phil/vps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
vps/vps1-todo.md
service 1e1a528a5e Initial commit: VPS setup documentation 
Add comprehensive documentation for VPS setup and configuration including:
- Project instructions
- VPS1 starting point configuration
- VPS1 current state documentation
- VPS1 todo list

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-26 07:43:24 +01:00

9.1 KiB
Raw Permalink Blame History

VPS1 Todo List

Host: vps1.phiiiil.de (152.53.119.222) Last Updated: 2026-01-25 System Status: Production Ready

Priority 1: Critical Data Protection 🔴

1.1 Immich Photo Backup (37GB) COMPLETED

Status: IMPLEMENTED - Daily automated backup running Completion Date: 2026-01-25 Schedule: Daily at 04:00 German time (CET/CEST) Location: /mnt/backup/immich-photos/ Retention: 30 days

What Was Done:

  • Created dedicated Immich photo backup script
  • Installed rsync for efficient incremental backups
  • Configured cron job for daily 04:00 execution
  • Performed initial backup (34,694 files, 39.34GB)
  • Set up 30-day retention policy
  • Configured logging to /var/log/immich-photo-backup.log

Backup Details:

  • Script: /home/phil/docker/backup/backup-immich-photos.sh
  • Uses rsync with hardlinking for space efficiency
  • First backup: ~4 minutes (164 MB/s)
  • Subsequent backups: Incremental (only changed files)
  • Total space used: ~39GB per full backup

Monitoring:

# Check backup log
tail -f /var/log/immich-photo-backup.log

# View latest backup
ls -lah /mnt/backup/immich-photos/latest/

# Check backup info
cat /mnt/backup/immich-photos/latest/backup-info.txt

Restore Procedure:

# Restore all photos
rsync -av /mnt/backup/immich-photos/latest/ /home/phil/docker/immich-app/library/

# Or restore specific date
rsync -av /mnt/backup/immich-photos/20260125_160319/ /home/phil/docker/immich-app/library/

References:

  • vps1-state-25012026.md lines 145-156, 386-396
  • docs/deployment-summary.md lines 375-388

1.2 Remote Backup Storage Mount

Status: ⚠️ RECOMMENDED - Local disk only Risk: Single point of failure Effort: 2-4 hours

Action Required:

  • Choose remote storage option:
    • S3 bucket via s3fs
    • NFS mount
    • SSHFS
    • WebDAV
  • Mount storage to /mnt/backup
  • Update backup script to include Immich photos
  • Test automated backup with remote storage
  • Verify backup completion daily for first week

Current: Backups go to /mnt/backup (local disk) Goal: Remote off-site storage

References:

  • docs/deployment-summary.md lines 363-372
  • vps1-state-25012026.md lines 361-374

Priority 2: Enhanced Authentication 🟡

2.1 SSO Integration (Gitea + Immich)

Status: 📋 Plan created, ready to implement Benefit: Unified authentication across all services Effort: 2.5 hours

Prerequisites:

  • Have Netbird admin credentials ready

Implementation Steps:

Phase 1: Zitadel Configuration (30 min)

  • Login to Zitadel at https://nb.phiiiil.de/ui
  • Create Gitea project and application
  • Save Gitea Client ID and Secret
  • Create Immich project and application
  • Save Immich Client ID and Secret

Phase 2: Gitea Integration (20 min)

  • Login to Gitea at https://git.phiiiil.de (phil / j8bKvIl3AtIp5aTG)
  • Configure OAuth2 in Authentication Sources
  • Enable auto-user creation
  • Test SSO login
  • Verify user account creation

Phase 3: Immich Integration (20 min)

  • Login to Immich at https://immich.phiiiil.de
  • Configure OAuth2 in Settings
  • Enable auto-registration and auto-linking
  • Test SSO login
  • Verify user account creation

Phase 4: Testing & Documentation (1 hour)

  • Test Gitea SSO full flow
  • Test Immich SSO full flow
  • Test cross-service SSO
  • Update documentation with Client IDs (encrypted)
  • Document any issues or workarounds

References:

  • docs/sso-integration-plan.md - Complete implementation guide
  • docs/sso-integration-diagram.txt - Architecture diagrams
  • docs/oidc-integration-guide.md - Original setup guide

Priority 3: System Maintenance 🟢

3.1 Regular Maintenance Tasks

Daily:

  • Check backup completion: tail -f /var/log/vps-backup.log
  • Verify all containers running: docker ps

Weekly:

  • Review fail2ban bans: sudo fail2ban-client status sshd
  • Check disk space: df -h
  • Review container health: docker ps --format "table {{.Names}}\t{{.Status}}"

Monthly:

  • Update container images: 
    cd /home/phil/docker/gitea && docker compose pull
cd /home/phil/docker/netbird && docker compose pull
cd /home/phil/docker/immich-app && docker compose pull
  • Run system updates: sudo apt update && sudo apt upgrade
  • Review banned IPs: sudo fail2ban-client status sshd

Quarterly:

  • Test backup restoration procedures
  • Review and rotate SSH keys if needed
  • Audit firewall rules: sudo ufw status numbered
  • Review and clean old backups (auto-cleanup after 30 days)
  • Review OAuth2 tokens in Zitadel (if SSO implemented)

3.2 Security Review

Next Security Review: 2026-04-25 (3 months)

  • Review all user accounts and access
  • Check for security updates
  • Review Fail2ban effectiveness
  • Audit UFW rules for necessity
  • Review SSL certificate status
  • Check container image vulnerabilities

Priority 4: Optional Enhancements 🔵

4.1 Container Monitoring

Status: Optional enhancement Benefit: Proactive issue detection Effort: 4-6 hours

Options:

  • Set up Prometheus + Grafana
  • Configure health check alerts
  • Set up log aggregation
  • Implement notification system

4.2 Immich External Storage

Status: Optional (backup alternative) Benefit: Direct cloud storage integration Effort: 3-4 hours

Action Required:

  • Research Immich S3 support
  • Configure external storage backend
  • Migrate existing photos
  • Update backup strategy

4.3 Gitea CI/CD Integration

Status: Optional Benefit: Automated testing and deployment Effort: 2-3 hours

Action Required:

  • Explore Gitea Actions
  • Set up runner container
  • Create example workflows
  • Document CI/CD setup

4.4 Additional Applications

Status: Future consideration Effort: Varies

Potential Additions:

  • Password manager (Bitwarden, Vaultwarden)
  • Monitoring dashboard (Uptime Kuma)
  • Media server (Jellyfin, Plex)
  • Wiki (Wiki.js, BookStack)
  • Automation (n8n, Home Assistant)

Quick Reference Commands

Backup Management

# Run backup manually
/home/phil/docker/backup/backup.sh

# Check latest backup
ls -lah /mnt/backup/latest/
cat /mnt/backup/latest/backup-info.txt

# Check backup log
tail -f /var/log/vps-backup.log

Container Management

# View all containers
docker ps

# View container logs
docker logs -f <container_name>

# Restart service
cd /home/phil/docker/<service> && docker compose restart

# Check container health
docker ps --format "table {{.Names}}\t{{.Status}}"

Security

# Firewall status
sudo ufw status numbered

# Fail2ban status
sudo fail2ban-client status sshd

# Check active SSH connections
who

System Resources

# Disk usage
df -h

# Memory usage
free -h

# Container resource usage
docker stats

System Information

Services

Service URL Admin Access Status
Netbird Dashboard https://nb.phiiiil.de Netbird admin Running
Gitea https://git.phiiiil.de phil / j8bKvIl3AtIp5aTG Running
Immich https://immich.phiiiil.de Immich admin Running

Access Credentials

SSH: ssh vps1 (user: phil, key authentication)

Gitea Admin:

  • Username: phil
  • Password: j8bKvIl3AtIp5aTG
  • SSH: git@152.53.119.222:2222

Netbird: Configure via Netbird dashboard Immich: Created during initial setup

Resources

  • Disk: 55GB used of 1TB (6%) - 900GB free
  • RAM: ~2GB used of 15GB - 13GB free
  • Containers: 12 running, 6 healthy

Documentation

  • vps1-state-25012026.md - Current system state and operations
  • vps1-startpoint.md - System analysis and architecture
  • docs/deployment-summary.md - Deployment details and maintenance
  • docs/oidc-integration-guide.md - SSO setup guide
  • docs/sso-integration-plan.md - SSO implementation plan
  • docs/sso-integration-diagram.txt - SSO architecture diagrams
  • vps1-todo.md - This document

Decision Log

2026-01-25: Nextcloud Removed

Decision: Removed Nextcloud due to FastCGI configuration issues Reason: Multiple attempts to fix PHP-FPM and routing failed Alternative: Using Gitea for code, Immich for photos Status: Complete

2025-11-XX: Netbird Deployed

Decision: Deployed Netbird VPN with Zitadel SSO Reason: Centralized user management and VPN access Status: Complete

2025-XX-XX: Immich Deployed

Decision: Deployed Immich for photo management Reason: Self-hosted Google Photos alternative Status: Complete (37GB photos)

Notes

  • All core services are production-ready
  • System is secured with UFW firewall and Fail2ban
  • Automated daily backups configured (databases only)
  • SSL certificates managed automatically by Caddy
  • Regular maintenance is minimal but required
  • Photo backup is the highest priority task

Next Review Date: 2026-02-25 (1 month)

Document Version: 1.0 Created: 2026-01-25 Status: Active

Reference in New Issue View Git Blame Copy Permalink