phil/vps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e1a528a5eed9be8d25d1f2a0ebccad7fa666b22
vps/vps1-startpoint.md
service 1e1a528a5e Initial commit: VPS setup documentation 
Add comprehensive documentation for VPS setup and configuration including:
- Project instructions
- VPS1 starting point configuration
- VPS1 current state documentation
- VPS1 todo list

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-26 07:43:24 +01:00

10 KiB
Raw Blame History

VPS1 Analysis - vps1.phiiiil.de

Generated: 2025-01-25 Last Updated: 2026-01-25 Target Host: vps1.phiiiil.de (152.53.119.222)

System Overview

Hardware & OS

  • OS: Debian GNU/Linux 12 (bookworm)
  • Kernel: Linux 6.1.0-40-arm64 (ARM64 architecture)
  • CPU: aarch64
  • RAM: 15GB total, ~13GB available
  • Swap: 975MB
  • Disk: 1TB (1006GB), 55GB used (6%), ~900GB free

Network

  • Public IP: 152.53.119.222/22
  • Interface: enp7s0 (46:50:f9:68:52:91)
  • DNS: 46.38.225.230, 46.38.252.230
  • Domain: phiiiil.de with subdomains pointing to this host

Docker Installation

  • Docker Engine: 20.10.24+dfsg1
  • Docker Compose: v5.0.2
  • Service Status: Active (running since Nov 11, 2025)
  • Docker Networks:
    • bridge (default)
    • netbird_netbird - Shared network for all services
    • immich_default - Immich containers
    • host (for Coturn TURN server)

Running Services

Netbird VPN (8 containers)

Status: Running (healthy)

Container Image Purpose Network
netbird-zitadel-1 zitadel:v2.64.1 Identity Provider (OIDC) netbird_netbird
netbird-caddy-1 caddy:latest Reverse Proxy (80/443) netbird_netbird, immich_default
netbird-management-1 management:latest Management API netbird_netbird
netbird-coturn-1 coturn:latest TURN/STUN Relay host
netbird-zdb-1 postgres:16-alpine Zitadel DB netbird_netbird
netbird-signal-1 signal:latest Signal Service netbird_netbird
netbird-dashboard-1 dashboard:latest Web UI netbird_netbird
netbird-relay-1 relay:latest Relay Service netbird_netbird

Features:

  • VPN management and user authentication
  • Centralized SSO via Zitadel
  • Caddy reverse proxy for all services
  • Automatic SSL certificate management

Immich (4 containers)

Status: Running (healthy)

Container Image Purpose Ports
immich_server immich-server:release Main application 2283:2283
immich_machine_learning immich-machine-learning:release ML/AI features -
immich_postgres postgres:14-vector Database (healthy) -
immich_redis valkey:8-bookworm Cache (healthy) -

Important: Immich contains 34,694 files (39GB) of photos - Automated daily backup at 04:00

Gitea (2 containers)

Status: Running (healthy)

Container Image Purpose Ports
gitea gitea/gitea:latest Git hosting 3000/tcp, 2222:22
gitea-db postgres:16-alpine Database (healthy) 5432/tcp

Configuration:

  • Admin: User phil created
  • Database: PostgreSQL with strong password
  • SSH: Port 2222
  • Network: netbird_netbird
  • Registration: Disabled (private instance)

Docker Compose Projects

1. Netbird + Caddy

Location: /home/phil/docker/netbird/

Files:

  • docker-compose.yml - Main compose file
  • Caddyfile - Reverse proxy configuration for all services
  • dashboard.env, relay.env, zitadel.env, zdb.env - Environment configs
  • management.json - Management configuration
  • turnserver.conf - Coturn TURN server config
  • machinekey/ - Zitadel machine keys

Caddy Configuration:

  • nb.phiiiil.de:443 - Netbird Dashboard & API
  • git.phiiiil.de:443 - Gitea reverse proxy
  • immich.phiiiil.de:443 - Immich reverse proxy
  • Security headers applied to all routes
  • Automatic SSL certificates via Let's Encrypt

Exposed Ports: 80/tcp, 443/tcp, 443/udp

2. Immich

Location: /home/phil/docker/immich-app/

Files:

  • docker-compose.yml - Compose file (4 services)
  • .env - Environment configuration
  • library/ - Photo storage (34,694 files, 39GB) Backed up daily
  • postgres/ - Database files

Configuration:

  • Upload location: ./library
  • Database location: ./postgres
  • Timezone: Europe/Berlin
  • Exposed port: 2283 (internal)
  • Backup: Automated daily at 04:00 using rsync

3. Gitea

Location: /home/phil/docker/gitea/

Files:

  • docker-compose.yml - Compose file (2 services)
  • .env - Database password

Configuration:

  • Domain: git.phiiiil.de
  • Database: PostgreSQL 16
  • SSH port: 2222
  • Network: netbird_netbird (shared)
  • User registration disabled

Docker Volumes

Volume Purpose Associated Containers
gitea_gitea_db_data Gitea PostgreSQL data gitea-db
gitea_gitea_data Gitea application data gitea
immich_model-cache ML model caching immich-machine-learning
netbird_netbird_caddy_data Caddy SSL certificates netbird-caddy-1
netbird_netbird_management Netbird management data netbird-management-1
netbird_netbird_zdb_data Zitadel PostgreSQL netbird-zdb-1
netbird_netbird_zitadel_certs Zitadel certificates netbird-zitadel-1

Current Architecture

                    ┌─────────────────────────────────────┐
                    │       vps1.phiiiil.de (152.53...)    │
                    │         Debian 12 (ARM64)            │
                    │         UFW + Fail2ban               │
                    └─────────────────────────────────────┘
                                       │
            ┌──────────────────────────┼──────────────────────────┐
            │                          │                          │
    ┌───────▼────────┐       ┌────────▼────────┐      ┌────────▼────────┐
    │  Netbird VPN   │       │    Immich       │      │     Gitea      │
    │  + Caddy       │       │  (3 containers) │      │  (2 containers) │
    │  (8 containers)│       │                 │      │                 │
    │                │       │ - Server (2283) │      │ - App (3000)    │
    │ - Caddy (443)  │       │ - ML            │      │ - SSH (2222)   │
    │ - Management   │       │ - PostgreSQL    │      │ - PostgreSQL   │
    │ - Dashboard    │       │ - Redis         │      │                 │
    │ - Zitadel      │       │ - 37GB photos   │      │                 │
    │ - Signal/Relay │       │                 │      │                 │
    └────────────────┘       └─────────────────┘      └─────────────────┘
            │                          │                          │
    nb.phiiiil.de          immich.phiiiil.de          git.phiiiil.de
    (reverse proxy)         (via Caddy)                (via Caddy)

Security Status

Configured

  • UFW Firewall: Active and configured
    • Only necessary ports exposed (22, 80, 443, 2283, 2222)
    • Default deny incoming policy
  • Fail2ban: Active protecting SSH
    • Currently blocking 6 IPs
    • 3 strikes = 1 hour ban
  • Security Headers: All domains have HSTS, X-Frame-Options, CSP
  • SSH: Key authentication only (no password)
  • Backups: Automated daily backups (databases + photos)

⚠️ Important

  • Immich photos (39GB) - Automated backup implemented (04:00)
  • Remote backup storage recommended (mount to /mnt/backup)
  • OIDC SSO integration plan created (ready to configure)

System Administration

SSH Access

  • User: phil
  • Config: ~/.ssh/config (Host vps1)
  • Key: ~/.ssh/id_rsa (RSA)
  • Connection: ssh vps1

Docker Management

  • All compose projects in /home/phil/docker/
  • Use docker compose (v5) for management
  • Docker service enabled and running

Automated Backups

Database Backup (02:00):

  • Script: /home/phil/docker/backup/backup.sh
  • Location: /mnt/backup/latest/
  • Retention: 30 days
  • Log: /var/log/vps-backup.log

Photo Backup (04:00) NEW:

  • Script: /home/phil/docker/backup/backup-immich-photos.sh
  • Location: /mnt/backup/immich-photos/latest/
  • Retention: 30 days
  • Log: /var/log/immich-photo-backup.log

Cron Jobs

  • 0 2 * * * /home/phil/docker/backup/backup.sh >> /var/log/vps-backup.log 2>&1
  • 0 4 * * * /home/phil/docker/backup/backup-immich-photos.sh >> /var/log/immich-photo-backup.log 2>&1

System Resources

Disk Usage

  • Total: 1TB (1006GB)
  • Used: 92GB (10%)
  • Available: 863GB
  • Critical Data:
    • Immich photos: 39GB in /home/phil/docker/immich-app/library/ Backed up
    • Photo backup: 39GB in /mnt/backup/immich-photos/
    • Databases: ~83MB total

Memory

  • Total: 15GB
  • Used: ~2GB
  • Available: ~13GB

Services Status

  • Total Containers: 12
  • Healthy: 6 (with health checks)
  • All Running: Yes

Access URLs

Service URL Credentials
Netbird Dashboard https://nb.phiiiil.de Configure in Netbird
Immich https://immich.phiiiil.de Create admin account
Gitea https://git.phiiiil.de User: phil / Password: j8bKvIl3AtIp5aTG
Git via SSH git@152.53.119.222:2222 Use Gitea credentials

Documentation Files

  • vps1-state-25012026.md - Current system state and operational guide
  • vps1-todo.md - Action items and maintenance tasks
  • docs/deployment-summary.md - Deployment details and maintenance tasks
  • docs/oidc-integration-guide.md - How to configure SSO with Netbird Zitadel
  • docs/sso-integration-plan.md - Complete SSO implementation plan (NEW)
  • docs/sso-integration-diagram.txt - SSO architecture diagrams (NEW)
  • docs/immich-backup-implementation.md - Photo backup implementation (NEW)

Next Steps

All core services are operational with complete backup coverage. Optional enhancements:

  1. Remote backup storage - Mount storage to /mnt/backup for off-site backups
  2. OIDC SSO - Configure Gitea/Immich with Netbird Zitadel (plan created)
  3. Monitoring - Set up container health monitoring

Last Updated: 2026-01-25 Status: Production Ready

Reference in New Issue View Git Blame Copy Permalink