diff --git a/README.md b/README.md deleted file mode 100644 index 6cec430..0000000 --- a/README.md +++ /dev/null @@ -1,132 +0,0 @@ -# Homelab — Infraestrutura como Código - -> Guardiã: **Gaia** (Agente Hermes) -> Mantido por: João Paulo Ferreira (jp@iamferreirajp.com) -> Repositório Base: [gaia/homelab](https://gitea.hackerfortress.cc/gaia/homelab) - -## Visão Geral - -Este repositório contém toda a infraestrutura do homelab em formato de **Infraestrutura como Código (IaC)**. O objetivo é ter todo o ambiente versionado, documentado e reproduzível. - -### Hardware do Homelab - -| Máquina | IP | Função Principal | -|---------|-----|------------------| -| TrueNAS | 10.0.0.30 | NAS, n8n, Uptime Kuma | -| Proxmox | 10.0.0.20 | Hypervisor (VMs) | -| Dockerino | 10.0.0.50 | Docker Host (NPM, AdGuard, etc) | -| Media | 10.0.0.36 | Jellyfin, Sonarr, Radarr, etc | -| Home Assistant | 10.0.0.100 | Automação residencial | -| ER605 (Omada) | 10.0.0.1 | Router/Gateway | - -### Topologia de Rede - -- **VLAN1 (Infra):** 10.0.0.0/24 — Servidores -- **VLAN10 (Geral):** 10.0.10.0/24 — Computadores, celulares -- **VLAN20 (IOT):** 10.0.20.0/24 — Dispositivos IoT -- **VLAN30 (Guests):** 10.0.30.0/24 — Visitantes - -## Estrutura do Repositório - -``` -homelab/ -├── terraform/ # Terraform para recursos de nuvem/rede -│ ├── er605/ # Router TP-Link ER605 (Omada Controller) -│ ├── truenas/ # TrueNAS -│ ├── proxmox/ # Proxmox -│ └── adguard/ # AdGuard Home -├── ansible/ # Ansible para configuração de VMs -│ ├── roles/ # Roles reutilizáveis -│ └── playbooks/ # Playbooks principais -├── docker/ # Docker Compose files -│ ├── dockerino/ # Stack do Dockerino (10.0.0.50) -│ │ ├── nginx/ # Nginx Proxy Manager -│ │ ├── adguard/ # AdGuard Home -│ │ ├── outline/ # Outline Wiki -│ │ ├── bookstack/ # BookStack -│ │ └── ... -│ └── media/ # Stack de mídia (10.0.0.36) -│ └── docker-compose.yml -└── docs/ # Documentação adicional - ├── ARCHITECTURE.md # Arquitetura detalhada - └── NEXT_STEPS.md # Próximos passos -``` - -## Quick Start - -### Clonar o Repositório - -```bash -git clone https://gitea.hackerfortress.cc/gaia/homelab.git -cd homelab -``` - -### Aplicar Terraform - -```bash -cd terraform/er605 -terraform init -terraform plan -terraform apply -``` - -### Aplicar Ansible - -```bash -cd ansible -ansible-playbook playbooks/setup-dockerino.yml -``` - -### Subir Docker Stacks - -```bash -cd docker/dockerino/nginx -docker compose up -d -``` - -## Serviços - -### Dockerino (10.0.0.50) - -| Serviço | Porta | Domínio | -|---------|-------|---------| -| Nginx Proxy Manager | 80, 443 | proxy.hackerfortress.cc | -| AdGuard Home | 3000 | adguard.hackerfortress.cc | -| Outline Wiki | 3001 | outline.hackerfortress.cc | -| BookStack | 8082 | bookstack.hackerfortress.cc | -| Homer | 8090 | (internal) | -| HomeBox | 3100 | homebox.hackerfortress.cc | -| FlatNotes | 8089 | flatnotes.hackerfortress.cc | -| Picsur | 8091 | picsur.hackerfortress.cc | -| Speedtest | 8765 | speedtest.hackerfortress.cc | -| Omada Controller | 8043 | omada.hackerfortress.cc | -| Twingate | - | VPN | - -### Media (10.0.0.36) - -| Serviço | Porta | Domínio | -|---------|-------|---------| -| Jellyfin | 8096 | jellyfin.hackerfortress.cc | -| Sonarr | 8989 | sonarr.hackerfortress.cc | -| Radarr | 7878 | radarr.hackerfortress.cc | -| Prowlarr | 9696 | prowlarr.hackerfortress.cc | -| Bazarr | 6767 | bazarr.hackerfortress.cc | -| qBittorrent | 5080 | qbittorrent.hackerfortress.cc | - -### TrueNAS (10.0.0.30) - -| Serviço | Porta | -|---------|-------| -| SSH | 22 | -| WebUI | 443 | -| n8n | 30109 | -| Uptime Kuma | 31050 | - -## Mantenedores - -- **Gaia** — Guardiã da IaC (este repositório) -- **Héstia** — Documentação e arquitetura original - -## Licença - -MIT diff --git a/ansible/inventory.yml b/ansible/inventory.yml deleted file mode 100644 index a8a6402..0000000 --- a/ansible/inventory.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Ansible Inventory for Homelab - -all: - children: - homelab: - children: - infrastructure: - hosts: - truenas: - ansible_host: 10.0.0.30 - ansible_user: root - proxmox: - ansible_host: 10.0.0.20 - ansible_user: root - dockerino: - ansible_host: 10.0.0.50 - ansible_user: root - media: - ansible_host: 10.0.0.36 - ansible_user: root - homeassistant: - ansible_host: 10.0.0.100 - ansible_user: root - - vars: - ansible_ssh_common_args: '-o StrictHostKeyChecking=no' - ansible_python_interpreter: /usr/bin/python3 diff --git a/ansible/playbooks/setup-dockerino.yml b/ansible/playbooks/setup-dockerino.yml deleted file mode 100644 index e685631..0000000 --- a/ansible/playbooks/setup-dockerino.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# Playbook para setup do Dockerino -- name: Setup Dockerino - hosts: dockerino - become: yes - roles: - - dockerino - vars: - dockerino_ip: 10.0.0.50 diff --git a/ansible/roles/dockerino/tasks/main.yml b/ansible/roles/dockerino/tasks/main.yml deleted file mode 100644 index 1a942ee..0000000 --- a/ansible/roles/dockerino/tasks/main.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Ansible role for Dockerino setup - -- name: Ensure Docker is installed - apt: - name: - - docker.io - - docker-compose - state: present - update_cache: yes - -- name: Ensure Docker service is running - systemd: - name: docker - state: started - enabled: yes - -- name: Create Docker network - community.docker.docker_network: - name: homelab-network - driver: bridge - driver_options: - com.docker.network.bridge.name: br-homelab - ipam_options: - - subnet: 172.20.0.0/16 - -- name: Create Dockerino directories - file: - path: "{{ item }}" - state: directory - mode: '0755' - loop: - - /root/dockerino - - /root/dockerino/nginx - - /root/dockerino/nginx/data - - /root/dockerino/nginx/letsencrypt - - /root/dockerino/nginx/mysql - - /root/dockerino/adguard - - /root/dockerino/adguard/work - - /root/dockerino/adguard/conf - - /root/dockerino/outline - - /root/dockerino/outline/postgres-data - - /root/dockerino/outline/redis-data - - /root/dockerino/outline/minio-data - - /root/dockerino/bookstack - - /root/dockerino/bookstack/mysql-data - - /root/dockerino/flatnotes - - /root/dockerino/flatnotes/data - - /root/dockerino/flatnotes/notes - - /root/dockerino/homer - - /root/dockerino/homer/assets - - /root/dockerino/homebox - - /root/dockerino/homebox/data - - /root/dockerino/omada-controller - - /root/dockerino/omada-controller/data - - /root/dockerino/omada-controller/logs - - /root/dockerino/picsur - - /root/dockerino/picsur/data - - /root/dockerino/speedtest - - /root/dockerino/speedtest/data - - /root/dockerino/twingate diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md deleted file mode 100644 index 6b9ff56..0000000 --- a/docs/ARCHITECTURE.md +++ /dev/null @@ -1,570 +0,0 @@ -# HESTIA — Homelab Infrastructure Documentation - -> Guardiã do homelab. Documentação viva e evolutiva. -> Última atualização: 2026-04-08 19:50 -> Responsável: Héstia (Claude Code via MiniMax-M2.7) - ---- - -## 1. TOPOLOGIA DE REDE - -### 1.1 Segmentos VLAN - -| VLAN | Nome | Range IP | Gateway | Função | -|------|------|----------|---------|--------| -| 1 (default) | INFRAESTRUTURA | 10.0.0.1/24 | 10.0.0.1 | Servidores, Proxmox, TrueNAS | -| 10 | GERAL | 10.0.10.1/24 | 10.0.10.1 | Computadores, celulares | -| 20 | IOT | 10.0.20.1/24 | 10.0.20.1 | Dispositivos IoT | -| 30 | GUESTS | 10.0.30.1/24 | 10.0.30.1 | Visitantes | - -### 1.2 Gateway/Router - -- **Device:** TP-Link ER605 (controlado via Omada Controller) -- **WAN:** Loadbalancer dual ISP (OI + Starlink) -- **LAN:** 10.0.0.1 (VLAN1), 10.0.10.1 (VLAN10), 10.0.20.1 (VLAN20), 10.0.30.1 (VLAN30) -- **DHCP:** Estático por MAC no Omada Controller - -### 1.3 DNS/Proxy - -- **Adguard Home:** Roteia `*.hackerfortress.cc` internamente para serviços com SSL -- **Nginx Proxy Manager:** Terminção SSL dos serviços internos -- **Domínio:** hackerfortress.cc - -### 1.4 Acesso Externo - -- **Twingate:** VPN para acessar infraestrutura remotamente (TrueNAS, Proxmox) -- **Tailscale:** VPN mesh para VPS externas (não usado no homelab) -- **NordVPN:** Expirou — necessidade de migrar para WireGuard (TODO) - ---- - -## 2. MÁQUINAS E HARDWARE - -### 2.1 TrueNAS (NAS + Apps) - -| Atributo | Valor | -|----------|-------| -| **Hostname** | truenas | -| **IP** | 10.0.0.30 | -| **Sistema** | TrueNAS SCALE (Debian 12 Bookworm) | -| **Kernel** | 6.12.15-production+truenas | -| **Uptime** | 3h 54min | -| **CPU** | Intel Xeon E5-2650 v4 @ 2.20GHz (24 cores, 48 threads) | -| **RAM** | 31 GiB total (5.3 GiB usado, 25 GiB disponível) | -| **SSH** | Habilitado (porta 22, usuário root) | - -**Storage Pools:** -| Pool | Size | Used | Free | Health | Mountpoint | -|------|------|------|------|--------|------------| -| Ikky | 2.72T | 1.32T (48%) | 1.40T | ONLINE | /mnt/Ikky | -| Hyoga | 1.81T | 1.09T (60%) | 741G | ONLINE | /mnt/mnt/Hyoga | -| boot-pool | 236G | 5.91G (2%) | 230G | ONLINE | - | - -**Datasets principais:** -- `Ikky/data` — 199G usado (compartilhamento SMB) -- `Ikky/.system` — configurações do sistema TrueNAS -- `Ikky/ix-apps` — apps catalog (contém n8n e uptime-kuma datasets) -- `Hyoga/media` — 923G de mídia (backup final 2025-12-05) -- `Hyoga/raidfortress` — 192G - -**Portas abertas:** -| Porta | Serviço | -|-------|---------| -| 22 | SSH | -| 80/443 | Nginx (TrueNAS WebUI + reverse proxy) | -| 445/139 | Samba | -| 3260 | iSCSI | -| 5357 | wsdd (Web Services Discovery) | -| 6000 | TrueNAS API (middleware) | -| 6999 | netdata | - -**Serviços de App (ix-apps):** -- **n8n** — datasets em `/mnt/.ix-apps/app_mounts/n8n/` (múltiplas versões snapshots) -- **uptime-kuma** — dataset em `/mnt/.ix-apps/app_mounts/uptime-kuma/` -- ✅ **FIXED (2026-04-08):** ix-apps datasets agora montam automaticamente com canmount=on - -### 2.2 Proxmox (Hypervisor) - -| Atributo | Valor | -|----------|-------| -| **Hostname** | pve | -| **IP** | 10.0.0.20 | -| **Sistema** | Proxmox VE 8.4.17 | -| **Kernel** | 6.8.12-9-pve | -| **Uptime** | 3h 54min | -| **CPU** | AMD Ryzen 7 2700 Eight-Core (8 cores, 16 threads) | -| **RAM** | 32 GiB total (26 GiB usado, 5.0 GiB disponível) | -| **Swap** | 8 GiB | -| **SSH** | Habilitado (porta 22, usuário root) | -| **Interface Web** | Porta 8006 | - -**Disco:** -- `/dev/sda` — 223.6G - - sda1: 1M (BIOS boot) - - sda2: 1G (/boot/efi) - - sda3: 222.6G (LVM) - - pve-swap: 8G - - pve-root: 65.6G (/) - - pve-data: 130.3G (LVM-thin) - -**Storages:** -| Storage | Type | Size | Used | Available | -|---------|------|------|------|-----------| -| local | dir | 31.2G | - | 64.1G | -| local-lvm | lvmthin | 130.3G | 102.8G | 26.7G | - -**VMs:** -| VMID | Nome | Status | vCPUs | RAM | Disk | Uptime | -|------|------|--------|-------|-----|------|--------| -| 100 | homeassistant | running | 4 | 4 GB | 32 GB | 3h 38min | -| 102 | dockerino | running | 8 | 10 GB | 74 GB | 3h 38min | -| 103 | media | running | 8 | 16 GB | 64 GB | 3h 37min | - -### 2.3 Dockerino (VM Proxmox) - -| Atributo | Valor | -|----------|-------| -| **Hostname** | dockerino | -| **IP** | 10.0.0.50 | -| **Sistema** | Debian (5.10.0-23-amd64) | -| **Uptime** | 3h 54min | -| **CPU** | 8 vCPUs (Common KVM processor) | -| **RAM** | 9.7 GiB (4.5 GiB usado, 4.8 GiB disponível) | -| **Disk** | 31G (/dev/sda1) — 90% usado | -| **Docker** | Docker version 28.5.0 | -| **Compose** | Multi-stack em `/root/dockerino/` | - -**Docker Stacks em `/root/dockerino/`:** -- `nginx/` — Nginx Proxy Manager -- `adguard/` — Adguard Home -- `bookstack/` — BookStack (com MySQL) -- `outline/` — Outline Wiki (PostgreSQL + Redis + MinIO) -- `flatnotes/` — FlatNotes -- `homer/` — Homer (dashboard) -- `homebox/` — HomeBox (inventory) -- `omada-controller/` — TP-Link Omada Controller -- `picsur/` — Picsur (image hosting) -- `speedtest/` — Speedtest Tracker -- `twingate/` — Twingate Connector - -**Containers ativos:** -| Container | Status | Ports | Imagem | -|-----------|--------|-------|--------| -| outline | healthy | 3001 | outlinewiki/outline:latest | -| outline-minio | healthy | 9000-9001 | quay.io/minio/minio | -| outline-postgres | healthy | 5432 | postgres:15-alpine | -| outline-redis | healthy | 6379 | redis:7-alpine | -| bookstack | healthy | 8082→80 | solidnerd/bookstack:latest | -| picsur | healthy | 8091→8080 | ghcr.io/caramelfur/picsur:latest | -| homer | healthy | 8090→8080 | b4bz/homer:latest | -| twingate | healthy | - | twingate/connector:latest | -| mysql | healthy | 3306 | mysql:8.3 | -| speedtest | healthy | 8765→80 | henrywhitaker3/speedtest-tracker:latest | -| nginx | healthy | 80-81, 443 | jc21/nginx-proxy-manager:latest | -| omada-controller | healthy | network_mode=host | mbentley/omada-controller:latest | -| homebox | healthy | 3100→7745 | ghcr.io/hay-kot/homebox:latest | -| flatnotes | healthy | 8089→8080 | dullage/flatnotes:latest | -| postgres | healthy | 5432 | postgres:14-alpine | -| adguardhome | healthy | network_mode=host | adguard/adguardhome:latest | - -**⚠️ Alertas:** -- `twingate` unhealthy — healthcheck não configurado corretamente (o Twingate não tem endpoint HTTP para verificar) - -### 2.4 Media (VM Proxmox) - -| Atributo | Valor | -|----------|-------| -| **Hostname** | media | -| **IP** | 10.0.0.36 | -| **Sistema** | Debian (5.10.0-26-amd64) | -| **Uptime** | 3h 54min | -| **CPU** | 8 vCPUs (Common KVM processor) | -| **RAM** | 15 GiB (1.1 GiB usado, 13 GiB disponível) | -| **Disk** | 62G (/dev/sda2) — 83% usado | -| **Docker** | Docker version 28.4.0 | -| **Compose** | `/root/homefortress-media/docker-compose.yml` | - -**Docker Stack:** -Rede customizada `mynetwork` (172.19.0.0/16) - -| Container | Status | Ports | Imagem | -|-----------|--------|-------|--------| -| ~~ollama~~ | ~~removed~~ | ~~11434~~ | ~~ollama/ollama:latest~~ | -| bazarr | healthy | 6767 | linuxserver/bazarr:latest | -| jellyfin | healthy | 8096, 8920, 7359/udp | linuxserver/jellyfin:latest | -| prowlarr | healthy | 9696 | linuxserver/prowlarr:latest | -| sonarr | healthy | 8989 | linuxserver/sonarr:latest | -| radarr | healthy | 7878 | linuxserver/radarr:latest | -| qbittorrent | healthy | 5080, 6881 | lscr.io/linuxserver/qbittorrent:latest | - -**⚠️ Alertas:** -- Nenhum — Ollama foi removido (2026-04-08) - -**Nota sobre Jellyfin:** Tentou usar GPU passthrough (NVIDIA) mas não funcionou. Não há GPU física nesta VM — inference via CPU apenas. - -### 2.5 Home Assistant (VM Proxmox) - -| Atributo | Valor | -|----------|-------| -| **VMID** | 100 | -| **Hostname** | homeassistant | -| **IP** | 10.0.0.100 | -| **Status** | running | -| **Sistema** | Linux (EFI boot, machine q35) | -| **vCPUs** | 4 (x86-64-v2-AES) | -| **RAM** | 4 GB | -| **Disk** | 32 GB (local-lvm) | -| **Network** | virtio, bridge vmbr0 | -| **Boot** | EFI, startup order=1 | -| **Uptime** | 3h 38min | - -**Acesso:** Via Proxmox (`qm guest exec 100`) - ---- - -## 3. MAPEAMENTO DE SERVIÇOS - -### 3.1 Por Máquina - -**TrueNAS (10.0.0.30):** -| Serviço | Porta | Status | Notas | -|---------|-------|--------|-------| -| SSH | 22 | ✅ | Acesso root | -| TrueNAS WebUI | 443 | ✅ | SSL default | -| Samba | 445, 139 | ✅ | Compartilhamento Ikky/data | -| iSCSI | 3260 | ✅ | SCST target | -| netdata | 6999 | ✅ | Monitoramento | -| n8n | 30109 | ✅ | Working (2026-04-08) | -| Uptime Kuma | 31050 | ✅ | Working (2026-04-08) | - -**Dockerino (10.0.0.50):** -| Serviço | Porta | URL | Status | -|---------|-------|-----|--------| -| Nginx Proxy Manager | 80, 443 | - | ✅ | -| Outline Wiki | 3001 | - | ✅ | -| BookStack | 8082 | bookstack.hackerfortress.cc | ✅ | -| Omada Controller | host | - | ✅ | -| Adguard Home | host | - | ✅ | -| HomeBox | 3100 | homebox.hackerfortress.cc | ✅ | -| FlatNotes | 8089 | flatnotes.hackerfortress.cc | ✅ | -| Homer | 8090 | - | ✅ | -| Picsur | 8091 | - | ✅ | -| Speedtest | 8765 | - | ✅ | -| MySQL | 3306 | - | ✅ | -| PostgreSQL | 5432 | - | ✅ | -| MinIO | 9000, 9001 | - | ✅ | -| Twingate | - | - | ✅ healthy | - -**Media (10.0.0.36):** -| Serviço | Porta | URL | Status | -|---------|-------|-----|--------| -| Jellyfin | 8096, 8920 | media.hackerfortress.cc | ✅ | -| Sonarr | 8989 | - | ✅ | -| Radarr | 7878 | - | ✅ | -| Prowlarr | 9696 | - | ✅ | -| Bazarr | 6767 | - | ✅ | -| qBittorrent | 5080 | - | ✅ | -| Ollama | 11434 | - | ⚠️ unhealthy (remover) | - -**Home Assistant (10.0.0.100):** -| Serviço | Porta | URL | Status | -|---------|-------|-----|--------| -| Home Assistant | 8123 | homeassistant.hackerfortress.cc | ✅ | - -### 3.2 Por Domínio (hackerfortress.cc) - -**SSL:** Let's Encrypt via Nginx Proxy Manager (cert ID 75: `*.hackerfortress.cc`, expira 2026-05-27) - -| Subdomínio | Destino NPM | Observação | -|------------|-------------|------------| -| proxmox.* | 10.0.0.20:8006 | HTTPS, WebUI Proxmox | -| proxy.* | nginx:81 | NPM Admin Interface | -| speedtest.* | speedtest:80 | Speedtest Tracker | -| homeassistant.* | 10.0.0.100:8123 | Home Assistant | -| qbittorrent.* | 10.0.0.36:5080 | qBittorrent | -| prowlarr.* | 10.0.0.36:9696 | Prowlarr | -| radarr.* | 10.0.0.36:7878 | Radarr | -| sonarr.* | 10.0.0.36:8989 | Sonarr | -| jellyfin.* | 10.0.0.36:8096 | Jellyfin | -| homebox.* | homebox:7745 | HomeBox Inventory | -| picsur.* | 10.0.0.50:8091 | Picsur | -| omada.* | 10.0.0.50:8043 | HTTPS, Omada Controller | -| n8n.* | 10.0.0.30:30109 | n8n Workflow | -| adguard.* | 10.0.0.50:3000 | AdGuard Home | -| flatnotes.* | flatnotes:8080 | FlatNotes | -| truenas.* | 10.0.0.30:80 | TrueNAS WebUI | -| uptime.* | 10.0.0.30:31050 | Uptime Kuma | -| bookstack.* | bookstack:8080 | BookStack Wiki | -| bazarr.* | 10.0.0.36:6767 | Bazarr | -| outline.* | 10.0.0.50:3001 | Outline Wiki | -| mcp-outline.* | 10.0.0.50:8080 | MCP Outline | -| ollama.* | 10.0.0.36:11434 | Ollama | -| openclaw.* | 10.0.10.100:18789 | OpenClaw | -| (root) | homer:8080 | Homer Dashboard | - -**DNS:** AdGuard Home resolve todos `*.hackerfortress.cc` → 10.0.0.50 (dockerino), exceto `openclaw.*` → 10.0.10.100. O NPM faz o roteamento interno final. - -### 3.3 Diagrama de Infraestrutura - -```mermaid -graph TB - subgraph INTERNET["🌐 INTERNET"] - OI["ISP OI"] - STARLINK["Starlink"] - end - - subgraph ROUTER["📡 ER605 Omada"] - GW["Gateway / Load Balance\n10.0.0.1"] - end - - subgraph HESTIA["hestia · 10.0.10.100"] - HERMES["🤖 Hermes Agent\n(Telegram)"] - NPM["🔀 Nginx Proxy Manager\n:81"] - ADGUARD["🛡️ AdGuard Home\n:3053"] - end - - subgraph TRUENAS["TrueNAS · 10.0.0.30"] - N8N["⚙️ n8n\n:30109"] - KUMA["📊 Uptime Kuma\n:31050"] - TN_UI["TrueNAS UI\n:443"] - end - - subgraph DOCKERINO["dockerino · 10.0.0.50"] - GITEA["📝 Gitea\n:3080/2222"] - POSTGRES["🗄️ PostgreSQL\n:5432"] - OUTLINE["📚 Outline Wiki\n:3001"] - BOOKSTACK["📖 BookStack\n:8082"] - ADGHOME["🛡️ AdGuard\n(network_mode)"] - HOMEBOX["📦 HomeBox\n:3100"] - FLATNOTES["📝 FlatNotes\n:8089"] - HOMER["🏠 Homer\n:8090"] - PICSUR["🖼️ Picsur\n:8091"] - SPEEDTEST["📡 Speedtest\n:8765"] - OMADA["📶 Omada Controller\n:8043"] - end - - subgraph MEDIA["media · 10.0.0.36"] - JELLYFIN["🎬 Jellyfin\n:8096/8920"] - SONARR["📺 Sonarr\n:8989"] - RADARR["🎥 Radarr\n:7878"] - PROWLARR["🔍 Prowlarr\n:9696"] - BAZARR["📄 Bazarr\n:6767"] - QBITTORRENT["⬇️ qBittorrent\n:5080"] - end - - subgraph HA["homeassistant · 10.0.0.100"] - HOMEASSISTANT["🏠 Home Assistant\n:8123"] - end - - OI & STARLINK --> GW - GW --> HESTIA & TRUENAS & DOCKERINO & MEDIA & HA - - %% NPM routing - NPM -->|SSL Termination| KUMA - NPM -->|SSL Termination| N8N - NPM -->|SSL Termination| GITEA - NPM -->|SSL Termination| JELLYFIN - NPM -->|SSL Termination| HOMEASSISTANT - NPM -->|SSL Termination| OUTLINE - NPM -->|SSL Termination| BOOKSTACK - NPM -->|SSL Termination| HOMEBOX - NPM -->|SSL Termination| FLATNOTES - NPM -->|SSL Termination| PICSUR - NPM -->|SSL Termination| SPEEDTEST - NPM -->|SSL Termination| OMADA - NPM -->|SSL Termination| ADGHOME - NPM -->|SSL Termination| BAZARR - NPM -->|SSL Termination| QBITTORRENT - NPM -->|SSL Termination| SONARR - NPM -->|SSL Termination| RADARR - NPM -->|SSL Termination| PROWLARR - NPM -->|SSL Termination| TN_UI - - %% AdGuard DNS - ADGUARD -.->|DNS *.hackerfortress.cc| NPM - - %% Internal data flows - GITEA --> POSTGRES - OUTLINE --> POSTGRES - JELLYFIN -.->|media files| QBITTORRENT - - %% Hermes interaction - HERMES --> NPM -``` - -**Resumo do fluxo:** -1. **Usuário** acessa `servico.hackerfortress.cc` -2. **AdGuard** (10.0.10.100:3053) resolve DNS → 10.0.0.50 (dockerino) -3. **Nginx Proxy Manager** (dockerino:81) recebe a requisição, termina SSL -4. **NPM** faz proxy reverso interno para o serviço correto na porta对应 -5. **Hermes Agent** (Telegram) também se comunica via NPM para monitorar status - ---- - -## 4. ACESSO SSH - -### 4.1 Chave SSH da Héstia - -- **Created:** 2026-04-08 -- **Type:** ED25519 -- **Fingerprint:** SHA256:ieM8FlrvI0ByxVinRa3zfKzP6BYMO2aVGd/IMshTmYU -- **Key file:** `~/.ssh/id_ed25519` -- **Public key:** - ``` - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINEbnDYVvjbDrGuA4SfM8Ex/H/9RVHmkyu7qzCEt27eh hestia-homlelab-20260408 - ``` - -### 4.2 SSH Config ( ~/.ssh/config) - -``` -Host truenas - HostName 10.0.0.30 - User root - Port 22 - IdentityFile ~/.ssh/id_ed25519 - -Host proxmox - HostName 10.0.0.20 - User root - Port 22 - IdentityFile ~/.ssh/id_ed25519 - -Host dockerino - HostName 10.0.0.50 - User root - Port 22 - IdentityFile ~/.ssh/id_ed25519 - -Host media - HostName 10.0.0.36 - User root - Port 22 - IdentityFile ~/.ssh/id_ed25519 - -Host homeassistant - HostName 10.0.0.100 - User root - Port 22 - IdentityFile ~/.ssh/id_ed25519 -``` - -### 4.3 Status Distribuição de Chaves - -| Máquina | Status | -|---------|--------| -| TrueNAS | ✅ Distribuída | -| Proxmox | ✅ Distribuída | -| Dockerino | ✅ Distribuída | -| Media | ✅ Distribuída | -| Home Assistant | ❌ Pendente (via Proxmox) | - ---- - -## 5. DOCKER COMPOSE STACKS - -### 5.1 Dockerino Stacks - -Localização: `/root/dockerino/` - -| Stack | Path | Services | -|-------|------|----------| -| Nginx Proxy Manager | `/root/dockerino/nginx/` | nginx (jpw/nginx-proxy-manager) | -| Adguard Home | `/root/dockerino/adguard/` | adguardhome | -| BookStack | `/root/dockerino/bookstack/` | mysql, bookstack | -| Outline | `/root/dockerino/outline/` | outline-postgres, outline-redis, outline-minio, outline-minio-init, outline | -| FlatNotes | `/root/dockerino/flatnotes/` | flatnotes | -| Homer | `/root/dockerino/homer/` | homer | -| HomeBox | `/root/dockerino/homebox/` | homebox | -| Omada Controller | `/root/dockerino/omada-controller/` | omada-controller | -| Picsur | `/root/dockerino/picsur/` | picsur | -| Speedtest | `/root/dockerino/speedtest/` | speedtest | -| Twingate | `/root/dockerino/twingate/` | twingate | - -### 5.2 Media Stack - -Localização: `/root/homefortress-media/docker-compose.yml` - -Network: `mynetwork` (172.19.0.0/16) - -| Service | IP | Ports | -|---------|-----|-------| -| qbittorrent | 172.19.0.2 | 5080, 6881 | -| sonarr | 172.19.0.3 | 8989 | -| prowlarr | 172.19.0.4 | 9696 | -| radarr | 172.19.0.5 | 7878 | -| ollama | 172.19.0.10 | 11434 | - -Volumes: -- `/mnt/share-media` — dados de mídia (bind mount) - ---- - -## 6. STORAGE E BACKUPS - -### 6.1 TrueNAS Pools - -**Ikky (2.72T):** -- `Ikky/data` — 199G usado, compartilhamento SMB principal -- `Ikky/.system` — configurações TrueNAS -- `Ikky/ix-apps` — apps catalog (n8n, uptime-kuma) - -**Hyoga (1.81T):** -- `Hyoga/media` — 923G (backup final 2025-12-05) -- `Hyoga/raidfortress` — 192G - -### 6.2 Media Mount - -`/mnt/share-media` é o mount point principal para dados de mídia, compartilhado entre Media VM e TrueNAS. - ---- - -## 7. MONITORAMENTO E ALERTAS - -### 7.1 Alertas Ativos - -| Severidade | Máquina | Alerta | Ação Recomendada | -|------------|---------|--------|------------------| -| ~~⚠️ Alta~~ | ~~TrueNAS~~ | ~~n8n/uptime-kuma não sobem após reboot~~ | ~~Investigar bug de pool ix-apps~~ ✅ Resolvido | -| ~~⚠️ Média~~ | ~~Dockerino~~ | ~~Twingate unhealthy~~ | ~~Configurar healthcheck customizado ou aceitar estado~~ ✅ Resolvido | -| ~~⚠️ Média~~ | ~~Media~~ | ~~Ollama unhealthy~~ | ~~Remover container e modelos~~ ✅ Resolvido | -| ~~ℹ️ Info~~ | ~~TrueNAS~~ | ~~ix-apps directory parcialmente populado~~ | ~~Monitorar após fix do bug~~ ✅ Resolvido | - -### 7.2 Serviços de Monitoramento - -- **Uptime Kuma:** Ativo no TrueNAS (10.0.0.30:31050) ✅ -- **netdata:** Ativo no TrueNAS (porta 6999) -- **Speedtest Tracker:** Ativo no Dockerino (porta 8765) - ---- - -## 8. PROBLEMAS CONHECIDOS E TODOS - -### 8.1 Bugs - -- [x] **BUG-TRUENAS-01:** TrueNAS ix-apps pool não monta automaticamente após reboot ✅ (2026-04-08 - aplicado canmount=on nos datasets) -- [x] **BUG-TWINGATE-01:** Twingate connector unhealthy — healthcheck não configurado (sem endpoint HTTP) ✅ (2026-04-08 - healthcheck desabilitado) - -### 8.2 Tasks - -- [x] **TASK-OLLAMA-01:** Remover Ollama e modelos baixados do Media ✅ (2026-04-08) -- [ ] **TASK-VPN-01:** Avaliar WireGuard como替代 NordVPN -- [ ] **TASK-HA-01:** Configurar acesso SSH ao Home Assistant via Proxmox guest agent -- [ ] **TASK-BACKUP-01:** Configurar rotina de backup para configurações das VMs -- [ ] **TASK-DOCS-01:** Documentar credenciais de serviços (usar Vault/Pass) - ---- - -## 9. PRÓXIMOS PASSOS - -1. ~~Corrigir bug da pool do TrueNAS (ix-apps)~~ ✅ (2026-04-08) -2. ~~Remover Ollama do Media~~ ✅ (2026-04-08) -3. ~~Configurar Twingate healthcheck~~ ✅ (2026-04-08) -4. ~~Mapear todos os subdomínios e SSL certificates~~ ✅ (2026-04-08) -5. ~~Configurar Uptime Kuma para monitorar todos os serviços~~ ✅ (2026-04-08) -6. Implementar solução de backup (TrueNAS → ?) -7. Avaliar secrets management (Vault/Pass) - ---- - -*Documento mantido por Héstia — Guardiã do Homelab* -*Atualizado: 2026-04-08 14:55 UTC-3* \ No newline at end of file diff --git a/docs/NEXT_STEPS.md b/docs/NEXT_STEPS.md deleted file mode 100644 index 757c1c9..0000000 --- a/docs/NEXT_STEPS.md +++ /dev/null @@ -1,64 +0,0 @@ -# Homelab - Próximos Passos (2026-04-08) - -## Contexto Resumido - -**Rede:** 10.0.0.0/24 (VLAN1 infra), 10.0.10.0/24 (VLAN10 geral). Router ER605 Omada. Dual ISP (OI + Starlink). Domain: hackerfortress.cc - -**Máquinas principais:** -- TrueNAS (10.0.0.30): n8n, Uptime Kuma, TrueNAS Core -- Proxmox (10.0.0.20): hosts dockerino, media, homeassistant -- Hestia (10.0.10.100): management node (esta máquina) -- Dockerino (10.0.0.50): Docker host com NPM, AdGuard, e mais - -**Arquitetura docs:** ~/homelab/docs/ARCHITECTURE.md - ---- - -## Tarefas Pendentes - -### 5. Configurar Uptime Kuma para monitorar todos os serviços ✅ -- Todos os 18 serviços monitorados: NPM (10.0.0.50:81), AdGuard (10.0.0.50:3000), Jellyfin (10.0.0.36:8096), Sonarr (10.0.0.36:8989), Radarr (10.0.0.36:7878), Prowlarr (10.0.0.36:9696), Bazarr (10.0.0.36:6767), qBittorrent (10.0.0.36:5080), HomeAssistant (10.0.0.100:8123), Proxmox (10.0.0.20:8006), TrueNAS (10.0.0.30:443), n8n (10.0.0.30:30109), BookStack (10.0.0.50:8082), FlatNotes (10.0.0.50:8089), HomeBox (10.0.0.50:3100), Picsur (10.0.0.50:8091), Outline (10.0.0.50:3001), Omada (10.0.0.50:8043) -- Status atual: 16 UP, 0 DOWN (TrueNAS e AdGuard com uptime parcial em recuperação) -- Credenciais salvas na memória: admin / UptimeKuma@2026#Hestia! - -### 6. Implementar solução de backup (TrueNAS → ?) -- Avaliar opções: rsync para offsite,borgbackup, restic, ou靠在 TrueNAS built-in -- Considerar Restic ou borg para backup incremental offsite -- Avaliar custos de storage - -### 7. WireGuard como alternativa ao NordVPN -- NordVPN ainda não implementou split-tunnel no Linux -- WireGuard seria para conexão externa (road warrior) -- Avaliar configuração no ER605 ou em um container - -### 8. NordVPN split-tunnel no Linux -- NordVPN CLI suporta `--allowlist` ou `exclude` para split-tunnel -- Testar com containers que precisam de VPN (qBittorrent, etc.) -- Exemplo: `nordvpn set allowlist add Subnet:192.168.1.0/24` - -### 9. Documentar credenciais -- Todas as senhas/documentação do homelab em: ~/homelab/docs/ -- Avaliar Password Store (pass) ou Vault para secrets management - ---- - -## Investigações Recentes (2026-04-08) - -### TrueNAS ix-apps (n8n, Uptime Kuma) -- Apps existem nos datasets mas middleware não os reconhece (`midclt call app.query` retorna []) -- Causa: datasets com `canmount=noauto` não montados automaticamente -- Fix testado: `zfs mount Ikky/ix-apps/app_configs` -- Próximo passo: WebUI para stop/rollback/start dos apps - -### Nginx Proxy Manager - SSL Certificates -- Cert wildcard `*.hackerfortress.cc` expira 2026-05-27 (cert ID 75) -- 23 subdomínios configurados no NPM, todos usando o mesmo cert -- Revisão do ARCHITECTURE.md feita: atualizações no item 4 - ---- - -## Notas de Configuração - -- Lid switch: `HandleLidSwitch=ignore` + suspend targets masked -- NVIDIA GT 730M: nouveau (driver open-source) -- SSH key: ED25519, fingerprint SHA256:ieM8FlrvI0ByxVinRa3zfKzP6BYMO2aVGd/IMshTmYU \ No newline at end of file diff --git a/terraform/er605/main.tf b/terraform/er605/main.tf deleted file mode 100644 index ee092f7..0000000 --- a/terraform/er605/main.tf +++ /dev/null @@ -1,118 +0,0 @@ -# Terraform configuration for TP-Link ER605 Router via Omada Controller -# Router: TP-Link ER605 (Omada Controller on dockerino:8043) - -terraform { - required_version = ">= 1.0" - - required_providers { - omada = { - source = "jkbo/RF-omada" - version = "~> 1.0" - } - } -} - -provider "omada" { - omada_url = var.omada_url - omada_username = var.omada_username - omada_password = var.omada_password - ssl_verify = var.ssl_verify -} - -# Data sources to get existing network info -data "omada_networks" "homelab" { - site_name = var.site_name -} - -# VLAN 1 - Infraestrutura (10.0.0.0/24) -resource "omada_network" "vlan1_infra" { - site_name = var.site_name - name = "VLAN1-INFRA" - purpose = "Management" - type = "L3" - subnet = "10.0.0.0/24" - gateway_ip = "10.0.0.1" - vlan_id = 1 - dhcp_relay_enabled = false -} - -# VLAN 10 - Geral (10.0.10.0/24) -resource "omada_network" "vlan10_geral" { - site_name = var.site_name - name = "VLAN10-GERAL" - purpose = "Corporate" - type = "L3" - subnet = "10.0.10.0/24" - gateway_ip = "10.0.10.1" - vlan_id = 10 - dhcp_relay_enabled = false -} - -# VLAN 20 - IOT (10.0.20.0/24) -resource "omada_network" "vlan20_iot" { - site_name = var.site_name - name = "VLAN20-IOT" - purpose = "Corporate" - type = "L3" - subnet = "10.0.20.0/24" - gateway_ip = "10.0.20.1" - vlan_id = 20 - dhcp_relay_enabled = false -} - -# VLAN 30 - Guests (10.0.30.0/24) -resource "omada_network" "vlan30_guests" { - site_name = var.site_name - name = "VLAN30-GUESTS" - purpose = "Guest" - type = "L3" - subnet = "10.0.30.0/24" - gateway_ip = "10.0.30.1" - vlan_id = 30 - dhcp_relay_enabled = false -} - -# DHCP Static Leases (examples) -# Add static DHCP entries for known devices -resource "omada_dhcp_static" "truenas" { - site_name = var.site_name - network_id = omada_network.vlan1_infra.id - mac_address = var.truenas_mac - ip_address = "10.0.0.30" - hostname = "truenas" -} - -resource "omada_dhcp_static" "proxmox" { - site_name = var.site_name - network_id = omada_network.vlan1_infra.id - mac_address = var.proxmox_mac - ip_address = "10.0.0.20" - hostname = "proxmox" -} - -resource "omada_dhcp_static" "dockerino" { - site_name = var.site_name - network_id = omada_network.vlan1_infra.id - mac_address = var.dockerino_mac - ip_address = "10.0.0.50" - hostname = "dockerino" -} - -resource "omada_dhcp_static" "media" { - site_name = var.site_name - network_id = omada_network.vlan1_infra.id - mac_address = var.media_mac - ip_address = "10.0.0.36" - hostname = "media" -} - -resource "omada_dhcp_static" "homeassistant" { - site_name = var.site_name - network_id = omada_network.vlan1_infra.id - mac_address = var.homeassistant_mac - ip_address = "10.0.0.100" - hostname = "homeassistant" -} - -# DNS routes for internal resolution -# *.hackerfortress.cc -> 10.0.0.50 (dockerino/NPM) diff --git a/terraform/er605/outputs.tf b/terraform/er605/outputs.tf deleted file mode 100644 index fdfff27..0000000 --- a/terraform/er605/outputs.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Outputs for ER605/Omada Terraform - -output "vlan1_infra_id" { - description = "VLAN1 Infrastructure ID" - value = omada_network.vlan1_infra.id -} - -output "vlan1_infra_subnet" { - description = "VLAN1 Infrastructure Subnet" - value = omada_network.vlan1_infra.subnet -} - -output "vlan10_geral_id" { - description = "VLAN10 General ID" - value = omada_network.vlan10_geral.id -} - -output "vlan10_geral_subnet" { - description = "VLAN10 General Subnet" - value = omada_network.vlan10_geral.subnet -} - -output "vlan20_iot_id" { - description = "VLAN20 IOT ID" - value = omada_network.vlan20_iot.id -} - -output "vlan30_guests_id" { - description = "VLAN30 Guests ID" - value = omada_network.vlan30_guests.id -} - -output "omada_url" { - description = "Omada Controller URL" - value = var.omada_url -} diff --git a/terraform/er605/variables.tf b/terraform/er605/variables.tf deleted file mode 100644 index 71108fb..0000000 --- a/terraform/er605/variables.tf +++ /dev/null @@ -1,62 +0,0 @@ -# Variables for ER605/Omada Terraform - -variable "omada_url" { - description = "Omada Controller URL" - type = string - default = "https://10.0.0.50:8043" -} - -variable "omada_username" { - description = "Omada Controller username" - type = string - default = "admin" -} - -variable "omada_password" { - description = "Omada Controller password" - type = string - sensitive = true -} - -variable "site_name" { - description = "Omada site name" - type = string - default = "Default" -} - -variable "ssl_verify" { - description = "Verify SSL certificates" - type = bool - default = false -} - -# MAC addresses for static DHCP -variable "truenas_mac" { - description = "TrueNAS MAC address" - type = string - default = "" # TODO: Add actual MAC -} - -variable "proxmox_mac" { - description = "Proxmox MAC address" - type = string - default = "" # TODO: Add actual MAC -} - -variable "dockerino_mac" { - description = "Dockerino MAC address" - type = string - default = "" # TODO: Add actual MAC -} - -variable "media_mac" { - description = "Media VM MAC address" - type = string - default = "" # TODO: Add actual MAC -} - -variable "homeassistant_mac" { - description = "Home Assistant VM MAC address" - type = string - default = "" # TODO: Add actual MAC -}