requires a secure connection.

Could be an issue in the `docker-compose.yml` set up - check your docker compose and Traefik logs