fred/homelab-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
homelab-docs/infrastructure/INFRASTRUCTURE-TODO.md

10 KiB
Raw Permalink Blame History

Infrastructure TODO List

Created: 2025-12-29 Last Updated: 2025-12-29 Status: Active development tasks

This document tracks all incomplete infrastructure tasks and future improvements.

Completed Items

1. Fix Home Assistant Public Domain Access

Status: COMPLETED (2025-12-29)

What was done:

  1. Updated Caddy to use HTTPS backend for Home Assistant
  2. Added VPS WireGuard IP (10.0.8.1) to Home Assistant's trusted_proxies
  3. Verified bob.nianticbooks.com is accessible

Result: All 5 public domains now working:

  • freddesk.nianticbooks.com → Proxmox
  • bob.nianticbooks.com → Home Assistant
  • ad5m.nianticbooks.com → 3D Printer
  • auth.nianticbooks.com → Authentik SSO
  • bible.nianticbooks.com → Bible reading plan

2. Deploy RustDesk ID Server

Status: COMPLETED (2025-12-25)

What was deployed:

  1. ID Server (hbbs) on main-pve LXC 123 at 10.0.10.23
  2. Relay Server (hbbr) on VPS at 66.63.182.168:21117
  3. Generated encryption key pair
  4. Verified client connectivity

Result: RustDesk fully operational

  • ID Server (hbbs): 10.0.10.23 ports 21115, 21116, 21118
  • Relay Server (hbbr): VPS port 21117
  • Public Key: sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=
  • Client Configuration: ID Server 66.63.182.168, Key included
  • Version: 1.1.14 (both servers)

Documentation:

  • SERVICES.md - Service inventory and health checks
  • guides/RUSTDESK-DEPLOYMENT-COMPLETE.md - Complete deployment guide

Medium Priority

3. Deploy Prometheus + Grafana Monitoring

Status: DISCOVERED - Already deployed (2025-12-29)

Current State:

  • Location: 10.0.10.25 (responding to ping)
  • Grafana: Port 3000 Running (redirects to /login)
  • Prometheus: Port 9090 Running
  • Deployment Method: TBD (need to investigate)

Remaining Configuration Tasks:

  1. Document deployment method (Docker Compose, systemd, VM/Container type)
  2. Configure PostgreSQL database on 10.0.10.20 for Grafana (if not already done)
  3. Set up Authentik SSO for Grafana
  4. Configure Prometheus monitoring targets:
    • Proxmox nodes (via node_exporter)
    • VPS (WireGuard tunnel metrics)
    • PostgreSQL
    • Home Assistant
    • Other services
  5. Import Grafana dashboards:
    • Proxmox overview
    • PostgreSQL metrics
    • Network metrics
  6. Set up alerting (email/Slack)
  7. Optionally add Caddy public route

Priority: Low-Medium (services running, configuration needed)

Note: This was discovered during the infrastructure audit. The basic services are operational, but monitoring targets and dashboards need configuration.

Low Priority (Cleanup)

4. Remove Deprecated VMs

Objective: Reclaim resources from unused services

Status: ⏸️ Deferred - Non-critical

4.1 Remove Spoolman VM

Current State:

  • IP: 10.0.10.71 (allocated but not in use)
  • Reason: Bambu printer incompatible, service no longer needed

Steps:

  1. Verify no dependencies: pct/qm status <VMID>
  2. Backup if needed: vzdump <VMID> --storage backup
  3. Stop VM/container: pct stop <VMID> or qm stop <VMID>
  4. Delete: pct destroy <VMID> or qm destroy <VMID>
  5. Remove Pangolin route (if exists)
  6. Update IP-ALLOCATION.md to mark 10.0.10.71 as available
  7. Update documentation

Priority: Low

Estimated Time: 15 minutes

4.2 Remove Authelia VM

Current State:

  • IP: 10.0.10.112 (allocated but not in use)
  • Reason: Replaced by Authentik SSO

Steps:

  1. Verify Authentik is working for all services
  2. Backup Authelia config for reference (if needed)
  3. Stop VM/container: pct stop <VMID> or qm stop <VMID>
  4. Delete: pct destroy <VMID> or qm destroy <VMID>
  5. Update IP-ALLOCATION.md to mark 10.0.10.112 as available (or remove from list)
  6. Update documentation

Priority: Low

Estimated Time: 15 minutes

Future Enhancements

5. n8n + Claude Code Advanced Features

Objective: Enhance n8n and Claude Code integration

Status: Basic integration working, advanced features optional

Remaining Optional Tasks (from MIGRATION-CHECKLIST.md 6.4):

  • Session management workflow (UUID generation, multi-turn conversations)
  • Slack integration (Slack → n8n → Claude Code → Slack)
  • Tool deployment with --dangerously-skip-permissions flag
  • Error handling (network disconnect, invalid commands)
  • Resource monitoring during heavy Claude operations
  • Production hardening:
    • SSH timeout configuration
    • Output length limits
    • Logging for Claude executions
    • Error notifications
    • Optional Caddy route for public n8n access (with Authentik SSO)

Reference:

  • MIGRATION-CHECKLIST.md section 6.4
  • N8N-CLAUDE-STATUS.md

Priority: Low (nice-to-have, basic functionality working)

Estimated Time: 2-4 hours for each feature

6. Home Assistant Enhancements

6.1 Configure Local HTTPS Certificates

Objective: Use local CA certificates for internal HTTPS access

Status: ⏸️ Deferred (CA setup complete, deployment pending)

Details:

  • CA already set up (HTTPS-SETUP-STATUS.md from 2025-12-06)
  • Certificates generated for services
  • Need to deploy certificates to Home Assistant and other services

Steps (from HTTPS-SETUP-STATUS.md):

  1. Copy certificates to Home Assistant: 
    scp ~/certs/bob.crt ~/certs/bob.key root@10.0.10.24:/config/ssl/
  2. Update Home Assistant configuration: 
    http:
  ssl_certificate: /config/ssl/bob.crt
  ssl_key: /config/ssl/bob.key
  server_port: 8123
  3. Restart Home Assistant
  4. Trust CA on client devices

Note: Current setup uses local CA certificate. Public domain uses Caddy with Let's Encrypt.

Priority: Low (HTTPS already working with local CA cert)

Estimated Time: 30 minutes

6.2 Integrate More Services with Authentik SSO

Objective: Single sign-on for additional services

Status: 📋 Planned

Completed:

  • Proxmox (all 3 hosts)
  • Grafana (OAuth2 configured)

Not Possible:

  • n8n (requires Enterprise license for OIDC/SSO)

Pending:

  • Home Assistant (complex - requires proxy provider or LDAP)
  • Other services as they're deployed

Priority: Low (manual login acceptable for now)

Estimated Time: 1-2 hours per service

7. Backup Strategy Completion

Objective: Implement full 3-tier backup system

Status: Tier 1 complete, Tier 2-3 planned

Current State (from CLAUDE.md):

  • Tier 1 (Local/OMV NFS): Fully operational
    • PostgreSQL backups: Daily 2:00 AM
    • Proxmox VM/container backups: Daily 2:30 AM
    • Retention: 7 days daily, 4 weeks weekly, 3 months monthly

Remaining Tiers:

  • Tier 2: Off-site external drives (manual rotation)
  • Tier 3: Backblaze B2 cloud storage (automated)

Reference:

  • guides/HOMELAB-BACKUP-STRATEGY.md
  • guides/BACKUP-QUICK-START.md

Priority: Medium (Tier 1 provides good protection, Tier 2-3 for disaster recovery)

Estimated Time: 2-4 hours for Tier 3 cloud setup

8. Monitoring & Alerting

Objective: Proactive monitoring of infrastructure health

Status: 📋 Planned (prerequisite: Prometheus + Grafana deployment)

Components:

  • Service uptime monitoring
  • Resource utilization (CPU, RAM, disk)
  • Network connectivity (WireGuard tunnel status)
  • Backup success/failure alerts
  • Certificate expiration warnings
  • Disk space alerts (OMV storage)

Alerting Methods:

  • Email
  • Slack/Discord webhook
  • Home Assistant notifications

Priority: Medium (blocked by Prometheus deployment)

Estimated Time: 2-3 hours (after Prometheus is deployed)

9. Cleanup and Archive Old Documentation

Objective: Remove or archive outdated status documents

Status: 📋 Pending

Files to Archive or Update:

  1. wireguard-setup-progress.md

    • Status: Outdated (from November 2025)
    • Contains old troubleshooting info that's no longer relevant
    • WireGuard now operational (verified 2025-12-29)
    • Action: Archive to docs/archive/ or delete

  2. HTTPS-SETUP-STATUS.md

    • Status: Partially outdated (from December 6, 2025)
    • CA setup complete, but local cert deployment not done
    • Services using Caddy with Let's Encrypt for public access
    • Action: Archive or update with current HTTPS status

  3. N8N-CLAUDE-STATUS.md

    • Status: Partially outdated
    • Basic integration complete
    • Many "TODO" items that are now optional
    • Action: Archive or consolidate into SERVICES.md

Priority: Low

Estimated Time: 30 minutes

Documentation Maintenance

10. Keep Documentation Updated

Objective: Maintain accurate infrastructure documentation

Regular Tasks:

  • Update SERVICES.md when services change
  • Update IP-ALLOCATION.md for new devices
  • Update MIGRATION-CHECKLIST.md for completed phases
  • Update INFRASTRUCTURE-TODO.md (this file) as tasks are completed
  • Update CLAUDE.md when architecture changes

Frequency: As changes occur

Priority: Ongoing

Quick Reference: IP Addresses Still Available

Reserved but Unused (Available for new services):

  • 10.0.10.6-9 (infrastructure expansion)
  • 10.0.10.11-12, 10.0.10.14-19 (management)
  • 10.0.10.23 (RustDesk - planned)
  • 10.0.10.25 (Prometheus/Grafana - planned)
  • 10.0.10.26 (production services)
  • 10.0.10.28 (was ESPHome - now runs as HA add-on, IP available)
  • 10.0.10.31-39 (IoT devices)
  • 10.0.10.41-49 (utility services)

To Be Reclaimed (after cleanup):

  • 10.0.10.71 (Spoolman - to be removed)
  • 10.0.10.112 (Authelia - to be removed)

Notes

  • All critical infrastructure is operational (verified 2025-12-29)
  • WireGuard tunnel stable and functional
  • Public domains working (except Home Assistant HTTPS backend)
  • PostgreSQL shared database serving multiple services
  • Authentik SSO integrated with Proxmox cluster
  • Automated backups operational (Tier 1 local/NFS)

Next High-Value Tasks:

  1. Fix Home Assistant public domain - COMPLETED
  2. Discover/Document Prometheus + Grafana - COMPLETED
  3. Discover/Document RustDesk - COMPLETED
  4. Configure Prometheus monitoring targets and Grafana dashboards
  5. Cleanup deprecated VMs (Spoolman, Authelia)

Last Updated: 2025-12-29 Updated By: Fred (with Claude Code)

Reference in New Issue View Git Blame Copy Permalink