Antoine/SERVtomaste
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
57bcfa4a9a3b181d2cb400c83d319dd6220d98a9
SERVtomaste/docs/DALIDOU-SERVER.md
Anto01 57bcfa4a9a Add Solidworks licenses, scripts, and update server docs 
- Add Solidworks license files and install guides
- Add PowerShell privacy lockdown scripts for Solidworks telemetry
- Add Siemens License Server v5.1 binary for NX
- Update DALIDOU-SERVER.md with storage layout, backup system, and DNS fixes
- Add MEGA-PLAN-BRAIN-SYSTEM.md for unified knowledge management
- Add Claude Code local settings

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-25 11:56:23 -05:00

895 lines
21 KiB
Markdown
Raw Blame History

# Dalidou Home Server - Complete Documentation
> **Last Updated:** December 18, 2025
> **Server Name:** dalidou
> **Owner:** Antoine Letarte
---
## Table of Contents
1. [Server Overview](#server-overview)
2. [Network Configuration](#network-configuration)
3. [User Accounts](#user-accounts)
4. [Installed Services](#installed-services)
5. [Service Details & Configuration](#service-details--configuration)
6. [Docker Infrastructure](#docker-infrastructure)
7. [Directory Structure](#directory-structure)
8. [Backup Strategy](#backup-strategy)
9. [Maintenance Commands](#maintenance-commands)
10. [Disaster Recovery](#disaster-recovery)
11. [Troubleshooting](#troubleshooting)
---
## Server Overview
### Hardware
- **Type:** ThinkPad W520 home server running Docker containers
- **OS:** Ubuntu Linux
- **Location:** Home network
### Storage Drives
| Device | Model | Size | Mount Point | Purpose |
|--------|-------|------|-------------|---------|
| sda | Samsung SSD 850 | 232GB | `/` (root) | Operating system |
| sdb | Crucial BX500 SSD | 3.6TB | `/srv/storage` | Service data, Obsidian, shared files |
| sdc | WD Elements 14TB | 12.7TiB | `/mnt/hdd` | Immich photos, backups |
**Note:** sdc is connected via USB 3.0 (SuperSpeed)
### Purpose
Self-hosted infrastructure replacing cloud services:
- Google Photos → Immich
- Google Drive → Seafile
- Dropbox → Syncthing
- GitHub → Gitea
- Document management → Paperless-ngx
---
## Network Configuration
### IP Addresses
| Network | IP Address | Usage |
|---------|------------|-------|
| WiFi (Primary) | `192.168.86.50` | Main local access |
| Wired | `10.0.0.77` | Backup/alternate |
| Tailscale VPN | `100.80.199.40` | Remote access from anywhere |
### SSH Access
```bash
# Local network
ssh papa@192.168.86.50
# Via Tailscale (remote)
ssh papa@100.80.199.40
# Using hostname (if DNS configured)
ssh papa@dalidou
```
### Ports in Use
| Port | Service | Protocol |
|------|---------|----------|
| 22 | SSH (host) | TCP |
| 80 | Caddy (reverse proxy) | TCP |
| 2222 | Gitea SSH | TCP |
| 2283 | Immich | TCP |
| 3000 | Gitea Web | TCP |
| 3001 | Homepage Dashboard | TCP |
| 8080 | Home Assistant | TCP |
| 8081 | Filebrowser | TCP |
| 8082 | Paperless-ngx | TCP |
| 8083 | Seafile | TCP |
| 8384 | Syncthing Web UI | TCP |
| 21027 | Syncthing Discovery | UDP |
| 22000 | Syncthing Transfer | TCP/UDP |
---
## User Accounts
### System Users
| Username | Password | Role |
|----------|----------|------|
| papa | Ladygaga | Admin (SSH, sudo) |
### Service Accounts
| Service | Username | Password | Email |
|---------|----------|----------|-------|
| Gitea | Antoine | Ladygaga | antoine.letarte@gmail.com |
| Filebrowser | Antoine | Ladygaga2024 | - |
| Seafile | antoine.letarte@gmail.com | Ladygaga2025 | antoine.letarte@gmail.com |
| Immich | Antoine | (see Bitwarden) | antoine.letarte@gmail.com |
| Paperless | Antoine | (see Bitwarden) | - |
### Family Accounts
| Name | Password | Notes |
|------|----------|-------|
| Odile | Adalidou948 | Family member access |
---
## Installed Services
### Quick Access URLs
| Service | Local URL | Direct IP URL |
|---------|-----------|---------------|
| **Homepage** (Dashboard) | http://home.dalidou.home | http://192.168.86.50:3001 |
| **Immich** (Photos) | http://photos.dalidou.home | http://192.168.86.50:2283 |
| **Filebrowser** | http://files.dalidou.home | http://192.168.86.50:8081 |
| **Paperless** (Docs) | http://docs.dalidou.home | http://192.168.86.50:8082 |
| **Gitea** (Git) | http://git.dalidou.home | http://192.168.86.50:3000 |
| **Syncthing** | http://sync.dalidou.home | http://192.168.86.50:8384 |
| **Seafile** (Cloud) | http://cloud.dalidou.home | http://192.168.86.50:8083 |
| **Home Assistant** | - | http://192.168.86.50:8080 |
### Remote Access (Tailscale)
When away from home, use Tailscale IP:
- Immich: http://100.80.199.40:2283
- Seafile: http://100.80.199.40:8083
- Gitea: http://100.80.199.40:3000
- etc.
---
## Service Details & Configuration
### 1. Immich - Photo Management
**Purpose:** Google Photos replacement - backup, organize, and share photos
**Containers:**
- `immich_server` - Main application
- `immich_postgres` - Database
- `immich_redis` - Cache
**Data Location:** `/srv/immich/`
**Features:**
- Mobile app backup (iOS/Android)
- Face recognition
- Location mapping
- Sharing albums
**Mobile App:** "Immich" on App Store / Play Store
- Server URL: http://192.168.86.50:2283 (local) or http://100.80.199.40:2283 (remote)
---
### 2. Filebrowser - Web File Manager
**Purpose:** Browse and manage server files via web browser
**Container:** `filebrowser`
**Data Location:**
- Config: `/srv/filebrowser/config/`
- Database: `/srv/filebrowser/database/`
- Serves: `/srv/storage/shared/`
**Login:** Antoine / Ladygaga2024
**Use Cases:**
- Quick file access without SSH
- Share files with family
- Upload/download files
---
### 3. Paperless-ngx - Document Management
**Purpose:** Scan, OCR, organize, and search documents
**Containers:**
- `paperless` - Main application
- `paperless_postgres` - Database
- `paperless_redis` - Cache
**Data Location:** `/srv/paperless/`
**Features:**
- OCR scanning
- Full-text search
- Tagging and categorization
- Correspondent tracking
**Workflow:**
1. Scan documents to consume folder
2. Paperless auto-processes and OCRs
3. Search and organize in web UI
---
### 4. Gitea - Git Repository Hosting
**Purpose:** Self-hosted GitHub - version control for code and CAD files
**Containers:**
- `gitea` - Main application
- `gitea_postgres` - Database
**Data Location:** `/srv/gitea/`
**Configuration:**
- Web Port: 3000
- SSH Port: 2222
- LFS Enabled: Yes (for large CAD files)
- LFS Path: `/data/git/lfs`
**Git LFS:** Enabled for large file storage (CAD files, binaries)
**Clone via HTTPS:**
```bash
git clone http://192.168.86.50:3000/Antoine/CADTOMASTE.git
```
**Clone via SSH:**
```bash
git clone ssh://git@192.168.86.50:2222/Antoine/CADTOMASTE.git
```
---
### 5. Syncthing - File Synchronization
**Purpose:** Sync files between devices (like Dropbox but self-hosted)
**Container:** `syncthing`
**Data Location:** `/srv/syncthing/`
**Ports:**
- 8384: Web UI
- 22000: Sync (TCP/UDP)
- 21027: Discovery (UDP)
**Use Cases:**
- Sync folders between laptop and server
- Backup important directories
- Share folders with family
---
### 6. Seafile - Cloud Storage
**Purpose:** Self-hosted Google Drive / Dropbox alternative
**Containers:**
- `seafile` - Main application
- `seafile-mysql` - Database (MariaDB)
- `seafile-memcached` - Cache
**Data Location:** `/srv/seafile/`
**Configuration:**
- Web Port: 8083
- Admin: antoine.letarte@gmail.com / Ladygaga2025
- Timezone: America/Toronto
**Clients:**
- **SeaDrive (Windows):** Creates virtual drive letter (S:\)
- **Mobile App:** "Seafile" on App Store / Play Store
**Desktop Client Setup:**
1. Install SeaDrive from https://www.seafile.com/en/download/
2. Server: http://192.168.86.50:8083
3. Login with your credentials
4. Choose drive letter (e.g., S:\)
---
### 7. Home Assistant - Smart Home
**Purpose:** Home automation and smart device control
**Container:** `homeassistant`
**Access:** http://192.168.86.50:8080
**Additional:** Matter Server (`matter-server`) for Matter/Thread devices
---
### 8. Homepage - Server Dashboard
**Purpose:** Centralized dashboard to view and access all server services at a glance
**Container:** `homepage`
**Image:** `ghcr.io/gethomepage/homepage:latest`
**Data Location:** `/srv/homepage/`
**Configuration:**
- Web Port: 3001
- Theme: Dark (slate color)
- Docker integration enabled (monitors container status)
**Access:**
- Local: http://192.168.86.50:3001
- Wired: http://10.0.0.77:3001
- Tailscale: http://100.80.199.40:3001
**Features:**
- Real-time Docker container status monitoring
- Quick links to all services (Immich, Paperless, Gitea, Seafile, etc.)
- Customizable widgets and bookmarks
- Dark theme with clean interface
**Configuration Files:**
- `services.yaml` - Define services and their icons/links
- `settings.yaml` - Theme, layout, and general settings
- `widgets.yaml` - System widgets (CPU, memory, etc.)
- `bookmarks.yaml` - External bookmarks
- `docker.yaml` - Docker socket configuration
**Customization:**
```bash
# Edit service definitions
nano /srv/homepage/services.yaml
# Restart to apply changes
docker restart homepage
```
---
## Docker Infrastructure
### View Running Containers
```bash
ssh papa@192.168.86.50 "docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'"
```
### Container Management
```bash
# Restart a service
docker restart <container_name>
# View logs
docker logs <container_name>
docker logs -f <container_name> # Follow logs
# Stop/Start
docker stop <container_name>
docker start <container_name>
# Check resource usage
docker stats
```
### Docker Compose Locations
| Service | Compose File Location |
|---------|----------------------|
| Seafile | `/srv/seafile/docker-compose.yml` |
| Immich | `/srv/immich/docker-compose.yml` |
| Gitea | `/srv/gitea/docker-compose.yml` |
| Paperless | `/srv/paperless/docker-compose.yml` |
| Homepage | `/home/papa/docker-compose.yml` |
### Restart All Services
```bash
cd /srv/<service>
docker compose down
docker compose up -d
```
---
## Directory Structure
### SSD Storage (`/srv/storage` - 3.6TB Crucial SSD)
```
/srv/storage/
├── docs/ ← Paperless consume folder
├── shared/ ← Filebrowser root
├── repos/ ← Gitea repositories
├── obsidian/ ← Obsidian vault (synced)
└── photos/ ← External photos (read-only in Immich)
```
### HDD Storage (`/mnt/hdd` - 14TB WD Elements)
```
/mnt/hdd/
├── immich/ ← Primary Immich storage (photos/videos)
│ ├── upload/ ← All user uploads (~535GB)
│ ├── postgres/ ← Immich database
│ ├── model-cache/ ← ML models
│ └── redis/ ← Redis cache
└── backups/
├── restic-repo/ ← Incremental backups (deduplicated)
└── system-images/ ← Weekly full system tarballs
```
### Service Configuration (`/srv/`)
```
/srv/
├── filebrowser/
│ ├── config/
│ └── database/
├── gitea/
│ ├── data/
│ │ └── git/
│ │ ├── repositories/
│ │ └── lfs/
│ └── postgres/
├── immich -> /srv/storage/immich ← Symlink
├── paperless/
│ ├── consume/ ← Drop documents here
│ ├── data/
│ ├── media/
│ └── postgres/
├── seafile/
│ ├── data/
│ │ └── seafile/
│ │ ├── conf/
│ │ └── seafile-data/
│ └── mysql/
├── syncthing/
│ └── config/
├── homepage/
│ ├── services.yaml ← Service definitions
│ ├── settings.yaml ← Theme and layout
│ ├── widgets.yaml ← Dashboard widgets
│ ├── bookmarks.yaml ← External links
│ └── docker.yaml ← Docker integration
├── pihole/
│ ├── etc-pihole/
│ └── etc-dnsmasq.d/
└── storage/ ← Main SSD storage mount
```
---
## Backup Strategy
### Automated Backup System (Restic + Cron)
The server uses a dual backup approach:
1. **Daily incremental backups** at midnight using restic
2. **Weekly full system images** on Sundays at 3 AM
### How Restic Backups Work (Efficiency)
Restic uses **deduplication and incremental backups**, making it very efficient:
| Aspect | Behavior |
|--------|----------|
| **First backup** | Full backup (~535GB for Immich, takes 1-2 hours) |
| **Daily backups** | Only new/changed data (typically minutes, not hours) |
| **Storage** | Deduplicated - identical files stored once |
| **CPU/Energy** | Low - only processes changes |
**Example:** If you add 20 new photos (100MB) today:
- Backup uploads ~100MB (not 535GB)
- Takes ~2-5 minutes (not hours)
- HDD spins briefly, then sleeps
This makes nightly backups energy-efficient and fast after the initial backup.
### Backup Storage
| Location | Purpose | Size |
|----------|---------|------|
| `/mnt/hdd/backups/restic-repo` | Incremental backups (versioned, deduplicated) | ~500GB+ |
| `/mnt/hdd/backups/system-images` | Weekly full system tarballs | ~50GB x 4 |
| `/mnt/hdd/immich` | Primary Immich photo storage | ~535GB |
### Backup Credentials
**Restic Repository Password:** `dalidou-backup-2025`
⚠️ **IMPORTANT:** Store this password securely (e.g., Bitwarden). Without it, backups are irrecoverable!
### What Gets Backed Up Daily
| Data | Location | Priority |
|------|----------|----------|
| Immich photos & DB | `/mnt/hdd/immich` | HIGH |
| Obsidian vault | `/srv/storage/obsidian` | HIGH |
| Documents | `/srv/storage/docs` | HIGH |
| Shared files | `/srv/storage/shared` | MEDIUM |
| Gitea repos & DB | `/srv/gitea` | HIGH |
| Paperless docs & DB | `/srv/paperless` | HIGH |
| Syncthing config | `/srv/syncthing` | LOW |
| Homepage config | `/srv/homepage` | LOW |
| Pi-hole config | `/srv/pihole` | LOW |
| Docker compose | `/home/papa` | MEDIUM |
### Backup Scripts
| Script | Schedule | Purpose |
|--------|----------|---------|
| `/usr/local/bin/backup-daily.sh` | Daily at midnight | Incremental restic backup |
| `/usr/local/bin/backup-weekly-image.sh` | Sundays 3 AM | Full system tarball |
### Retention Policy
- **Daily backups:** Keep 7 days
- **Weekly backups:** Keep 4 weeks
- **Monthly backups:** Keep 12 months
- **System images:** Keep 4 most recent
### Manual Backup Commands
```bash
# Check backup status
export RESTIC_REPOSITORY=/mnt/hdd/backups/restic-repo
export RESTIC_PASSWORD='dalidou-backup-2025'
restic snapshots
# Run manual backup
/usr/local/bin/backup-daily.sh
# Restore a file from backup
restic restore latest --target /tmp/restore --include /srv/storage/obsidian
# List files in a snapshot
restic ls latest
# Check backup integrity
restic check
# View backup logs
tail -100 /var/log/backup-daily.log
tail -100 /var/log/backup-weekly.log
```
### Legacy Manual Backup Commands
```bash
# Backup Immich
tar -czvf immich-backup-$(date +%Y%m%d).tar.gz /srv/immich/
# Backup Paperless
tar -czvf paperless-backup-$(date +%Y%m%d).tar.gz /srv/paperless/
# Backup Gitea
tar -czvf gitea-backup-$(date +%Y%m%d).tar.gz /srv/gitea/
# Backup Seafile (stop first for consistency)
docker compose -f /srv/seafile/docker-compose.yml stop seafile
tar -czvf seafile-backup-$(date +%Y%m%d).tar.gz /srv/seafile/
docker compose -f /srv/seafile/docker-compose.yml start seafile
```
---
## Maintenance Commands
### System Updates
```bash
# Update system packages
sudo apt update && sudo apt upgrade -y
# Update Docker images
docker compose pull
docker compose up -d
```
### Check Disk Space
```bash
df -h /srv
du -sh /srv/*
```
### View All Container Logs
```bash
docker logs --tail 50 <container_name>
```
### Restart Docker
```bash
sudo systemctl restart docker
```
---
## Disaster Recovery
### What You Need to Recover
1. **The 14TB WD Elements HDD** (contains all backups and Immich photos)
2. **Any new Linux machine** (Ubuntu 22.04+ recommended)
3. **The restic password:** `dalidou-backup-2025`
### Complete Recovery Steps
#### Step 1: Install Fresh Ubuntu
Install Ubuntu Server or Desktop on the new machine.
#### Step 2: Install Required Software
```bash
# Install Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
newgrp docker
# Install restic
sudo apt update && sudo apt install -y restic
# Install Tailscale (for remote access)
curl -fsSL https://tailscale.com/install.sh | sh
```
#### Step 3: Connect and Mount the 14TB HDD
```bash
# Find the drive
lsblk
# Create mount point and mount (replace sdX with actual device)
sudo mkdir -p /mnt/hdd
sudo mount /dev/sdX1 /mnt/hdd
# Add to fstab for auto-mount (get UUID first)
sudo blkid /dev/sdX1
# Add line to /etc/fstab:
# UUID=<your-uuid> /mnt/hdd ext4 defaults,nofail 0 2
```
#### Step 4: Restore from Restic Backup
```bash
# Set up restic environment
export RESTIC_REPOSITORY=/mnt/hdd/backups/restic-repo
export RESTIC_PASSWORD='dalidou-backup-2025'
# List available backups
restic snapshots
# Restore everything to root filesystem
sudo -E restic restore latest --target /
# This restores:
# - /mnt/hdd/immich (Immich photos & database)
# - /srv/storage/obsidian (Obsidian vault)
# - /srv/storage/docs (Documents)
# - /srv/gitea (Git repositories)
# - /srv/paperless (Paperless documents)
# - /srv/homepage, /srv/pihole, /srv/syncthing (configs)
# - /home/papa (docker-compose.yml)
```
#### Step 5: Create Required Directories
```bash
sudo mkdir -p /srv/storage
# Mount SSD if you have one, or create directories
```
#### Step 6: Start All Services
```bash
cd /home/papa
docker compose up -d
# Verify all containers are running
docker ps
```
#### Step 7: Configure Tailscale
```bash
sudo tailscale up
# Follow the link to authenticate
```
#### Step 8: Verify Services
- Immich: http://localhost:2283
- Gitea: http://localhost:3000
- Paperless: http://localhost:8082
- Homepage: http://localhost:3001
### Recovery Time Estimate
| Step | Time |
|------|------|
| Install Ubuntu | 15-30 min |
| Install Docker/restic | 5 min |
| Mount HDD | 2 min |
| Restore from backup | 30-60 min (depends on data size) |
| Start services | 5 min |
| **Total** | **~1-2 hours** |
### Key Files in Backup
| Location | Contents |
|----------|----------|
| `/mnt/hdd/immich` | All photos, videos, thumbnails, postgres DB |
| `/srv/storage/obsidian` | Obsidian vault |
| `/srv/gitea` | Git repositories and database |
| `/srv/paperless` | Scanned documents and database |
| `/home/papa/docker-compose.yml` | All service definitions |
### Alternative: Weekly System Image Recovery
If you prefer a full system restore (slower but includes OS configs):
```bash
# Mount the HDD
sudo mount /dev/sdX1 /mnt/hdd
# List available images
ls -la /mnt/hdd/backups/system-images/
# Extract to new system
sudo tar -xzvf /mnt/hdd/backups/system-images/system-image-YYYYMMDD.tar.gz -C /
```
---
## Troubleshooting
### Service Not Accessible
```bash
# Check if container is running
docker ps | grep <service>
# Check container logs
docker logs <container_name>
# Restart the service
docker restart <container_name>
```
### Port Already in Use
```bash
# Find what's using a port
sudo lsof -i :<port>
sudo netstat -tlnp | grep <port>
```
### Container Won't Start
```bash
# Check logs for errors
docker logs <container_name>
# Check disk space
df -h
# Check Docker status
sudo systemctl status docker
```
### Database Issues
```bash
# Enter postgres container
docker exec -it <postgres_container> psql -U <user> -d <database>
# Check database health
docker exec <postgres_container> pg_isready
```
### DNS Resolution Issues
If external domains fail to resolve (e.g., `api.anthropic.com`, `google.com`):
```bash
# Check current DNS config
cat /etc/resolv.conf
# Test DNS resolution
ping -4 google.com
# If using Tailscale MagicDNS and it's failing:
# Option 1: Disable Tailscale DNS management
tailscale set --accept-dns=false
# Option 2: Add fallback DNS to systemd-resolved
cat > /etc/systemd/resolved.conf.d/fix-dns.conf << 'EOF'
[Resolve]
DNS=8.8.8.8 1.1.1.1
FallbackDNS=8.8.4.4 1.0.0.1
EOF
systemctl restart systemd-resolved
# Switch to systemd-resolved
rm /etc/resolv.conf
ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
```
**Current DNS Configuration (as of Dec 2025):**
- Tailscale DNS disabled (`--accept-dns=false`)
- Using systemd-resolved with Google (8.8.8.8) and Cloudflare (1.1.1.1) DNS
---
### Reset Service Password
**Filebrowser:**
```bash
docker stop filebrowser
docker run --rm -v /srv/filebrowser/database:/database filebrowser/filebrowser \
users update admin --password newpassword -d /database/filebrowser.db
docker start filebrowser
```
**Gitea:**
```bash
docker exec -it gitea gitea admin user change-password --username Antoine --password newpassword
```
---
## Quick Reference Card
### SSH Access
```bash
ssh papa@192.168.86.50 # Local
ssh papa@100.80.199.40 # Tailscale
```
### Most Used Commands
```bash
# Check all containers
docker ps
# Restart a service
docker restart <name>
# View logs
docker logs -f <name>
# Disk space
df -h /srv
```
### Service URLs (Local)
- Dashboard: http://192.168.86.50:3001
- Photos: http://192.168.86.50:2283
- Files: http://192.168.86.50:8081
- Docs: http://192.168.86.50:8082
- Git: http://192.168.86.50:3000
- Cloud: http://192.168.86.50:8083
- Sync: http://192.168.86.50:8384
---
## Document History
| Date | Change |
|------|--------|
| 2025-11-27 | Initial documentation created |
| 2025-11-27 | Added Seafile setup |
| 2025-11-27 | Added Git LFS for CAD versioning |
| 2025-12-06 | Added Homepage dashboard documentation |
| 2025-12-18 | Added 14TB WD Elements HDD for Immich storage and backups |
| 2025-12-18 | Configured automated backup system (restic daily + weekly images) |
| 2025-12-18 | Fixed DNS resolution issues (Tailscale MagicDNS → systemd-resolved) |
Reference in New Issue View Git Blame Copy Permalink