- scripts/backup-volumes.sh: tar each named volume via alpine, rsync to
SAMURAI (Tailscale 100.74.x.x) at 02:00; 7-day retention; preflight
checks Tailscale + SSH before starting
- scripts/setup-samurai-ssh.sh: one-time SSH key install to SAMURAI
- scripts/monk-backup.{service,timer}: systemd units for nightly schedule
- docs/backup-setup.md: full setup instructions incl. Windows OpenSSH
config and admin authorized_keys fix
Phase 2 (MinIO S3 on SAMURAI) tracked as TODO in backup-volumes.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- linux.md: redact sudo password from grep example
- networking.md: update nine→eleven service count in summary
- 01-what-you-need.md: redact real VPS IP from example
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Strip all CompTIA A+ references, exam dates, and deadlines from the
project-facing documentation. Certifications roadmap now starts at CCNA,
learning path phases renumbered, interview prep updated accordingly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Complete documentation suite for KiteStacks covering all 11 services across
2-host active-active architecture. Includes beginner track (with AI, 8 files)
and advanced track (without AI, 7 files) with time estimates, real troubleshooting
cases, and command-by-command explanations. Updates certifications roadmap to
reflect July 7 2026 A+ Core 2 exam goal.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove hardcoded TUNNEL_TOKEN from cloudflared docker-compose.yml
(now reads from .env via ${TUNNEL_TOKEN:?...})
- Delete backup file that contained raw token
- Add .env.example template for cloudflared
- Add scripts/rollout-cloudflared-token.sh for token rotation
- Add apps/kitestacks-portal/public/flux/index.html (FluxCD status page)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Moved homelab-mastery repo content into homelab-mastery/ subdirectory.
Covers architecture, concepts, certifications, interview-prep, and learning-path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Redact all remaining IPv4 addresses, port numbers, and credential values
from RUNBOOK.md, AUTHENTIK.md, and authentik-sso-setup.md. Replace with
descriptive placeholders (<IP_REDACTED>, <port>, <REDACTED>, etc.).
Docker image version tags (postgres:16, forgejo:11, etc.) preserved.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace all production IPs (public, LAN, Tailscale), host port bindings,
and hardcoded passwords/secrets across RUNBOOK.md, docs/, and projects/
with descriptive placeholders (<KSCLOUD1_PUBLIC_IP>, <port>,
<KSCLOUD1_SUDO_PASSWORD>, etc.) so no sensitive infrastructure details
are committed to the repository.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces the stub runbook with a comprehensive setup guide covering the
entire KiteStacks homelab from scratch — monk (primary host), kscloud1
(Hetzner cloud replica), Cloudflare Tunnel, Tailscale mesh, shared
Authentik Postgres+Redis, all 9 services with full compose configs,
Authentik SSO for every app, kscloud1 replica deployment, portal UI,
monitoring, Discord integration, and a full verification checklist.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
