# Homelab Todo List

Prioritized list of things Claudio wants to do with his homelab. Last updated: 2026-04-01.

## Backup & Restore

- [ ] Regular backup for NAS at parents' place
- [ ] Proxmox backup
- [ ] Paperless backup (and public access)
- [ ] Backup test script — verify restores actually work
- [ ] Kopia/Time Machine backup for Claudio's + Alena's machines (dotfiles, etc.)
- [ ] Backup system across entire lab (321 rule: 3 copies, 2 media, 1 offsite)

## Hosting & Apps

- [ ] Host Mealie (meal planning)
- [ ] Host Nextcloud
- [ ] Paperless-ngx public access setup

## Infrastructure Cleanup

- [ ] Clean up VPS — consolidate from many reverse proxies (pangolin, nginx, caddy, traefik, dokku, cloudflare?) to one proven stack
- [ ] Version control VPS setup (docker files + config files in git)
- [ ] Fix SSH keys: use single key or few keys instead of many

## Monitoring & Documentation

- [ ] Glance / Uptime Kuma page showing all hosted services status
- [ ] Documentation for everything hosted
- [ ] Monthly maintenance reminder + checklist

## Access & Networking

- [ ] One admin VPN network (evaluate: ZeroTier vs Tailscale vs Pangolin private)
- [ ] Invite people (family, friends) to appropriate services

## Network Infrastructure

- [ ] Define IP ranges properly (e.g., 10.0.0.0/24 for lab, 10.0.1.0/24 for prod, 10.0.2.0/24 for DMZ)
- [ ] Set up VLANs: separate prod, dev/staging, IoT, guests
- [ ] Document VLAN/subnet map and which services live where
- [ ] Firewall rules between VLANs (default deny, explicit allow)

## Automation & Maintenance

- [ ] Max 1h/month maintenance target — automate as much as possible
- [ ] Monthly maintenance reminder + checklist (Orik helps build)
- [ ] Automated backup verification (not just "ran", but "actually restoreable")
- [ ] Automated health checks + alerts

## Environments

- [ ] Proper distinction between production, development, and staging
- [ ] Dev/staging on separate VLAN from production
- [ ] Clear naming conventions for which services are which environment

## Notes

### Priority direction
Backup foundation first, then hosting apps, then cleanup and monitoring.

### VPN evaluation criteria
- Ease of setup + maintenance
- Works on all devices (Claudio's + Alena's)
- integrates with existing Cloudflare/Pangolin setup
- performance on mobile

### Monthly maintenance checklist (to build)
- Verify backups ran successfully
- Check disk usage on all nodes
- Review logs for errors
- Test at least one restore
- Update docker images / system packages
- Check SSL certs expiration
- Verify VPN connectivity
- Review access logs for anomalies