second-brain/02_Projects/Homelab Todo List.md

Homelab Todo List

Prioritized list of things Claudio wants to do with his homelab. Last updated: 2026-04-01.

Backup & Restore

• Regular backup for NAS at parents' place
• Proxmox backup
• Paperless backup (and public access)
• Backup test script — verify restores actually work
• Kopia/Time Machine backup for Claudio's + Alena's machines (dotfiles, etc.)
• Backup system across entire lab (321 rule: 3 copies, 2 media, 1 offsite)

Hosting & Apps

• Host Mealie (meal planning)
• Host Nextcloud
• Paperless-ngx public access setup
• Immich: migrate Alena + family users once stable (see Frusetik Access Architecture for access model)
• Immich: stop iCloud + Synology Photos sync, use Immich exclusively

Infrastructure Cleanup

• Clean up VPS — consolidate from many reverse proxies (pangolin, nginx, caddy, traefik, dokku, cloudflare?) to one proven stack
• Version control VPS setup (docker files + config files in git)
• Fix SSH keys: use single key or few keys instead of many

Monitoring & Documentation

• Glance / Uptime Kuma page showing all hosted services status
• Documentation for everything hosted
• Monthly maintenance reminder + checklist

Access & Networking

• One admin VPN network (evaluate: ZeroTier vs Tailscale vs Pangolin private)
• Invite people (family, friends) to appropriate services

Network Infrastructure

• Define IP ranges properly (e.g., 10.0.0.0/24 for lab, 10.0.1.0/24 for prod, 10.0.2.0/24 for DMZ)
• Set up VLANs: separate prod, dev/staging, IoT, guests
• Document VLAN/subnet map and which services live where
• Firewall rules between VLANs (default deny, explicit allow)

Automation & Maintenance

• Max 1h/month maintenance target — automate as much as possible
• Monthly maintenance reminder + checklist (Orik helps build)
• Automated backup verification (not just "ran", but "actually restoreable")
• Automated health checks + alerts

Environments

• Proper distinction between production, development, and staging
• Dev/staging on separate VLAN from production
• Clear naming conventions for which services are which environment

Notes

Priority direction

Backup foundation first, then hosting apps, then cleanup and monitoring.

VPN evaluation criteria

• Ease of setup + maintenance
• Works on all devices (Claudio's + Alena's)
• integrates with existing Cloudflare/Pangolin setup
• performance on mobile

Monthly maintenance checklist (to build)

• Verify backups ran successfully
• Check disk usage on all nodes
• Review logs for errors
• Test at least one restore
• Update docker images / system packages
• Check SSL certs expiration
• Verify VPN connectivity
• Review access logs for anomalies