Init

2025-10-25 20:11:21 +02:00
commit fd37421245
700 changed files with 211892 additions and 0 deletions
--- a/Personal/Areas/Servers/TrueNAS/Recommended
+++ b/Personal/Areas/Servers/TrueNAS/Recommended
@@ -0,0 +1,287 @@
+# Recommended Setup for Your TrueNAS
+
+## Your Situation
+
+- **Hardware:** i7-1065G7, 16GB RAM (plenty of resources)
+- **Domain:** Cloudflare-managed domain
+- **Requirements:**
+  - Gitea for self-hosted Git
+  - Existing Docker stack
+  - External access via Traefik
+  - Separate stacks (good practice!)
+
+---
+
+## Recommended Architecture
+
+### Single Traefik Instance + Multiple Independent Stacks
+
+```
+Internet (Port 80/443)
+    ↓
+Router Port Forwarding
+    ↓
+┌─────────────────────────────┐
+│   Traefik Container         │
+│   - SSL Certificates        │
+│   - Routing                 │
+└──────────┬──────────────────┘
+           │ traefik_proxy network
+    ┌──────┼──────┐
+    ↓      ↓      ↓
+┌───────┐ ┌────────┐ ┌─────────┐
+│ Gitea │ │ Other  │ │ Future  │
+│ Stack │ │ Stack  │ │ Service │
+└───────┘ └────────┘ └─────────┘
+```
+
+**Each stack has its own:**
+- Directory: `/mnt/[pool]/docker/[service-name]/`
+- `docker-compose.yml`
+- Data volumes
+- Can be started/stopped/updated independently
+
+**Shared:**
+- One Traefik instance handles routing for all
+- One `traefik_proxy` network connects everything
+- One SSL certificate manager (via Cloudflare DNS)
+
+---
+
+## Implementation Steps
+
+### 1. Deploy Traefik (Once, First)
+
+**Location:** `/mnt/tank/stacks/traefik/`
+
+**Key features:**
+- Cloudflare DNS challenge for SSL (works even without port 80 exposed)
+- Dashboard at `traefik.yourdomain.com`
+- Automatic SSL renewal
+- HTTP → HTTPS redirect
+
+**See:** [[Traefik Multi-Stack Setup#Step 1]]
+
+### 2. Deploy Gitea Stack
+
+**Location:** `/mnt/tank/stacks/gitea/`
+
+**Connects to:** `traefik_proxy` network (external)
+
+**Exposes:**
+- Port 2222 for SSH (git operations)
+- Port 3000 internally to Traefik (for web UI)
+
+**Accessible at:** `https://git.yourdomain.com`
+
+**See:** [[Traefik Multi-Stack Setup#Step 2]]
+
+### 3. Connect Your Existing Stack
+
+**Modify your existing stack's `docker-compose.yml`:**
+
+1. Add external network reference:
+   ```yaml
+   networks:
+     traefik_proxy:
+       external: true
+   ```
+
+2. Add network to your service:
+   ```yaml
+   services:
+     your-service:
+       networks:
+         - traefik_proxy
+   ```
+
+3. Add Traefik labels:
+   ```yaml
+       labels:
+         - "traefik.enable=true"
+         - "traefik.docker.network=traefik_proxy"
+         - "traefik.http.routers.yourservice.rule=Host(`service.yourdomain.com`)"
+         - "traefik.http.routers.yourservice.entrypoints=websecure"
+         - "traefik.http.routers.yourservice.tls.certresolver=cloudflare"
+         - "traefik.http.services.yourservice.loadbalancer.server.port=INTERNAL_PORT"
+   ```
+
+4. Remove any exposed ports (Traefik handles routing)
+
+**See:** [[Traefik Multi-Stack Setup#Step 3]]
+
+---
+
+## Cloudflare Configuration
+
+### DNS Records
+
+Add A records pointing to your public IP:
+
+```
+git.yourdomain.com      → Your-Public-IP (DNS only, gray cloud)
+traefik.yourdomain.com  → Your-Public-IP (DNS only, gray cloud)
+service.yourdomain.com  → Your-Public-IP (DNS only, gray cloud)
+```
+
+**Important:** Use "DNS only" mode, not proxied (gray cloud, not orange).
+
+### API Credentials
+
+For Traefik to manage SSL certificates via Cloudflare DNS:
+
+**Option 1: API Token (Recommended)**
+1. Cloudflare Dashboard → Profile → API Tokens
+2. Create Token → "Edit zone DNS" template
+3. Zone Resources: Include → Specific zone → yourdomain.com
+4. Use in Traefik: `CF_DNS_API_TOKEN`
+
+**Option 2: Global API Key**
+1. Cloudflare Dashboard → Profile → API Tokens
+2. View Global API Key
+3. Use in Traefik: `CF_API_EMAIL` + `CF_API_KEY`
+
+---
+
+## Router Port Forwarding
+
+One-time setup:
+
+| External Port | Internal Port | Protocol | Target |
+|--------------|---------------|----------|--------|
+| 80 | 80 | TCP | TrueNAS IP |
+| 443 | 443 | TCP | TrueNAS IP |
+| 2222 | 2222 | TCP | TrueNAS IP |
+
+**That's it!** All HTTP/HTTPS traffic goes to Traefik, which routes to the correct service based on domain name.
+
+---
+
+## Directory Structure
+
+Your layout:
+
+```
+/mnt/tank/stacks/
+├── traefik/
+│   ├── docker-compose.yml
+│   ├── traefik.yml
+│   └── letsencrypt/
+│       └── acme.json
+├── gitea/
+│   ├── docker-compose.yml
+│   └── data/
+├── servarr/
+│   ├── docker-compose.yml  (or servarr.yaml)
+│   └── ...
+└── dozzle/  (optional split from servarr)
+    └── docker-compose.yml
+```
+
+---
+
+## Benefits of This Setup
+
+✅ **Independent stacks** - Update Gitea without touching other services
+✅ **One SSL manager** - Traefik handles certificates for all domains
+✅ **Easy to add services** - Just add labels and deploy
+✅ **Clean separation** - Each service in its own directory
+✅ **Professional setup** - Industry-standard architecture
+✅ **Low overhead** - Traefik uses ~30-50MB RAM
+✅ **Cloudflare integration** - DNS challenge works behind CGNAT
+
+---
+
+## Common Operations
+
+### Start Everything
+
+```bash
+# Start Traefik first
+cd /mnt/tank/stacks/traefik
+docker compose up -d
+
+# Then start services in any order
+cd /mnt/tank/stacks/gitea
+docker compose up -d
+
+cd /mnt/tank/stacks/servarr
+docker compose up -d
+```
+
+### Update One Service
+
+```bash
+cd /mnt/tank/stacks/gitea
+docker compose pull
+docker compose up -d
+# Other services unaffected
+```
+
+### Check Status
+
+```bash
+# See all running services
+docker ps
+
+# Check what's connected to Traefik
+docker network inspect traefik_proxy | grep Name
+```
+
+### View Logs
+
+```bash
+# Traefik routing logs
+docker logs traefik -f
+
+# Service logs
+docker logs gitea -f
+```
+
+---
+
+## Timeline Estimate
+
+If you already have:
+- Cloudflare domain
+- Port forwarding access
+- SSH to TrueNAS
+
+**Setup time:**
+- Traefik deployment: 15 minutes
+- Gitea deployment: 10 minutes
+- Connect existing stack: 5 minutes
+- DNS propagation: 5-30 minutes
+- **Total: ~45 minutes to 1 hour**
+
+---
+
+## Next Steps Checklist
+
+- [ ] Get Cloudflare API token/key
+- [ ] SSH into TrueNAS
+- [ ] Verify `/mnt/tank/stacks/` directory structure
+- [ ] Deploy Traefik stack
+- [ ] Configure router port forwarding (80, 443, 2222)
+- [ ] Add DNS records in Cloudflare
+- [ ] Deploy Gitea stack
+- [ ] Modify existing stack to connect to Traefik
+- [ ] Test access to all services via HTTPS
+- [ ] Configure backups
+
+---
+
+## Helpful Documentation
+
+- [[Traefik Multi-Stack Setup]] - Complete multi-stack guide
+- [[Quick Reference]] - Common commands
+- [[Docker Gitea with Traefik]] - Gitea-specific setup details
+
+---
+
+## Notes
+
+- Your i7-1065G7 can easily handle Traefik + Gitea + several other services
+- Expected RAM usage: Traefik (30MB) + Gitea (150MB) = ~200MB total
+- Cloudflare DNS challenge means SSL works even if ISP blocks port 80
+- Each stack can use different databases, networks, etc. without conflicts