80 lines
2.8 KiB
Markdown
80 lines
2.8 KiB
Markdown
# Homelab Todo List
|
|
|
|
Prioritized list of things Claudio wants to do with his homelab. Last updated: 2026-04-01.
|
|
|
|
## Backup & Restore
|
|
|
|
- [ ] Regular backup for NAS at parents' place
|
|
- [ ] Proxmox backup
|
|
- [ ] Paperless backup (and public access)
|
|
- [ ] Backup test script — verify restores actually work
|
|
- [ ] Kopia/Time Machine backup for Claudio's + Alena's machines (dotfiles, etc.)
|
|
- [ ] Backup system across entire lab (321 rule: 3 copies, 2 media, 1 offsite)
|
|
|
|
## Hosting & Apps
|
|
|
|
- [ ] Immich: test thoroughly and validate for production use (see [[Immich Testing Plan]])
|
|
- [ ] Automatic phone backup (iOS)
|
|
- [ ] Immich library + database backup/restore
|
|
- [ ] Public sharing guest experience
|
|
- [ ] 1-week stability run
|
|
|
|
## Infrastructure Cleanup
|
|
|
|
- [ ] Evaluate: Pangolin + Authentik vs Cloudflare Access (free tier) — do we need both or is Cloudflare enough?
|
|
- [ ] Clean up VPS — consolidate from many reverse proxies (pangolin, nginx, caddy, traefik, dokku, cloudflare?) to one proven stack
|
|
- [ ] Version control VPS setup (docker files + config files in git)
|
|
- [ ] Fix SSH keys: use single key or few keys instead of many
|
|
|
|
## Monitoring & Documentation
|
|
|
|
- [ ] Glance / Uptime Kuma page showing all hosted services status
|
|
- [ ] Documentation for everything hosted
|
|
- [ ] Monthly maintenance reminder + checklist
|
|
|
|
## Access & Networking
|
|
|
|
- [ ] One admin VPN network (evaluate: ZeroTier vs Tailscale vs Pangolin private)
|
|
- [ ] Invite people (family, friends) to appropriate services
|
|
|
|
## Network Infrastructure
|
|
|
|
- [ ] Define IP ranges properly (e.g., 10.0.0.0/24 for lab, 10.0.1.0/24 for prod, 10.0.2.0/24 for DMZ)
|
|
- [ ] Set up VLANs: separate prod, dev/staging, IoT, guests
|
|
- [ ] Document VLAN/subnet map and which services live where
|
|
- [ ] Firewall rules between VLANs (default deny, explicit allow)
|
|
|
|
## Automation & Maintenance
|
|
|
|
- [ ] Max 1h/month maintenance target — automate as much as possible
|
|
- [ ] Monthly maintenance reminder + checklist (Orik helps build)
|
|
- [ ] Automated backup verification (not just "ran", but "actually restoreable")
|
|
- [ ] Automated health checks + alerts
|
|
|
|
## Environments
|
|
|
|
- [ ] Proper distinction between production, development, and staging
|
|
- [ ] Dev/staging on separate VLAN from production
|
|
- [ ] Clear naming conventions for which services are which environment
|
|
|
|
## Notes
|
|
|
|
### Priority direction
|
|
Backup foundation first, then hosting apps, then cleanup and monitoring.
|
|
|
|
### VPN evaluation criteria
|
|
- Ease of setup + maintenance
|
|
- Works on all devices (Claudio's + Alena's)
|
|
- integrates with existing Cloudflare/Pangolin setup
|
|
- performance on mobile
|
|
|
|
### Monthly maintenance checklist (to build)
|
|
- Verify backups ran successfully
|
|
- Check disk usage on all nodes
|
|
- Review logs for errors
|
|
- Test at least one restore
|
|
- Update docker images / system packages
|
|
- Check SSL certs expiration
|
|
- Verify VPN connectivity
|
|
- Review access logs for anomalies
|