{"id":41814564,"url":"https://github.com/henkvanhoek/sovereign-stack","last_synced_at":"2026-02-22T18:00:59.670Z","repository":{"id":332399862,"uuid":"1132346611","full_name":"HenkVanHoek/sovereign-stack","owner":"HenkVanHoek","description":"A security-hardened, privacy-first Docker stack for Raspberry Pi 5 with NVMe. Reclaim your digital sovereignty with Nextcloud, Home Assistant \u0026 more.","archived":false,"fork":false,"pushed_at":"2026-02-15T10:38:13.000Z","size":310,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-15T16:19:30.913Z","etag":null,"topics":["adguard-home","automation","decentralization","digital-sovereignty","docker-compose","forgejo","frigate","home-assistant","nextcloud","nginx-proxy-manager","nvme-ssd","portainer","privacy-first","prosody","raspberry-pi-5","security-hardened","self-hosting","step-ca","vaultwarden"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HenkVanHoek.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-11T19:39:40.000Z","updated_at":"2026-02-15T10:38:17.000Z","dependencies_parsed_at":"2026-02-22T18:00:32.424Z","dependency_job_id":null,"html_url":"https://github.com/HenkVanHoek/sovereign-stack","commit_stats":null,"previous_names":["henkvanhoek/sovereign-stack"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/HenkVanHoek/sovereign-stack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HenkVanHoek%2Fsovereign-stack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HenkVanHoek%2Fsovereign-stack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HenkVanHoek%2Fsovereign-stack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HenkVanHoek%2Fsovereign-stack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HenkVanHoek","download_url":"https://codeload.github.com/HenkVanHoek/sovereign-stack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HenkVanHoek%2Fsovereign-stack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29721044,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-22T15:10:41.462Z","status":"ssl_error","status_checked_at":"2026-02-22T15:10:04.636Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adguard-home","automation","decentralization","digital-sovereignty","docker-compose","forgejo","frigate","home-assistant","nextcloud","nginx-proxy-manager","nvme-ssd","portainer","privacy-first","prosody","raspberry-pi-5","security-hardened","self-hosting","step-ca","vaultwarden"],"created_at":"2026-01-25T07:11:44.682Z","updated_at":"2026-02-22T18:00:59.653Z","avatar_url":"https://github.com/HenkVanHoek.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sovereign-stack: The Sovereign Blueprint\n\nThe **sovereign-stack** is a project dedicated to regaining digital autonomy by hosting essential services on a local Raspberry Pi 5. It is a robust, privacy-first infrastructure blueprint designed for those who believe that data sovereignty is a fundamental right.\n\nThis stack is a **complete replacement for proprietary ecosystems**. By deploying this blueprint, you can replace centralized communication tools with your own **Matrix (Synapse)** infrastructure (hosted externally), and transition away from **Microsoft 365** or **Google Workspace** by utilizing **Nextcloud** with **Collabora Online**.\n\n\u003e **Current Version:** v4.2.0 (See [version.py](./version.py) for the Single Source of Truth).\n\n---\n\n## 1. Core Vision \u0026 Philosophy\n* **Autonomy:** Reducing dependency on centralized \"Big Tech\" clouds.\n* **Privacy:** Keeping community and personal data (GDPR) within your own physical walls.\n* **Discovery:** Automated infrastructure mapping to ensure your asset inventory is always accurate.\n\n---\n\n## 2. The Sovereign Service Suite\nThe stack is a curated collection of services, optimized to run harmoniously on the Raspberry Pi 5.\n\n### Core Infrastructure \u0026 Asset Management\n| Service | Role | Purpose |\n| :--- | :--- | :--- |\n| **[Nextcloud](https://nextcloud.com/)** | Cloud Hub | File sync, contacts, calendar, and collaborative office. |\n| **[NetBox](https://netboxlabs.com/)** | IPAM \u0026 DCIM | **Single Source of Truth:** Manages IP addresses, VMs, and device racking. |\n| **[Infra Scanner]** | Discovery | **New in v4.2.0:** Automated SSH-based discovery of Docker containers, VMs, and OctoPrint. |\n| **[Nginx Proxy Manager]** | Reverse Proxy | Manages SSL and secure traffic routing for internal/external nodes. |\n\n### Specialized \u0026 Home Services\n| Service | Role | Purpose |\n| :--- | :--- | :--- |\n| **[Home Assistant]** | Automation Core | Local control of IoT devices and energy management. |\n| **[Frigate]** | NVR / AI | Real-time local object detection for CCTV. |\n| **[OctoPrint]** | 3D Printing | Native discovery support for 3D printer fleet management. |\n| **[AdGuard Home]** | DNS \u0026 Ad-block | Network-wide privacy-focused DNS (DoH/DoT). |\n\n---\n\n## 3. Project Structure (v4.2.0 Additions)\n\n| File / Directory | Purpose |\n| :--- | :--- |\n| `version.py` | **Central Versioning:** The primary version declaration for the entire stack. |\n| `infra_scanner.py` | **Discovery Engine:** SSH-based scanner for infrastructure inventory. |\n| `Dockerfile.infra_scanner` | **High-Speed Build:** Uses `uv` for near-instant Python dependency management. |\n| `inventory.json.example` | Template for your host metadata and multiline comments. |\n| `credentials.json.example` | Template for SSH authentication secrets (Separated from metadata). |\n| `check_env_consistency.sh` | **Audit Tool:** Ensures parity between .env, .env.example, and validation logic. |\n| `seed_netbox.py` | Utility to initialize NetBox with default Sovereign Stack types. |\n\n---\n\n## 4. Operational Standards\nTo maintain stability across the 40+ devices in the Sovereign ecosystem, we adhere to strict standards:\n\n1.  **Versioning:** Never hardcode version numbers in script headers; always import from `version.py`.\n2.  **YAML Formatting:** Use **2 spaces** for indentation and **double quotes** for all passwords.\n3.  **Python Linting:** Code must follow `.editorconfig` rules, including an **88-character** maximum line length.\n4.  **Separation of Concerns:** Keep host metadata in `inventory.json` and secrets in `credentials.json`.\n\n---\n\n## 5. Safety Guards (Sovereign Security)\n* **The Gatekeeper:** `verify_env.sh` validates all 56 mandatory environment variables before any service starts.\n* **Active Defense:** **Fail2ban** is reactivated to protect the stack against brute-force attacks.\n* **Environment Guard:** `check_env_consistency.sh` prevents \"variable drift\" between example files and live settings.\n\n---\n\n*This documentation is part of the **Sovereign Stack** project.\nCopyright (c) 2026 Henk van Hoek. Licensed under the [GNU GPL-3.0 License](LICENSE).*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhenkvanhoek%2Fsovereign-stack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhenkvanhoek%2Fsovereign-stack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhenkvanhoek%2Fsovereign-stack/lists"}