{"id":28904745,"url":"https://github.com/ansh-info/homelab","last_synced_at":"2026-04-02T18:03:40.319Z","repository":{"id":299509094,"uuid":"1003263384","full_name":"ansh-info/homelab","owner":"ansh-info","description":"Personal homelab setup for managing self-hosted services, media, and infrastructure. Continuously evolving with a focus on automation and local-first deployment.","archived":false,"fork":false,"pushed_at":"2026-03-24T08:51:19.000Z","size":164,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-25T10:47:42.066Z","etag":null,"topics":["ansible","automation","devops","docker","docker-compose","gitops","homelab","kubernetes","self-hosting","tailscale","terraform","vpn"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansh-info.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-16T22:04:31.000Z","updated_at":"2026-03-24T08:51:09.000Z","dependencies_parsed_at":"2025-07-23T23:17:50.021Z","dependency_job_id":"a28a0eec-c8ac-40ca-8939-06c75805e930","html_url":"https://github.com/ansh-info/homelab","commit_stats":null,"previous_names":["ansh-info/homelab"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/ansh-info/homelab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansh-info%2Fhomelab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansh-info%2Fhomelab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansh-info%2Fhomelab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansh-info%2Fhomelab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansh-info","download_url":"https://codeload.github.com/ansh-info/homelab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansh-info%2Fhomelab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31312744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","devops","docker","docker-compose","gitops","homelab","kubernetes","self-hosting","tailscale","terraform","vpn"],"created_at":"2025-06-21T13:02:04.623Z","updated_at":"2026-04-02T18:03:40.303Z","avatar_url":"https://github.com/ansh-info.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# homelab\n\n[![Validate Docker Compose Stacks](https://github.com/ansh-info/homelab/actions/workflows/docker-compose-validate.yml/badge.svg)](https://github.com/ansh-info/homelab/actions/workflows/docker-compose-validate.yml)\n[![Validate AeroSpace Config](https://github.com/ansh-info/homelab/actions/workflows/validate-aerospace-config.yml/badge.svg)](https://github.com/ansh-info/homelab/actions/workflows/validate-aerospace-config.yml)\n[![Release](https://github.com/ansh-info/homelab/actions/workflows/release.yml/badge.svg)](https://github.com/ansh-info/homelab/actions/workflows/release.yml)\n\n![🦞 OpenClaw](https://img.shields.io/badge/%F0%9F%A6%9E%20OpenClaw-Deployed-2f855a?style=flat-square)\n![Portainer](https://img.shields.io/badge/Portainer-Deployed-13BEF9?style=flat-square\u0026logo=portainer\u0026logoColor=white)\n![Nginx Proxy Manager](https://img.shields.io/badge/Nginx%20Proxy%20Manager-Deployed-F15833?style=flat-square\u0026logo=nginxproxymanager\u0026logoColor=white)\n![Pi-hole](https://img.shields.io/badge/Pi--hole-Deployed-96060C?style=flat-square\u0026logo=pi-hole\u0026logoColor=white)\n![Tailscale](https://img.shields.io/badge/Tailscale-Private%20Access-1A73E8?style=flat-square\u0026logo=tailscale\u0026logoColor=white)\n![📷 Immich](https://img.shields.io/badge/%F0%9F%93%B7%20Immich-Deployed-4250AF?style=flat-square)\n![Nextcloud](https://img.shields.io/badge/Nextcloud-Deployed-0082C9?style=flat-square\u0026logo=nextcloud\u0026logoColor=white)\n![Jellyfin](https://img.shields.io/badge/Jellyfin-Deployed-5A2D81?style=flat-square\u0026logo=jellyfin\u0026logoColor=white)\n![🗼 Watchtower](https://img.shields.io/badge/%F0%9F%97%BC%20Watchtower-Deployed-4169E1?style=flat-square)\n![Docker](https://img.shields.io/badge/Docker-Compose%20Stacks-2496ED?style=flat-square\u0026logo=docker\u0026logoColor=white)\n\nThis repository is the source of truth for rebuilding and operating my personal homelab. It documents the host layout, Portainer-managed Docker stacks, private networking model, storage paths, and service-to-service dependencies that make the environment work.\n\nThe system is private-first. Services are not published individually to the internet. They are reached through Tailscale, resolved by Pi-hole, and routed by Nginx Proxy Manager over a shared Docker network.\n\n## Architecture Summary\n\nThe core request flow is:\n\n1. A client joins the tailnet through Tailscale.\n2. Pi-hole resolves `*.homelab.ansh-info.com` to the homelab Tailscale IP.\n3. The client connects to the homelab host on `80` or `443`.\n4. Nginx Proxy Manager reads the hostname and forwards traffic to the correct container on the shared `proxy` network.\n5. The target service responds from its internal container port.\n\n```mermaid\nflowchart LR\n    Client[Tailscale Client] --\u003e DNS[Pi-hole DNS]\n    DNS --\u003e|*.homelab.ansh-info.com -\u003e Tailscale IP| Host[homelab host]\n    Host --\u003e NPM[Nginx Proxy Manager]\n    NPM --\u003e ProxyNet[Docker proxy network]\n    ProxyNet --\u003e Apps[App containers]\n```\n\nCore platform components:\n\n- `Tailscale` for private network access\n- `Pi-hole` for internal DNS and wildcard local records\n- `Nginx Proxy Manager` for hostname-based routing and TLS\n- `Docker` plus `Portainer` for stack deployment and operations\n- Shared external Docker network `proxy` for reverse-proxied services\n\n## Current Stack Layout\n\nThe main service definitions live under [docker-compose](docker-compose):\n\n- [docker-compose/pihole/docker-compose.yml](docker-compose/pihole/docker-compose.yml)\n- [docker-compose/nginx-proxy-manager/docker-compose.yml](docker-compose/nginx-proxy-manager/docker-compose.yml)\n- [docker-compose/jellyfin-arr-stack/docker-compose.yml](docker-compose/jellyfin-arr-stack/docker-compose.yml)\n- [docker-compose/immich/docker-compose.yml](docker-compose/immich/docker-compose.yml)\n- [docker-compose/nextcloud-aio/docker-compose.yml](docker-compose/nextcloud-aio/docker-compose.yml)\n- [docker-compose/openclaw/docker-compose.yml](docker-compose/openclaw/docker-compose.yml)\n- [docker-compose/watchtower/docker-compose.yml](docker-compose/watchtower/docker-compose.yml)\n\nAdditional repo content includes dotfiles, editor config, and utility scripts, but the homelab deployment path is centered on the compose files above.\n\n## Rebuild Order\n\nUse this order when rebuilding the machine from scratch:\n\n1. Prepare the Linux host, storage mounts, and baseline packages.\n2. Install Docker and Portainer.\n3. Install Tailscale and join the machine to the tailnet.\n4. Apply firewall rules for the private ingress model.\n5. Create the shared external Docker network `proxy`.\n6. Prepare stack directories, persistent volumes, and environment files.\n7. Deploy Pi-hole.\n8. Deploy Nginx Proxy Manager.\n9. Restore or recreate internal DNS and proxy host configuration.\n10. Deploy application stacks such as Jellyfin/Arr, Immich, Nextcloud AIO, OpenClaw, and Watchtower.\n11. Run end-to-end verification for DNS, proxy routing, and service health.\n\n## Documentation Map\n\nStart here for the detailed rebuild docs:\n\n- [docs/README.md](docs/README.md)\n- [docs/SETUP.md](docs/SETUP.md)\n- [docs/NETWORKING.md](docs/NETWORKING.md)\n- [docs/CLOUDFLARE.md](docs/CLOUDFLARE.md)\n- [docs/OPERATIONS.md](docs/OPERATIONS.md)\n- [docs/VARIABLES.md](docs/VARIABLES.md)\n- [docs/stacks/portainer.md](docs/stacks/portainer.md)\n- [docs/stacks/pihole.md](docs/stacks/pihole.md)\n- [docs/stacks/nginx-proxy-manager.md](docs/stacks/nginx-proxy-manager.md)\n- [docs/stacks/jellyfin-arr-stack.md](docs/stacks/jellyfin-arr-stack.md)\n- [docs/stacks/immich.md](docs/stacks/immich.md)\n- [docs/stacks/nextcloud-aio.md](docs/stacks/nextcloud-aio.md)\n- [docs/stacks/openclaw.md](docs/stacks/openclaw.md)\n- [docs/stacks/watchtower.md](docs/stacks/watchtower.md)\n\n## Repository Layout\n\n- [docker-compose](docker-compose): Portainer stack definitions and service-specific compose files\n- [utils](utils): helper scripts\n- [docs](docs): rebuild and operations documentation\n\n## Operating Model\n\n- Primary deployment workflow: `Portainer stacks`\n- Secondary fallback workflow: `docker compose` and direct `docker` CLI commands for inspection and recovery\n- Internal DNS pattern: wildcard records under `*.homelab.ansh-info.com`\n- Access pattern: Tailscale only, with `53`, `80`, and `443` allowed on `tailscale0`\n\n## Status\n\n- Core private ingress path is working through Tailscale, Pi-hole, and NPM.\n- Major services are defined as separate compose stacks for easier redeploy and troubleshooting.\n- Documentation is being rewritten to make rebuilds deterministic and repeatable.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansh-info%2Fhomelab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansh-info%2Fhomelab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansh-info%2Fhomelab/lists"}