kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

merge into: kenpat:master
Branches Tags
kenpat:main
kenpat:master
...
pull from: kenpat:main
Branches Tags
kenpat:main
kenpat:master

No commits in common. "master" and "main" have entirely different histories.
master ... main

2971 changed files with 521052 additions and 1014 deletions
Download patch file Download diff file Expand all files Collapse all files

77
.forgejo/workflows/ci.yml Normal file
View file

@ -0,0 +1,77 @@
name: KiteStacks CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
# ── Lint Docker Compose files ──────────────────────────────────────────────
compose-lint:
name: Validate compose files
runs-on: docker
container:
image: docker:27-cli
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install docker compose plugin
run: apk add --no-cache docker-cli-compose
- name: Validate all compose files
run: |
find apps -name "docker-compose.yml" | while read f; do
echo "Checking $f ..."
docker compose -f "$f" config --quiet && echo " OK"
done
# ── Secret leak detection ──────────────────────────────────────────────────
secrets-check:
name: Check for accidental secrets
runs-on: docker
container:
image: alpine:3.20
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Scan for plaintext secrets patterns
run: |
# Fail if any committed file contains common secret patterns
# Add false-positive exclusions via .secretsignore if needed
FAIL=0
check() {
local pattern="$1"
local label="$2"
if git grep -qiP "${pattern}" -- ':!*.md' ':!docs/' ':!.forgejo/' 2>/dev/null; then
echo "FAIL: possible ${label} found"
git grep -ilP "${pattern}" -- ':!*.md' ':!docs/' ':!.forgejo/'
FAIL=1
fi
}
check 'password\s*=\s*["\x27][^"\x27]{8,}' "plaintext password"
check 'secret_?key\s*=\s*["\x27][A-Za-z0-9+/]{32,}' "hardcoded secret key"
check 'TUNNEL_TOKEN\s*=\s*ey' "Cloudflare tunnel token"
check '-----BEGIN.*PRIVATE KEY-----' "private key"
exit ${FAIL}
# ── Shell script checks ────────────────────────────────────────────────────
shellcheck:
name: Shellcheck scripts
runs-on: docker
container:
image: koalaman/shellcheck-alpine:stable
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run shellcheck
run: |
find scripts -name "*.sh" -exec shellcheck {} +

7
.gitignore vendored Normal file
View file

@ -0,0 +1,7 @@
# Runtime/container data - do not track live databases or generated app state
apps/**/postgres/
apps/**/db/
apps/**/data/
apps/grafana/data/
apps/karakeep/

BIN
.kitestacks_check.py.swp
View file

Binary file not shown.

19036
CHANGELOG.md Normal file
View file

File diff suppressed because it is too large Load diff

209
DEBUG-DOCUMENTATION.md Normal file
View file

@ -0,0 +1,209 @@
# KiteStacks Homelab — Problems We've Seen and How We Fixed Them
Newest problems at the top.
---
## 2026-06-18 — Can't SSH into kscloud1
**What happened:** Trying to connect to the cloud machine (kscloud1) gave a
"Permission denied" error. The SSH key was missing from the machine.
**How we found it:** The error message said `publickey,password` — meaning it tried
the SSH key first and then tried a password, both failed.
**How we fixed it:**
1. Used Hetzner's browser console (like a TV remote for the server) to log in as root
2. Served the SSH public key from monk as a temporary download:
```bash
# On monk — share the key file over a mini web server
cat ~/.ssh/id_ed25519_kscloud1.pub > ~/key.txt
python3 -m http.server 7777 --directory ~/
```
3. Downloaded it from the Hetzner console:
```bash
curl http://MONK_TAILSCALE_IP:7777/key.txt > /root/.ssh/authorized_keys
```
4. If the machine had root SSH login disabled:
```bash
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
systemctl restart ssh
```
**Why this works:** The Hetzner console bypasses SSH entirely — it's like plugging a
keyboard and monitor directly into the server. So even when SSH is broken, you can still
type commands.
---
## 2026-06-18 — BookStack Login Said "An Error Occurred"
**What happened:** Clicking "Login with Authentik" on the wiki showed a generic error.
No details, no clues — just "An unknown error occurred."
**Why it happened (three problems at once):**
**Problem 1 — Missing setting in BookStack**
BookStack needs `OIDC_ISSUER_DISCOVER=true` to automatically find all the login
endpoints from Authentik. Without it, BookStack can't verify login tokens.
**Problem 2 — Authentik was using the wrong login URL format**
Authentik can either use one shared URL for all apps or a unique URL per app.
BookStack expects a per-app URL. When the wrong type was set, BookStack tried to
download login instructions from a URL that returned an HTML page instead of data,
and then crashed trying to read it.
**Problem 3 — File permission error hidden by BookStack**
Running a setup command inside the BookStack container as root created some folders
that only root could write to. When the normal BookStack process tried to save
a login session, it couldn't — and BookStack showed a generic error instead of
the real one.
**How we fixed it:**
Step 1 — Change Authentik to use per-app URLs (run this once):
```bash
docker run --rm --network host \
-e PGPASSWORD="YOUR_DB_PASSWORD" \
postgres:16 psql -h KSCLOUD1_TAILSCALE_IP -U authentik authentik -c \
"UPDATE authentik_providers_oauth2_oauth2provider SET issuer_mode='per_provider' WHERE provider_ptr_id=PROVIDER_ID;"
```
Step 2 — Make sure BookStack's settings include:
```
OIDC_ISSUER=https://auth.kitestacks.com/application/o/bookstack/
OIDC_ISSUER_DISCOVER=true
```
Step 3 — Fix the file permission problem:
```bash
docker exec bookstack chown -R abc:users /config/www/framework/cache/
```
Step 4 — Restart BookStack:
```bash
docker compose up -d
```
---
## 2026-06-18 — Portainer OAuth Login Couldn't See Any Servers
**What happened:** Logged in through Authentik, got into Portainer, but no environments
(no servers, nothing to manage) were visible.
**Why it happened:** Portainer creates new SSO users as "regular users." Regular users
can't see environments — only admins can. The fix is to create the user as an admin
**before** they log in for the first time.
**How we fixed it:**
Create the user as admin before first login:
```bash
# Get a temporary auth token
TOKEN=$(curl -sk -X POST https://portainer.kitestacks.com/api/auth \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"YOUR_PASSWORD"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['jwt'])")
# Create the user with admin role (role 1 = admin)
curl -sk -X POST "https://portainer.kitestacks.com/api/users" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"username":"user@example.com","role":1}'
```
If they already logged in as a regular user, promote them:
```bash
curl -sk -X PUT "https://portainer.kitestacks.com/api/users/USER_ID" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"role":1}'
```
---
## 2026-06-17 — Three Cloudflare Connectors Instead of Two
**What happened:** The Cloudflare dashboard was showing 3 tunnel connectors when there
should only be 2 (one from monk, one from kscloud1). This caused Authentik logins to
fail randomly — about half the time, the code from the login form would reach the wrong
connector and get rejected.
**Why it happened:** The system's built-in cloudflared service was still running on monk,
alongside the Docker container version. So monk was connecting to Cloudflare twice.
**How we fixed it:**
```bash
sudo systemctl disable --now cloudflared
```
That stopped the duplicate. Now only the Docker container runs.
After fixing: verified only 2 connectors in Cloudflare Zero Trust → Networks → Tunnels.
---
## 2026-06-17 — BookStack Database Kept Crashing
**What happened:** The BookStack database container (bookstack-db) kept restarting
and never stayed running. Logs showed: `Table 'mysql.db' doesn't exist`
**Why it happened:** The database's data folder had leftover files from a previous
incomplete setup. When MariaDB started, it saw partial old data and crashed trying
to use it.
**How we fixed it:**
```bash
# Wipe the broken database files (they're owned by root inside the container)
docker run --rm -v $(pwd)/db:/db alpine sh -c 'rm -rf /db/*'
# Start fresh
docker compose up -d
```
---
## 2026-06-17 — BookStack Said It Couldn't Find the Database
**What happened:** BookStack started but immediately errored saying it couldn't connect
to the database (bookstack-db).
**Why it happened:** BookStack was too fast. It started before the database was fully
ready, and when it tried to find `bookstack-db` on the internal network, Docker hadn't
finished registering it yet.
**How we fixed it:**
```bash
# Just wait a few seconds and restart BookStack
docker restart bookstack
```
That's it — the database had finished starting up by then.
---
## Quick Diagnostic Commands
```bash
# See which containers are running (and which are crashing)
docker ps --format "table {{.Names}}\t{{.Status}}"
# Follow the live logs of any service
docker logs CONTAINER_NAME --tail 50 -f
# Read BookStack's PHP error log
docker exec bookstack cat /app/www/storage/logs/laravel.log | tail -50
# Test if BookStack's login redirect works
curl -sc /tmp/c.txt http://localhost:6875/login -o /tmp/l.html && \
CSRF=$(grep -oP 'name="_token" value="\K[^"]+' /tmp/l.html | head -1) && \
curl -v -b /tmp/c.txt -X POST http://localhost:6875/oidc/login \
-d "_token=$CSRF" --max-redirs 0 2>&1 | grep -E "HTTP|Location"
# Should show: Location: https://auth.kitestacks.com/application/o/authorize/?...
# Check Tailscale connections between machines
tailscale status
# See if both Cloudflare connectors are working
docker exec cloudflared cloudflared tunnel info TUNNEL_ID
```

55
README.md Normal file
View file

@ -0,0 +1,55 @@
# KiteStacks Homelab
Everything needed to run, fix, and understand the KiteStacks homelab lives here.
## What is KiteStacks?
KiteStacks is a personal homelab — a set of useful web apps that run on two computers
(monk at home, kscloud1 in Germany). All the websites are accessible over the internet
through Cloudflare without exposing any home IP addresses.
## How to Read This Repo
| File / Folder | What it is |
|--------------|------------|
| `RUNBOOK.md` | **Start here.** Plain-English guide to how everything works and how to do common tasks |
| `DEBUG-DOCUMENTATION.md` | Every problem we've hit and how we solved it |
| `docs/` | Detailed setup guides for specific services (Authentik SSO, etc.) |
| `apps/` | Docker Compose files for each service |
| `clusters/` | Infrastructure-level configs |
| `projects/` | Active project notes |
| `cloud/` | Cloud-specific configurations (kscloud1) |
| `cloud-migration/` | Archive of cloud migration work and volume backups |
| `autosync/` | Auto-sync scripts that keep the repo up to date automatically |
| `osticket/` | OSTicket help-desk project notes |
## Services Running Right Now
| Service | Website | What it does |
|---------|---------|--------------|
| Authentik | auth.kitestacks.com | Single login for all services |
| Portainer | portainer.kitestacks.com | Manage all Docker containers |
| Forgejo | gitforge.kitestacks.com | Git server (code + scripts) |
| BookStack | wiki.kitestacks.com | Wiki and notes |
| Grafana | grafana.kitestacks.com | Server health charts |
| Karakeep | links.kitestacks.com | Bookmark manager |
| Kavita | kavita.kitestacks.com | Ebook reader |
| OSTicket | tasks.kitestacks.com | Help desk / ticket system |
| Open WebUI | ai.kitestacks.com | AI chat (GPT, Claude, local) |
| Uptime Kuma | status.kitestacks.com | Service monitor |
| Portal | www.kitestacks.com | Homepage |
## Quick Reference
```bash
# Check all running containers
docker ps --format "table {{.Names}}\t{{.Status}}"
# Restart a service
cd ~/kitestacks-live/docker/SERVICE_NAME && docker compose restart
# View live logs
docker logs CONTAINER_NAME --tail 50 -f
```
All usernames and passwords go through Authentik at `https://auth.kitestacks.com`.

270
RUNBOOK.md Normal file
View file

@ -0,0 +1,270 @@
# KiteStacks Homelab — How Everything Works
**Last Updated:** 2026-06-18
**Status:** Up and running
**Owner:** kenpat
---
## The Big Picture
KiteStacks is a personal homelab — a small set of programs (called "services") that run
on two computers. One computer sits at home (called **monk**), and one rents space in
a data center in Germany (called **kscloud1**).
People on the internet can reach every website without knowing where the computers are,
because all traffic goes through **Cloudflare** — a free service that acts like a secret
post-office. Cloudflare knows the address; the rest of the world doesn't.
```
You (browser)
└─► Cloudflare (the post office)
├─► monk (home machine, runs most services)
└─► kscloud1 (cloud backup machine in Germany)
```
If monk goes offline, kscloud1 keeps serving the sites — Cloudflare automatically
switches traffic over. This is called **active-active** (both doors are always open).
---
## What Runs Where
### Services on monk
| What it is | What it does | Website |
|------------|--------------|---------|
| Authentik | Login manager — handles all usernames and passwords | auth.kitestacks.com |
| Portainer | Dashboard to manage all the Docker containers | portainer.kitestacks.com |
| Forgejo | Git — stores all the code and scripts | gitforge.kitestacks.com |
| BookStack | Wiki — where all the notes and guides live | wiki.kitestacks.com |
| Grafana | Charts showing how healthy the servers are | grafana.kitestacks.com |
| Karakeep | Saves and organizes bookmarks | links.kitestacks.com |
| Kavita | Reads ebooks and manga | kavita.kitestacks.com |
| OSTicket | Help-desk ticket system | tasks.kitestacks.com |
| Open WebUI | Chat with AI models (GPT, Claude, local models) | ai.kitestacks.com |
| Uptime Kuma | Watches every service and alerts if one goes down | status.kitestacks.com |
| KiteStacks Portal | The main homepage with links to everything | www.kitestacks.com |
### Services on kscloud1 (cloud backup)
- A copy of BookStack
- A copy of the main Portal
- The login database (PostgreSQL) and session memory (Redis) that Authentik uses
- The Cloudflare connector (so the site keeps running if monk is off)
---
## Cloudflare Tunnel (the secret post office)
### Why it exists
Normal websites need a router setting called "port forwarding" and a fixed home IP address.
Cloudflare Tunnel removes both requirements — monk connects **out** to Cloudflare, and
Cloudflare forwards visitor traffic back in. Your home address is never exposed.
### How to check it's healthy
Go to Cloudflare Zero Trust → Networks → Tunnels. You should see **2 healthy connectors**
(one from monk, one from kscloud1).
### Adding a new website
In Cloudflare Zero Trust → Networks → Tunnels → your tunnel → Edit → Public Hostname:
- Subdomain: `newservice`
- Domain: `kitestacks.com`
- Service URL: `http://container-name:port`
Both monk and kscloud1 need to be running that container on the same port.
### Fix: If you see 3 connectors instead of 2
The old cloudflared system service on monk is probably running alongside the Docker one.
Run this on monk to fix it:
```bash
sudo systemctl disable --now cloudflared
```
---
## Authentik (the login manager)
### What it does
Every website on KiteStacks uses Authentik for login. Instead of each website having its
own username and password, Authentik is the one source of truth. You log in once and
all the websites trust that login. This system is called **SSO** (Single Sign-On).
### Where the database lives
Authentik's user database lives on **kscloud1** (not on monk). Both machines share it
through a private encrypted network called **Tailscale**.
### Adding a new app to SSO
1. Go to `https://auth.kitestacks.com/if/admin/`
2. **Providers** → Create → OAuth2/OpenID Provider
3. Name it after the app (e.g., `myapp`)
4. Note the Client ID and Client Secret
5. **Application** → Create → link it to the provider
6. Set up the app with:
- Login URL (your app's OIDC issuer URL)
- Client ID and Client Secret
- Callback URL: `https://yourapp.kitestacks.com/auth/callback`
---
## Portainer (the container dashboard)
### What it does
Portainer is a web dashboard that shows all running Docker containers. Think of Docker
containers like small self-contained boxes — each one runs one program. Portainer lets
you start, stop, restart, and view logs for all the boxes without typing commands.
### If you get locked out
```bash
# Stop Portainer
docker stop portainer
# Reset the password (the command will print a new temporary password)
docker run --rm -v portainer_data:/data portainer/helper-reset-password
# Start it again
docker start portainer
```
### First-time OAuth login issue
When someone logs into Portainer through Authentik for the first time, they get created
as a regular user (not admin). They won't be able to see any servers. To fix this,
create their account as admin **before** their first login:
```bash
# Step 1: Get a login token
TOKEN=$(curl -sk -X POST https://portainer.kitestacks.com/api/auth \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"YOUR_PASSWORD"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['jwt'])")
# Step 2: Create the user as admin (role 1 = admin)
curl -sk -X POST "https://portainer.kitestacks.com/api/users" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"username":"user@example.com","role":1}'
```
---
## BookStack (the wiki)
### What it does
BookStack is a self-hosted wiki — like a private Wikipedia just for this homelab.
All notes, runbooks, and guides live here.
### Important settings
BookStack uses Authentik for login. Two settings must be correct:
- `OIDC_ISSUER_DISCOVER=true` — tells BookStack to automatically find all login endpoints
- `OIDC_ISSUER` — must point to the per-app Authentik URL, like:
`https://auth.kitestacks.com/application/o/bookstack/`
### Fix: If cache breaks after running a PHP command
Sometimes running admin commands inside the container breaks file permissions:
```bash
docker exec bookstack chown -R abc:users /config/www/framework/cache/
```
### Clear BookStack's config cache
```bash
docker exec bookstack php /app/www/artisan config:clear
docker exec bookstack php /app/www/artisan cache:clear
```
---
## kscloud1 (the cloud backup machine)
### SSH access
```bash
ssh -i ~/.ssh/id_ed25519_kscloud1 root@KSCLOUD1_TAILSCALE_IP
```
### If you can't SSH in (key was lost)
1. Open Hetzner Cloud console → your server → **Console** tab (this is like a TV remote for the server)
2. Log in as `root` using the Linux root password
3. On monk, share your public SSH key temporarily:
```bash
cat ~/.ssh/id_ed25519_kscloud1.pub > ~/key.txt
python3 -m http.server 7777 --directory ~/
```
4. In the Hetzner console, type:
```bash
curl http://MONK_TAILSCALE_IP:7777/key.txt > /root/.ssh/authorized_keys
```
5. If root SSH is disabled:
```bash
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
systemctl restart ssh
```
---
## OSTicket (help desk)
OSTicket is the ticket/task system at `tasks.kitestacks.com`.
Emails sent to `kitestacks.helpdesk@gmail.com` become tickets automatically.
To test that email is working: Admin Panel → Diagnostics → Send Test Email
---
## Forgejo (code storage)
Forgejo is the Git server — all scripts, configs, and docs live here.
### Create an API token for automation
```bash
docker exec -u git forgejo forgejo admin user generate-access-token \
--username kenpat \
--token-name "my-token" \
--raw \
--scopes "read:user,write:user,read:repository,write:repository"
```
Note: SSH to gitforge.kitestacks.com only works from inside the local network,
not through Cloudflare (Cloudflare blocks non-HTTPS ports).
For git operations from monk, use `ssh://git@localhost:2222/kenpat/repo.git`.
---
## Everyday Docker Commands
```bash
# See all running containers and their status
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# View recent logs for a service
docker logs CONTAINER_NAME --tail 50 -f
# Restart a service
cd ~/kitestacks-live/docker/SERVICE_NAME
docker compose restart
# Stop and restart a service (harder reset)
docker compose down && docker compose up -d
# Pull latest image and restart
docker compose pull && docker compose up -d
```
---
## Tailscale (the private tunnel between machines)
Tailscale creates an encrypted private network between monk and kscloud1.
Nothing on this network is visible to the public internet.
Used for:
- monk connecting to kscloud1's PostgreSQL and Redis (for Authentik)
- SSH from monk to kscloud1
- Prometheus on monk scraping metrics from kscloud1
To check connection status:
```bash
tailscale status
```

32
apps/authentik-ldap/docker-compose.yml Normal file
View file

@ -0,0 +1,32 @@
services:
authentik-ldap:
image: ghcr.io/goauthentik/ldap:2025.2.4
container_name: authentik-ldap
restart: unless-stopped
environment:
AUTHENTIK_HOST: https://auth.kitestacks.com
AUTHENTIK_INSECURE: "false"
# Token from Authentik outpost "osTicket LDAP Outpost"
# Regenerate via: Authentik admin → Outposts → osTicket LDAP Outpost → token
AUTHENTIK_TOKEN: REDACTED
networks:
- kitestacks
- osticket_default
# socat proxy: bridges standard LDAP port 389 → outpost port 3389
# Required because Net_LDAP2 (osTicket's LDAP library) always uses port 389
authentik-ldap-proxy:
image: alpine/socat
container_name: authentik-ldap-proxy
restart: unless-stopped
command: TCP-LISTEN:389,fork,reuseaddr TCP:authentik-ldap:3389
depends_on:
- authentik-ldap
networks:
- osticket_default
networks:
kitestacks:
external: true
osticket_default:
external: true

78
apps/authentik/AUTHENTIK.md Normal file
View file

@ -0,0 +1,78 @@
# Authentik SSO — Setup & Status
## Server
- **Host:** `<IP_REDACTED>` (Assassin, Debian 6.12.90 amd64)
- **Authentik version:** 2025.2.4 (Enterprise)
- **Stack location:** `/home/kenpat/docker/authentik/docker-compose.yml`
- **Web UI:** `http://<IP_REDACTED>:<port>` / `http://<IP_REDACTED>:<port>/if/admin/`
- **API base:** `http://<IP_REDACTED>:<port>/api/v3/`
## Architecture
Authentik runs as a 4-container stack:
| Container | Role |
|-----------|------|
| `authentik` | Web server (port <port>) |
| `authentik-worker` | Background task worker |
| `authentik-postgres` | PostgreSQL 16 database |
| `authentik-redis` | Redis cache |
Both server and worker are on the `kitestacks` external Docker network.
## Configured Applications
| App | Provider Type | Client ID | Status |
|-----|--------------|-----------|--------|
| Grafana | OAuth2/OIDC | `grafana` | ✅ Configured |
| Kavita | OAuth2/OIDC | `kavita` | ✅ Configured, secret filled |
| Open WebUI | OAuth2/OIDC | `open-webui` | ✅ Configured |
| Forgejo | OAuth2/OIDC | `forgejo` | ✅ Configured, OAuth2 source in Forgejo admin |
| OpenProject | OAuth2/OIDC | `openproject` | ✅ Configured, secret filled, upgraded to v15 |
| Shaarli | Proxy | — | ✅ Proxy Provider + Embedded Outpost, CF tunnel pending |
| Uptime Kuma | Proxy | — | ✅ Proxy Provider + Embedded Outpost, CF tunnel pending |
| LiteLLM | Proxy | — | ✅ Proxy Provider + Embedded Outpost, CF tunnel pending |
> Cloudflare tunnel routes for Shaarli, Uptime Kuma, LiteLLM still point to service containers directly — update to `http://authentik:<port>` in the Cloudflare dashboard to activate proxy protection.
## All Services Running on Server
| Service | Image | External Port |
|---------|-------|---------------|
| forgejo | forgejo:<port> | <port> (HTTP), <port> (SSH) |
| kite-openwebui | open-webui | <port> |
| grafana | grafana-oss | <port> |
| cloudflared | cloudflared | — (tunnel) |
| shaarli | shaarli | <port> |
| homepage | nginx | <port> |
| homepage-test | gethomepage | <port> |
| kitestacks-portal | nginx | <port> |
| openproject | openproject:<port> | <port> |
| kite-litellm | litellm | <port> |
| bookstack | bookstack | <port> |
| authentik | server:latest | <port> |
| kavita | kavita | <port> |
| portainer | portainer-ce | <port> |
| prometheus | prometheus | <port> |
| node-exporter | node-exporter | <port> |
| uptime-kuma | uptime-kuma | <port> |
## External Access (Cloudflare Tunnel)
Tunnel is token-based — ingress rules live in the Cloudflare dashboard:
**dash.cloudflare.com → Zero Trust → Networks → Tunnels**
No local `config.yml` — all routing configured via the dashboard.
## Pending
- [ ] Update Cloudflare tunnel routes: `links.kitestacks.com`, `status.kitestacks.com`, `llm.kitestacks.com``http://authentik:<port>`
- [ ] Update Cloudflare tunnel route: `tasks.kitestacks.com``http://openproject:<port>`
- [ ] Test SSO end-to-end for all services
- [ ] Phase 2: add friend's Authentik account, verify auto-provisioning across all apps
## Excluded from SSO
- Portainer — admin tool, excluded by design
- Prometheus / Node Exporter — internal metrics, excluded by design
- Homepage — public landing page, no auth needed

56
apps/authentik/docker-compose.myl Normal file
View file

@ -0,0 +1,56 @@
services:
postgresql:
image: postgres:16-alpine
container_name: authentik-postgres
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${PG_PASS}
POSTGRES_USER: authentik
POSTGRES_DB: authentik
volumes:
- ./postgres:/var/lib/postgresql/data
redis:
image: redis:alpine
container_name: authentik-redis
restart: unless-stopped
authentik:
image: ghcr.io/goauthentik/server:latest
container_name: authentik
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
ports:
- "9001:9000"
depends_on:
- postgresql
- redis
authentik-worker:
image: ghcr.io/goauthentik/server:latest
container_name: authentik-worker
restart: unless-stopped
command: worker
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
depends_on:
- postgresql
- redis

69
apps/authentik/docker-compose.yml Normal file
View file

@ -0,0 +1,69 @@
services:
postgresql:
image: postgres:16-alpine
container_name: authentik-postgres
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${PG_PASS}
POSTGRES_USER: authentik
POSTGRES_DB: authentik
volumes:
- ./postgres:/var/lib/postgresql/data
redis:
image: redis:alpine
container_name: authentik-redis
restart: unless-stopped
authentik:
image: ghcr.io/goauthentik/server:latest
container_name: authentik
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
volumes:
- ./media:/media
- ./custom-templates:/templates
ports:
- "9001:9000"
depends_on:
- postgresql
- redis
networks:
- default
- kitestacks
authentik-worker:
image: ghcr.io/goauthentik/server:latest
container_name: authentik-worker
restart: unless-stopped
command: worker
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
volumes:
- ./media:/media
- ./custom-templates:/templates
depends_on:
- postgresql
- redis
networks:
- default
- kitestacks
networks:
kitestacks:
external: true

2
apps/bookstack/bookstack/.migrations Normal file
View file

@ -0,0 +1,2 @@
01-nginx-site-confs-default
02-default-location

23
apps/bookstack/bookstack/keys/cert.crt Normal file
View file

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIUVt05s9wgylfcEPx3fQDn2e4dF3owDQYJKoZIhvcNAQEL
BQAwaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhDYXJsc2Jh
ZDEXMBUGA1UECgwOTGludXhzZXJ2ZXIuaW8xFDASBgNVBAsMC0xTSU8gU2VydmVy
MQowCAYDVQQDDAEqMB4XDTI2MDYwNTAwNDczMloXDTM2MDYwMjAwNDczMlowaDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhDYXJsc2JhZDEXMBUG
A1UECgwOTGludXhzZXJ2ZXIuaW8xFDASBgNVBAsMC0xTSU8gU2VydmVyMQowCAYD
VQQDDAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooBdmf0Nmewk
YIreTSqKgHJpj+C5uiYflmiQ7TBNrMCyeg7VrkDKlAIbrMsWDbdxbJ3gIWX/+WL9
iFG3SVwLwj3OLAdaPhLU8vodrjMkxkNFHk7CFNG53sEOU1WOskdwK3xtWUx3F6CD
tBJwWyIepdsiXiFoug6kgKZ7r7Koraqp7fW36iNztvW+V2DakF6F4ufSduzq1zTZ
mp+woGVPUVcI2UPoOuKLQqIt93GmHbmFqw1AKKZkbaoTxJHVnz56YfjmMn/ls+8s
ovLX8wR9zSp+ExwitrbD//zyWYt7GWmDZIuSB0pqb/ofXDSijiDiobM5UJ6bygv1
BAXXbyg0pwIDAQABo2kwZzAdBgNVHQ4EFgQUSWIeem3I7aV7kjCN9t2xKz9ayBEw
HwYDVR0jBBgwFoAUSWIeem3I7aV7kjCN9t2xKz9ayBEwDwYDVR0TAQH/BAUwAwEB
/zAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAIsbdBRB
sENi2gz8zRqL9oEwiZ6n02mvd/uYh0ReBxp5AAkRJ0v1vqhMtCi26lHA2FoUdUFS
aOKitgpXZn3oP5SqBVfxsE9WUTBP544H3lsUKnsQl06dBpKQCmXrnVedM6ktb33P
EpppqudyS+y+mNVLi9lM4bMqGxQRdze2y4p9+qNYHREczkPgMlEgujOKcd533YJ/
EbrwKgvYBWQeR0Rl0YnGS3j/mFXYYfsg4jpxHezX5tZRWT7FTtV8GpcchR97qvZH
Ax/cOIYmWF0KIkiW8qTmiMowwm2pEQLxOOxaLwPsICk6jf9kvPeHdu1+aMfvuZhc
MbvugyYpqDKGRCg=
-----END CERTIFICATE-----

28
apps/bookstack/bookstack/keys/cert.key Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCigF2Z/Q2Z7CRg
it5NKoqAcmmP4Lm6Jh+WaJDtME2swLJ6DtWuQMqUAhusyxYNt3FsneAhZf/5Yv2I
UbdJXAvCPc4sB1o+EtTy+h2uMyTGQ0UeTsIU0bnewQ5TVY6yR3ArfG1ZTHcXoIO0
EnBbIh6l2yJeIWi6DqSApnuvsqitqqnt9bfqI3O29b5XYNqQXoXi59J27OrXNNma
n7CgZU9RVwjZQ+g64otCoi33caYduYWrDUAopmRtqhPEkdWfPnph+OYyf+Wz7yyi
8tfzBH3NKn4THCK2tsP//PJZi3sZaYNki5IHSmpv+h9cNKKOIOKhszlQnpvKC/UE
BddvKDSnAgMBAAECggEAFP1Bmc8+v3/p3vJw7kStaRPeILBlLO8Zq2LMPWa80bB+
HRfnb798qwtuqa39pj3oj6AAwC+dlYe8uavcYcRa3HcBN1ynwlbKXKwDw2lluZoc
xmJj3S6NtID5KbhmWw6xJVzH/v3KcCnSeSLckljg3olkcgYcsdOMWfWnCjWoZe3t
jZqwhHKn7tLUKvkcbsILGp5iM0Ff5fJeqfnCMOOAgpFpGdsLT0Ro3Hl3RGOGx29z
TBey3I2pKyaK4sC+Z444lmvPlSNA/+hXmn0CxncG1d6KqPSdVd4+rK3ubJLDM0l0
wzbzUFeCBWdWORpgJ5JirGD4Z24pU8g2zO75Rx3fiQKBgQDWa4Y0rheR3CPTE/g9
p8lT8RRGBxge50ldbw7au3+zt89AKVbZ0+PnllWgjgL/qx4bWvOJp9q9WUODhjVO
Qd+B3vlWtlLzBcs53KbVf49E6Ag4g3KvcJ4R7dHLlBNkvcqBwnHyR8WuBDNTWbr2
Yy6r5P6SXIB27W6ex1KyfCslKwKBgQDCA3D9ppWX9Wj6miJ/0cvJUSKL7wMu+Hhl
JTt8sL0KfuOzLU4/5jtkWXSxCqEWzGteWc7s5rIi/NILBJRxGPG7T/e6R3+n+iiu
T7qgoihl5gecw7sK3PzEAcJMd9TwCiD8Wcy7gGiRz/0Ajqju6fB7i5KqoYodqnTq
a1cM7ySodQKBgQC7e9klRvQk/a/1aIiuoH9RfoKTmLBmlSV5JRp/92J56ka1e3AN
l1C3tqO4d3P3yc/Ra3125+ZDmkGGR1tkygR8slKil1mAVZiVR3I5TAgh4CEQCR/G
d1o/owrGTvuGIs1nGHY5urgGqHWYc+Ueeyrb8qcFowxQ8NrAythsaFXxcQKBgQC/
qPKoQTaqxW8NkdLe/nwYxqQgJN+6OQ+Gq/9WMKqvgaajTPBuQ50Mhyq18tAsW4j9
zi6S7VuxIJzG8aFLEN9MsbUCOrurT398o5q0MT1DXLjMbreKBcFWSH6PWBntf7QS
VwvfdvzWfudq84ODcWt2QO2EzsxIfim9ooh+aIiIOQKBgErUJXO3Z6YqxpHjZka9
0zXRZaUHBTTTQTy014VUT69bKKgwYvaecKZlzgzlzj4wEAZuNmgWQfinGEfUezu8
VwL+a0BsWnQDMAK96FWGFfui55DmXp8Wo+pzIrSR7O0+GPnSr6B6RPjwEuFKziWX
v4HTdlayWFSvB+uArMUKowFP
-----END PRIVATE KEY-----

98
apps/bookstack/bookstack/nginx/nginx.conf Normal file
View file

@ -0,0 +1,98 @@
## Version 2025/12/26 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/nginx.conf.sample
### Based on alpine defaults
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.23-stable
user abc;
# Set number of worker processes automatically based on number of CPU cores.
include /config/nginx/worker_processes.conf;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Configures default error logger.
error_log /config/log/nginx/error.log;
# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;
# Include files with config snippets into the root context.
include /etc/nginx/conf.d/*.conf;
events {
# The maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
}
http {
# Includes mapping of file name extensions to MIME types of responses
# and defines the default type.
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Name servers used to resolve names of upstream servers into addresses.
# It's also needed when using tcpsocket and udpsocket in Lua modules.
#resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
include /config/nginx/resolver.conf;
# Don't tell nginx version to the clients. Default is 'on'.
server_tokens off;
# Specifies the maximum accepted body size of a client request, as
# indicated by the request header Content-Length. If the stated content
# length is greater than this size, then the client receives the HTTP
# error code 413. Set to 0 to disable. Default is '1m'.
client_max_body_size 0;
# Sendfile copies data between one FD and other from within the kernel,
# which is more efficient than read() + write(). Default is off.
sendfile on;
# Causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames. Default is 'off'.
tcp_nopush on;
# all ssl related config moved to ssl.conf
# included in server blocks where listen 443 is defined
# Enable gzipping of responses.
#gzip on;
# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
gzip_vary on;
# Helper variable for proxying websockets.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Enable http2 by default for all servers
http2 on;
http3 on;
quic_retry on;
# Sets the path, format, and configuration for a buffered log write.
access_log /config/log/nginx/access.log;
client_body_temp_path /tmp/nginx 1 2;
proxy_temp_path /tmp/nginx-proxy;
fastcgi_temp_path /tmp/nginx-fastcgi;
uwsgi_temp_path /tmp/nginx-uwsgi;
scgi_temp_path /tmp/nginx-scgi;
proxy_cache_path /tmp/nginx-proxy-cache keys_zone=lsio-proxy:10m;
fastcgi_cache_path /tmp/nginx-fcgi-cache keys_zone=lsio-fcgi:10m;
scgi_cache_path /tmp/nginx-scgi-cache keys_zone=lsio-scgi:10m;
uwsgi_cache_path /tmp/nginx-uwsgi-cache keys_zone=lsio-uwsgi:10m;
# Includes virtual hosts configs.
include /etc/nginx/http.d/*.conf;
include /config/nginx/site-confs/*.conf;
}
daemon off;
pid /run/nginx.pid;

98
apps/bookstack/bookstack/nginx/nginx.conf.sample Normal file
View file

@ -0,0 +1,98 @@
## Version 2025/12/26 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/nginx.conf.sample
### Based on alpine defaults
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.23-stable
user abc;
# Set number of worker processes automatically based on number of CPU cores.
include /config/nginx/worker_processes.conf;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Configures default error logger.
error_log /config/log/nginx/error.log;
# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;
# Include files with config snippets into the root context.
include /etc/nginx/conf.d/*.conf;
events {
# The maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
}
http {
# Includes mapping of file name extensions to MIME types of responses
# and defines the default type.
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Name servers used to resolve names of upstream servers into addresses.
# It's also needed when using tcpsocket and udpsocket in Lua modules.
#resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
include /config/nginx/resolver.conf;
# Don't tell nginx version to the clients. Default is 'on'.
server_tokens off;
# Specifies the maximum accepted body size of a client request, as
# indicated by the request header Content-Length. If the stated content
# length is greater than this size, then the client receives the HTTP
# error code 413. Set to 0 to disable. Default is '1m'.
client_max_body_size 0;
# Sendfile copies data between one FD and other from within the kernel,
# which is more efficient than read() + write(). Default is off.
sendfile on;
# Causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames. Default is 'off'.
tcp_nopush on;
# all ssl related config moved to ssl.conf
# included in server blocks where listen 443 is defined
# Enable gzipping of responses.
#gzip on;
# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
gzip_vary on;
# Helper variable for proxying websockets.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Enable http2 by default for all servers
http2 on;
http3 on;
quic_retry on;
# Sets the path, format, and configuration for a buffered log write.
access_log /config/log/nginx/access.log;
client_body_temp_path /tmp/nginx 1 2;
proxy_temp_path /tmp/nginx-proxy;
fastcgi_temp_path /tmp/nginx-fastcgi;
uwsgi_temp_path /tmp/nginx-uwsgi;
scgi_temp_path /tmp/nginx-scgi;
proxy_cache_path /tmp/nginx-proxy-cache keys_zone=lsio-proxy:10m;
fastcgi_cache_path /tmp/nginx-fcgi-cache keys_zone=lsio-fcgi:10m;
scgi_cache_path /tmp/nginx-scgi-cache keys_zone=lsio-scgi:10m;
uwsgi_cache_path /tmp/nginx-uwsgi-cache keys_zone=lsio-uwsgi:10m;
# Includes virtual hosts configs.
include /etc/nginx/http.d/*.conf;
include /config/nginx/site-confs/*.conf;
}
daemon off;
pid /run/nginx.pid;

3
apps/bookstack/bookstack/nginx/resolver.conf Normal file
View file

@ -0,0 +1,3 @@
# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.
resolver 127.0.0.11 valid=30s;

46
apps/bookstack/bookstack/nginx/site-confs/default.conf Normal file
View file

@ -0,0 +1,46 @@
## Version 2025/12/26 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/site-confs/default.conf.sample
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 quic reuseport default_server;
listen [::]:443 quic reuseport default_server;
server_name _;
include /config/nginx/ssl.conf;
set $root /app/www/public;
if (!-d /app/www/public) {
set $root /config/www;
}
root $root;
index index.html index.htm index.php;
location / {
# enable for basic auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
}
location ~ ^(.+\.php)(.*)$ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
fastcgi_split_path_info ^(.+\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) { return 404; }
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# deny access to .htaccess/.htpasswd files
location ~ /\.ht {
deny all;
}
}

46
apps/bookstack/bookstack/nginx/site-confs/default.conf.sample Normal file
View file

@ -0,0 +1,46 @@
## Version 2025/12/26 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/site-confs/default.conf.sample
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 quic reuseport default_server;
listen [::]:443 quic reuseport default_server;
server_name _;
include /config/nginx/ssl.conf;
set $root /app/www/public;
if (!-d /app/www/public) {
set $root /config/www;
}
root $root;
index index.html index.htm index.php;
location / {
# enable for basic auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
}
location ~ ^(.+\.php)(.*)$ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
fastcgi_split_path_info ^(.+\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) { return 404; }
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# deny access to .htaccess/.htpasswd files
location ~ /\.ht {
deny all;
}
}

36
apps/bookstack/bookstack/nginx/ssl.conf Normal file
View file

@ -0,0 +1,36 @@
## Version 2026/05/04 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/ssl.conf.sample
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#add_header Strict-Transport-Security "max-age=63072000" always;
### Mozilla SSL Configuration Generator
# generated 2026-05-04, Mozilla Guideline v6.0, nginx 1.28.3, OpenSSL 3.5.6, intermediate config, HSTS
# https://ssl-config.mozilla.org/#server=nginx&version=1.28.3&config=intermediate&openssl=3.5.6&hsts&guideline=6.0
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
# see also ssl_session_ticket_key alternative to stateful session cache
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
### Mozilla Practical security implementation
# https://developer.mozilla.org/en-US/docs/Web/Security
#add_header Access-Control-Allow-Origin $http_origin always;
#add_header Content-Security-Policy "upgrade-insecure-requests; base-uri 'self'; form-action 'self'; frame-ancestors 'self';" always;
#add_header Cross-Origin-Resource-Policy "same-origin" always;
#add_header Referrer-Policy "same-origin" always;
#add_header X-Content-Type-Options "nosniff" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
### Optional additional headers
#add_header Alt-Svc 'h3=":443"' always;
#add_header Cache-Control "no-transform" always;
#add_header Permissions-Policy "interest-cohort=()" always;
#add_header X-UA-Compatible "IE=Edge" always;
#add_header X-XSS-Protection "1; mode=block" always;

36
apps/bookstack/bookstack/nginx/ssl.conf.sample Normal file
View file

@ -0,0 +1,36 @@
## Version 2026/05/04 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/ssl.conf.sample
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#add_header Strict-Transport-Security "max-age=63072000" always;
### Mozilla SSL Configuration Generator
# generated 2026-05-04, Mozilla Guideline v6.0, nginx 1.28.3, OpenSSL 3.5.6, intermediate config, HSTS
# https://ssl-config.mozilla.org/#server=nginx&version=1.28.3&config=intermediate&openssl=3.5.6&hsts&guideline=6.0
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
# see also ssl_session_ticket_key alternative to stateful session cache
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
### Mozilla Practical security implementation
# https://developer.mozilla.org/en-US/docs/Web/Security
#add_header Access-Control-Allow-Origin $http_origin always;
#add_header Content-Security-Policy "upgrade-insecure-requests; base-uri 'self'; form-action 'self'; frame-ancestors 'self';" always;
#add_header Cross-Origin-Resource-Policy "same-origin" always;
#add_header Referrer-Policy "same-origin" always;
#add_header X-Content-Type-Options "nosniff" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
### Optional additional headers
#add_header Alt-Svc 'h3=":443"' always;
#add_header Cache-Control "no-transform" always;
#add_header Permissions-Policy "interest-cohort=()" always;
#add_header X-UA-Compatible "IE=Edge" always;
#add_header X-XSS-Protection "1; mode=block" always;

3
apps/bookstack/bookstack/nginx/worker_processes.conf Normal file
View file

@ -0,0 +1,3 @@
# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.
worker_processes 8;

3
apps/bookstack/bookstack/php/php-local.ini Normal file
View file

@ -0,0 +1,3 @@
; Edit this file to override php.ini directives
date.timezone = America/Chicago

5
apps/bookstack/bookstack/php/www2.conf Normal file
View file

@ -0,0 +1,5 @@
; Edit this file to override www.conf and php-fpm.conf directives and restart the container
; Pool name
[www]

34
apps/bookstack/bookstack/www/index.html Normal file
View file

@ -0,0 +1,34 @@
<html>
<head>
<title>Welcome to our server</title>
<style>
body{
font-family: Helvetica, Arial, sans-serif;
}
.message{
width:330px;
padding:20px 40px;
margin:0 auto;
background-color:#f9f9f9;
border:1px solid #ddd;
}
center{
margin:40px 0;
}
h1{
font-size: 18px;
line-height: 26px;
}
p{
font-size: 12px;
}
</style>
</head>
<body>
<div class="message">
<h1>Welcome to our server</h1>
<p>The website is currently being setup under this address.</p>
<p>For help and support, please contact: <a href="me@example.com">me@example.com</a></p>
</div>
</body>
</html>

33
apps/bookstack/docker-compose.yml Normal file
View file

@ -0,0 +1,33 @@
services:
bookstack:
image: lscr.io/linuxserver/bookstack:latest
container_name: bookstack
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=America/Chicago
- APP_URL=http://192.168.1.205:6875
- DB_HOST=bookstack-db
- DB_PORT=3306
- DB_USERNAME=bookstack
- DB_PASSWORD=bookstackpassword
- DB_DATABASE=bookstackapp
volumes:
- ./bookstack:/config
ports:
- "6875:80"
depends_on:
- bookstack-db
bookstack-db:
image: mariadb:11
container_name: bookstack-db
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=supersecretrootpassword
- MYSQL_DATABASE=bookstackapp
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=bookstackpassword
volumes:
- ./db:/var/lib/mysql

1
apps/cloudflared/.env.example Normal file
View file

@ -0,0 +1 @@
TUNNEL_TOKEN=<cloudflare_tunnel_connector_token>

15
apps/cloudflared/docker-compose.yml Normal file
View file

@ -0,0 +1,15 @@
services:
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
restart: unless-stopped
command: tunnel --no-autoupdate run
environment:
- TUNNEL_TOKEN=${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env}
networks:
- default
- kitestacks
networks:
kitestacks:
external: true

26
apps/forgejo-runner/docker-compose.yml Normal file
View file

@ -0,0 +1,26 @@
services:
forgejo-runner:
image: code.forgejo.org/forgejo/runner:3.5.0
container_name: forgejo-runner
restart: unless-stopped
depends_on:
- forgejo
environment:
# Set after running: forgejo-runner register (see docs/ci-cd-setup.md)
FORGEJO_INSTANCE_URL: "http://forgejo:3000"
volumes:
- ./config:/etc/act_runner
- /var/run/docker.sock:/var/run/docker.sock
- runner_data:/data
networks:
- default
- kitestacks
command: daemon
volumes:
runner_data:
name: forgejo_runner_data
networks:
kitestacks:
external: true

0
configmap.yaml → apps/forgejo/configmap.yaml
View file

0
cronjob.yaml → apps/forgejo/cronjob.yaml
View file

25
apps/forgejo/docker-compose.yml Normal file
View file

@ -0,0 +1,25 @@
services:
forgejo:
image: codeberg.org/forgejo/forgejo:11
container_name: forgejo
restart: unless-stopped
ports:
- "3006:3000"
- "2222:22"
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__server__DOMAIN=gitforge.kitestacks.com
- FORGEJO__server__ROOT_URL=https://gitforge.kitestacks.com/
- FORGEJO__server__SSH_DOMAIN=gitforge.kitestacks.com
- FORGEJO__server__SSH_PORT=2222
- FORGEJO__actions__ENABLED=true
volumes:
- ./data:/data
networks:
- default
- kitestacks
networks:
kitestacks:
external: true

0
gitrepository.yaml → apps/forgejo/gitrepository.yaml
View file

0
kitestacks_check.py → apps/forgejo/kitestacks_check.py
View file

0
data/git/.ssh/authorized_keys → apps/forgejo/uptime-kuma/-n
View file

0
data/git/repositories/kenpat/kitestacks-homelab.git/hooks/proc-receive.d/gitea → apps/forgejo/uptime-kuma/:31333 Executable file → Normal file
View file

0
data/gitea/queues/common/LOCK → apps/forgejo/uptime-kuma/NodePort
View file

147
apps/forgejo/uptime-kuma/configmap.yaml Normal file
View file

@ -0,0 +1,147 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: kitestacks-monitors
namespace: monitoring
data:
monitors.json: [
{
"name": "Open Web UI",
"type": "http",
"method": "GET",
"url": "https://www.kitestacks.com",
"interval": 60,
"retries": 3
},
{
"name": "Auth",
"type": "http",
"method": "GET",
"url": "https://auth.kitestacks.com",
"interval": 60,
"retries": 3
},
{
"name": "Kavita",
"type": "http",
"method": "GET",
"url": "http://kavita.kitestacks.com:5000",
"interval": 60,
"retries": 3
},
{
"name": "Tasks",
"type": "http",
"method": "GET",
"url": "http://tasks.kitestacks.com:8080",
"interval": 60,
"retries": 3
},
{
"name": "AI",
"type": "http",
"method": "GET",
"url": "http://ai.kitestacks.com:3100",
"interval": 60,
"retries": 3
},
{
"name": "Forgejo",
"type": "http",
"method": "GET",
"url": "http://gitforge.kitestacks.com:3006",
"interval": 60,
"retries": 3
},
{
"name": "Linkding",
"type": "http",
"method": "GET",
"url": "http://links.kitestacks.com:9005",
"interval": 60,
"retries": 3
},
{
"name": "Grafana",
"type": "http",
"method": "GET",
"url": "http://grafana.kitestacks.com:3150",
"interval": 60,
"retries": 3
},
{
"name": "OpenProject",
"type": "http",
"method": "GET",
"url": "http://openproject.kitestacks.com:8080",
"interval": 60,
"retries": 3
},
{
"name": "Prometheus",
"type": "tcp",
"host": "prometheus.kitestacks.com",
"port": 9090,
"interval": 60,
"retries": 3
},
{
"name": "Node Exporter",
"type": "tcp",
"host": "node-exporter.kitestacks.com",
"port": 9100,
"interval": 60,
"retries": 3
},
{
"name": "Pixel 4",
"type": "ping",
"host": "192.168.1.201",
"interval": 60,
"retries": 3
},
{
"name": "Lenovo T14",
"type": "ping",
"host": "192.168.1.205",
"interval": 60,
"retries": 3
},
{
"name": "Lenovo T14s",
"type": "ping",
"host": "192.168.1.206",
"interval": 60,
"retries": 3
},
{
"name": "Gaming Desktop",
"type": "ping",
"host": "192.168.1.207",
"interval": 60,
"retries": 3
},
{
"name": "Tesla Model Y",
"type": "ping",
"host": "192.168.1.208",
"interval": 60,
"retries": 3
},
{
"name": "Mom's HP Laptop",
"type": "ping",
"host": "192.168.1.209",
"interval": 60,
"retries": 3
},
{
"name": "Uptime Kuma",
"type": "http",
"method": "GET",
"url": "https://status.kitestacks.com",
"interval": 60,
"retries": 3
}
]

0
uptime-kuma/gitrepository.yaml → apps/forgejo/uptime-kuma/gitrepository.yaml
View file

172
apps/forgejo/uptime-kuma/kitestacks-cron.yaml Normal file
View file

@ -0,0 +1,172 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: kitestacks-monitors
namespace: monitoring
data:
monitors.json: |
[
{
"name": "Open Web UI",
"type": "http",
"method": "GET",
"url": "https://www.kitestacks.com",
"interval": 60,
"retries": 3
},
{
"name": "Auth",
"type": "http",
"method": "GET",
"url": "https://auth.kitestacks.com",
"interval": 60,
"retries": 3
},
{
"name": "Kavita",
"type": "http",
"method": "GET",
"url": "http://kavita.kitestacks.com:5000",
"interval": 60,
"retries": 3
},
{
"name": "Tasks",
"type": "http",
"method": "GET",
"url": "http://tasks.kitestacks.com:8080",
"interval": 60,
"retries": 3
},
{
"name": "AI",
"type": "http",
"method": "GET",
"url": "http://ai.kitestacks.com:3100",
"interval": 60,
"retries": 3
},
{
"name": "Forgejo",
"type": "http",
"method": "GET",
"url": "http://gitforge.kitestacks.com:3006",
"interval": 60,
"retries": 3
},
{
"name": "Linkding",
"type": "http",
"method": "GET",
"url": "http://links.kitestacks.com:9005",
"interval": 60,
"retries": 3
},
{
"name": "Grafana",
"type": "http",
"method": "GET",
"url": "http://grafana.kitestacks.com:3150",
"interval": 60,
"retries": 3
},
{
"name": "OpenProject",
"type": "http",
"method": "GET",
"url": "http://openproject.kitestacks.com:8080",
"interval": 60,
"retries": 3
},
{
"name": "Prometheus",
"type": "tcp",
"host": "prometheus.kitestacks.com",
"port": 9090,
"interval": 60,
"retries": 3
},
{
"name": "Node Exporter",
"type": "tcp",
"host": "node-exporter.kitestacks.com",
"port": 9100,
"interval": 60,
"retries": 3
},
{
"name": "Pixel 4",
"type": "ping",
"host": "192.168.1.201",
"interval": 60,
"retries": 3
},
{
"name": "Lenovo T14",
"type": "ping",
"host": "192.168.1.205",
"interval": 60,
"retries": 3
},
{
"name": "Lenovo T14s",
"type": "ping",
"host": "192.168.1.206",
"interval": 60,
"retries": 3
},
{
"name": "Gaming Desktop",
"type": "ping",
"host": "192.168.1.207",
"interval": 60,
"retries": 3
},
{
"name": "Tesla Model Y",
"type": "ping",
"host": "192.168.1.208",
"interval": 60,
"retries": 3
},
{
"name": "Mom's HP Laptop",
"type": "ping",
"host": "192.168.1.209",
"interval": 60,
"retries": 3
},
{
"name": "Uptime Kuma",
"type": "http",
"method": "GET",
"url": "https://status.kitestacks.com",
"interval": 60,
"retries": 3
}
]
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: kitestacks-monitors-check
namespace: monitoring
spec:
schedule: "*/5 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: monitor-check
image: python:3.12-slim
command: ["python3", "/scripts/kitestacks_check.py"]
volumeMounts:
- name: monitors
mountPath: /scripts
restartPolicy: OnFailure
volumes:
- name: monitors
configMap:
name: kitestacks-monitors

140
apps/forgejo/uptime-kuma/kitestacks-monitors.json Normal file
View file

@ -0,0 +1,140 @@
[
{
"name": "Open Web UI",
"type": "http",
"method": "GET",
"url": "https://www.kitestacks.com",
"interval": 60,
"retries": 3
},
{
"name": "Auth",
"type": "http",
"method": "GET",
"url": "https://auth.kitestacks.com",
"interval": 60,
"retries": 3
},
{
"name": "Kavita",
"type": "http",
"method": "GET",
"url": "http://kavita.kitestacks.com:5000",
"interval": 60,
"retries": 3
},
{
"name": "Tasks",
"type": "http",
"method": "GET",
"url": "http://tasks.kitestacks.com:8080",
"interval": 60,
"retries": 3
},
{
"name": "AI",
"type": "http",
"method": "GET",
"url": "http://ai.kitestacks.com:3100",
"interval": 60,
"retries": 3
},
{
"name": "Forgejo",
"type": "http",
"method": "GET",
"url": "http://gitforge.kitestacks.com:3006",
"interval": 60,
"retries": 3
},
{
"name": "Linkding",
"type": "http",
"method": "GET",
"url": "http://links.kitestacks.com:9005",
"interval": 60,
"retries": 3
},
{
"name": "Grafana",
"type": "http",
"method": "GET",
"url": "http://grafana.kitestacks.com:3150",
"interval": 60,
"retries": 3
},
{
"name": "OpenProject",
"type": "http",
"method": "GET",
"url": "http://openproject.kitestacks.com:8080",
"interval": 60,
"retries": 3
},
{
"name": "Prometheus",
"type": "tcp",
"host": "prometheus.kitestacks.com",
"port": 9090,
"interval": 60,
"retries": 3
},
{
"name": "Node Exporter",
"type": "tcp",
"host": "node-exporter.kitestacks.com",
"port": 9100,
"interval": 60,
"retries": 3
},
{
"name": "Pixel 4",
"type": "ping",
"host": "192.168.1.201",
"interval": 60,
"retries": 3
},
{
"name": "Lenovo T14",
"type": "ping",
"host": "192.168.1.205",
"interval": 60,
"retries": 3
},
{
"name": "Lenovo T14s",
"type": "ping",
"host": "192.168.1.206",
"interval": 60,
"retries": 3
},
{
"name": "Gaming Desktop",
"type": "ping",
"host": "192.168.1.207",
"interval": 60,
"retries": 3
},
{
"name": "Tesla Model Y",
"type": "ping",
"host": "192.168.1.208",
"interval": 60,
"retries": 3
},
{
"name": "Mom's HP Laptop",
"type": "ping",
"host": "192.168.1.209",
"interval": 60,
"retries": 3
},
{
"name": "Uptime Kuma",
"type": "http",
"method": "GET",
"url": "https://status.kitestacks.com",
"interval": 60,
"retries": 3
}
]

32
apps/forgejo/uptime-kuma/scripts/kitestacks_uptimecheck.py Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env python3
import json
import requests
import subprocess
# Load the monitors JSON
with open("/scripts/kitestacks-monitors.json", "r") as f:
monitors = json.load(f)
for monitor in monitors:
name = monitor.get("name")
mtype = monitor.get("type")
try:
if mtype == "http":
url = monitor.get("url")
method = monitor.get("method", "GET").upper()
resp = requests.request(method, url, timeout=10, verify=False)
print(f"[{name}] HTTP {method} {url} -> Status {resp.status_code}")
elif mtype == "tcp":
host = monitor.get("host")
port = monitor.get("port")
result = subprocess.run(["nc", "-zvw3", host, str(port)], capture_output=True)
print(f"[{name}] TCP {host}:{port} -> Returncode {result.returncode}")
elif mtype == "ping":
host = monitor.get("host")
result = subprocess.run(["ping", "-c", "1", host], capture_output=True)
print(f"[{name}] Ping {host} -> Returncode {result.returncode}")
else:
print(f"[{name}] Unknown type: {mtype}")
except Exception as e:
print(f"[{name}] Error: {e}")

0
apps/forgejo/uptime-kuma/uptime-kuma Normal file
View file

0
uptime-kuma/uptime-kuma-deployment.yaml → apps/forgejo/uptime-kuma/uptime-kuma-deployment.yaml
View file

24
apps/forgejo/uptime-kuma/uptime-kuma-ingress.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: uptime-kuma-ingress
namespace: monitoring
annotations:
kubernetes.io/ingress.class: nginx # or your ingress controller name
cert-manager.io/cluster-issuer: letsencrypt-prod # if using cert-manager for TLS
spec:
rules:
- host: status.kitestacks.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: uptime-kuma
port:
number: 3001
tls:
- hosts:
- status.kitestacks.com
secretName: uptime-kuma-tls

BIN
apps/grafana/data/grafana.db Normal file
View file

Binary file not shown.

7
apps/grafana/docker-compose.yml Normal file
View file

@ -0,0 +1,7 @@
services:
grafana:
image: grafana/grafana-oss
container_name: grafana
ports:
- "3150:3000" # host:container
restart: unless-stopped

19
apps/grafana/grafana-networkpolicy.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-grafana-ingress
namespace: monitoring
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: grafana
policyTypes:
- Ingress
ingress:
- from:
- ipBlock:
cidr: 192.168.1.0/24 # replace with your LAN subnet
ports:
- protocol: TCP
port: 3000

0
apps/grafana/test-autosync.txt Normal file
View file

13
apps/homepage-archived-2026-06-07/Dockerfile Normal file
View file

@ -0,0 +1,13 @@
# Use Node.js Alpine base
FROM node:20-alpine
WORKDIR /app
# Copy all homepage files
COPY . /app
# Expose port for the homepage
EXPOSE 8080
# Start the homepage (adjust if your entry point is different)
CMD ["node", "server.js"]

6
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/bookmarks.yaml Normal file
View file

@ -0,0 +1,6 @@
- Social:
- Discord:
- abbr:
href: https://discord.gg/QbdveTb6Kw

0
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/custom.css Normal file
View file

0
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/custom.js Normal file
View file

10
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/docker.yaml Normal file
View file

@ -0,0 +1,10 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
# my-docker:
# socket: /var/run/docker.sock

2
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/kubernetes.yaml Normal file
View file

@ -0,0 +1,2 @@
---
# sample kubernetes config

5
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/proxmox.yaml Normal file
View file

@ -0,0 +1,5 @@
---
# pve:
# url: https://proxmox.host.or.ip:8006
# token: username@pam!Token ID
# secret: secret

90
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/services-live.yaml Normal file
View file

@ -0,0 +1,90 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Management
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Uptime Monitoring
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: AI Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Linkding:
icon: linkding.png
href: https://links.kitestacks.com
description: Bookmark Library
- Code:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- TicketSystem:
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Monitoring Dashboards
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Metrics
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Cluster Platform
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: GitOps Automation
- Cilium:
icon: cilium.png
href: https://cilium.io
description: eBPF Networking
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: PostgreSQL Operator
- Social:
- Discord:
icon: discord.png
href: https://discord.gg
description: Discord

90
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/services.yaml Normal file
View file

@ -0,0 +1,90 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Management
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Uptime Monitoring
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: AI Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Shaarli:
icon: shaarli.png
href: https://links.kitestacks.com
description: Bookmark Library
- Code:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- TicketSystem:
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Monitoring Dashboards
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Metrics
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Cluster Platform
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: GitOps Automation
- Cilium:
icon: cilium.png
href: https://cilium.io
description: eBPF Networking
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: PostgreSQL Operator
- Social:
- Discord:
icon: discord.png
href: https://discord.gg
description: Discord

32
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/settings-live.yaml Normal file
View file

@ -0,0 +1,32 @@
---
title: KiteStacks.AO
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 1
Library:
style: row
columns: 1
Code:
style: row
columns: 1
Projects:
style: row
columns: 1
Monitoring:
style: row
columns: 2
Social:
style: row
columns: 1

32
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/settings.yaml Normal file
View file

@ -0,0 +1,32 @@
---
title: KiteStacks.AO
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 1
Library:
style: row
columns: 1
Code:
style: row
columns: 1
Projects:
style: row
columns: 1
Monitoring:
style: row
columns: 2
Social:
style: row
columns: 1

24
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/widgets-live.yaml Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

24
apps/homepage-archived-2026-06-07/backups/config-before-test-work-2026-06-06-2102/widgets.yaml Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

6
apps/homepage-archived-2026-06-07/config-test/bookmarks.yaml Normal file
View file

@ -0,0 +1,6 @@
- Social:
- Discord:
- abbr:
href: https://discord.gg/QbdveTb6Kw

91
apps/homepage-archived-2026-06-07/config-test/custom.css Normal file
View file

@ -0,0 +1,91 @@
/* ==========================================================
KITESTACKS CYBERPUNK TEST THEME
TEST ONLY
========================================================== */
/* Background */
body {
background: url("/images/cyberpunk-bg.png") center center fixed !important;
background-size: cover !important;
}
/* Remove old injected banner */
body::before,
body::after {
display: none !important;
content: none !important;
}
/* Dark overlay for readability */
body::selection {
background: rgba(56,189,248,0.35);
}
/* Main containers */
div[class*="service"],
div[class*="widget"],
.card,
.service-card {
background: rgba(7,15,30,0.72) !important;
backdrop-filter: blur(10px);
-webkit-backdrop-filter: blur(10px);
border: 1px solid rgba(56,189,248,0.25) !important;
border-radius: 18px !important;
box-shadow:
0 0 15px rgba(56,189,248,0.08),
0 0 30px rgba(56,189,248,0.05) !important;
}
/* Section headers */
h2 {
color: #dbeafe !important;
font-weight: 700 !important;
letter-spacing: 0.03em !important;
text-shadow:
0 0 8px rgba(56,189,248,0.45);
}
/* Search box */
input[type="text"] {
background: rgba(5,10,20,0.75) !important;
border: 1px solid rgba(56,189,248,0.35) !important;
border-radius: 14px !important;
}
/* Widget row */
div[class*="widget"] {
border-radius: 18px !important;
}
/* Hover effects */
a:hover .service-card,
.service-card:hover,
.card:hover {
transform: translateY(-2px);
box-shadow:
0 0 15px rgba(56,189,248,0.25),
0 0 35px rgba(56,189,248,0.18) !important;
transition: all .2s ease;
}
/* Footer */
footer {
backdrop-filter: blur(8px);
}
/* Slightly dim the background for readability */
body::after {
content: "";
position: fixed;
inset: 0;
background: rgba(0,0,20,0.45);
pointer-events: none;
z-index: -1;
}
EOF

31
apps/homepage-archived-2026-06-07/config-test/custom.css.pre-cyberpunk-backup Normal file
View file

@ -0,0 +1,31 @@
body::before {
content: "";
display: block;
height: 155px;
margin: 24px 38px 10px 38px;
background-image: url("/images/kitestacks-logo.png");
background-repeat: no-repeat;
background-position: left center;
background-size: 360px auto;
border-bottom: 2px solid rgba(56, 189, 248, 0.75);
}
body::after {
content: "Personal Infrastructure Platform";
position: absolute;
top: 128px;
left: 185px;
font-size: 15px;
letter-spacing: 0.18em;
text-transform: uppercase;
color: rgba(203, 213, 225, 0.75);
}
.service-card,
div[class*="service"] {
border-radius: 14px !important;
}
h2 {
letter-spacing: -0.02em;
}

0
apps/homepage-archived-2026-06-07/config-test/custom.js Normal file
View file

10
apps/homepage-archived-2026-06-07/config-test/docker.yaml Normal file
View file

@ -0,0 +1,10 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
# my-docker:
# socket: /var/run/docker.sock

BIN
apps/homepage-archived-2026-06-07/config-test/images/cyberpunk-bg.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.4 MiB

BIN
apps/homepage-archived-2026-06-07/config-test/images/kitestacks-icon.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 KiB

BIN
apps/homepage-archived-2026-06-07/config-test/images/kitestacks-logo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7.9 KiB

2
apps/homepage-archived-2026-06-07/config-test/kubernetes.yaml Normal file
View file

@ -0,0 +1,2 @@
---
# sample kubernetes config

5
apps/homepage-archived-2026-06-07/config-test/proxmox.yaml Normal file
View file

@ -0,0 +1,5 @@
---
# pve:
# url: https://proxmox.host.or.ip:8006
# token: username@pam!Token ID
# secret: secret

90
apps/homepage-archived-2026-06-07/config-test/services-live.yaml Normal file
View file

@ -0,0 +1,90 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Management
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Uptime Monitoring
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: AI Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Linkding:
icon: linkding.png
href: https://links.kitestacks.com
description: Bookmark Library
- Code:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- TicketSystem:
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Monitoring Dashboards
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Metrics
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Cluster Platform
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: GitOps Automation
- Cilium:
icon: cilium.png
href: https://cilium.io
description: eBPF Networking
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: PostgreSQL Operator
- Social:
- Discord:
icon: discord.png
href: https://discord.gg
description: Discord

89
apps/homepage-archived-2026-06-07/config-test/services.yaml Normal file
View file

@ -0,0 +1,89 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity & Access
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Control
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Service Health
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Dashboards & Metrics
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Telemetry
- AI & Automation:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Knowledge Base:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Shaarli:
icon: shaarli.png
href: https://links.kitestacks.com
description: Bookmark Library
- Development:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Community:
- Discord:
icon: discord.png
href: https://discord.gg
description: Community Hub
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Coming Soon
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: Coming Soon
- Cilium:
icon: cilium.png
href: https://cilium.io
description: Coming Soon
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: Coming Soon

90
apps/homepage-archived-2026-06-07/config-test/services.yaml.bak Normal file
View file

@ -0,0 +1,90 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Management
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Uptime Monitoring
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: AI Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Shaarli:
icon: shaarli.png
href: https://links.kitestacks.com
description: Bookmark Library
- Code:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- TicketSystem:
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Monitoring Dashboards
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Metrics
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Cluster Platform
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: GitOps Automation
- Cilium:
icon: cilium.png
href: https://cilium.io
description: eBPF Networking
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: PostgreSQL Operator
- Social:
- Discord:
icon: discord.png
href: https://discord.gg
description: Discord

32
apps/homepage-archived-2026-06-07/config-test/settings-live.yaml Normal file
View file

@ -0,0 +1,32 @@
---
title: KiteStacks.AO
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 1
Library:
style: row
columns: 1
Code:
style: row
columns: 1
Projects:
style: row
columns: 1
Monitoring:
style: row
columns: 2
Social:
style: row
columns: 1

37
apps/homepage-archived-2026-06-07/config-test/settings.yaml Normal file
View file

@ -0,0 +1,37 @@
---
title: KiteStacks
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 4
Monitoring:
style: row
columns: 3
AI & Automation:
style: row
columns: 3
Knowledge Base:
style: row
columns: 2
Development:
style: row
columns: 2
Community:
style: row
columns: 1
Future Projects:
style: row
columns: 4

32
apps/homepage-archived-2026-06-07/config-test/settings.yaml.bak Normal file
View file

@ -0,0 +1,32 @@
---
title: KiteStacks.AO
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 1
Library:
style: row
columns: 1
Code:
style: row
columns: 1
Projects:
style: row
columns: 1
Monitoring:
style: row
columns: 2
Social:
style: row
columns: 1

24
apps/homepage-archived-2026-06-07/config-test/widgets-live.yaml Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

24
apps/homepage-archived-2026-06-07/config-test/widgets.yaml Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

24
apps/homepage-archived-2026-06-07/config-test/widgets.yaml.bak Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

6
apps/homepage-archived-2026-06-07/config/bookmarks.yaml Normal file
View file

@ -0,0 +1,6 @@
- Social:
- Discord:
- abbr:
href: https://discord.gg/QbdveTb6Kw

0
apps/homepage-archived-2026-06-07/config/custom.css Normal file
View file

0
apps/homepage-archived-2026-06-07/config/custom.js Normal file
View file

10
apps/homepage-archived-2026-06-07/config/docker.yaml Normal file
View file

@ -0,0 +1,10 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
# my-docker:
# socket: /var/run/docker.sock

2
apps/homepage-archived-2026-06-07/config/kubernetes.yaml Normal file
View file

@ -0,0 +1,2 @@
---
# sample kubernetes config

5
apps/homepage-archived-2026-06-07/config/proxmox.yaml Normal file
View file

@ -0,0 +1,5 @@
---
# pve:
# url: https://proxmox.host.or.ip:8006
# token: username@pam!Token ID
# secret: secret

90
apps/homepage-archived-2026-06-07/config/services-live.yaml Normal file
View file

@ -0,0 +1,90 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Management
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Uptime Monitoring
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: AI Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Linkding:
icon: linkding.png
href: https://links.kitestacks.com
description: Bookmark Library
- Code:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- TicketSystem:
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Monitoring Dashboards
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Metrics
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Cluster Platform
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: GitOps Automation
- Cilium:
icon: cilium.png
href: https://cilium.io
description: eBPF Networking
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: PostgreSQL Operator
- Social:
- Discord:
icon: discord.png
href: https://discord.gg
description: Discord

90
apps/homepage-archived-2026-06-07/config/services.yaml Normal file
View file

@ -0,0 +1,90 @@
- Infrastructure:
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Docker Management
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Cloudflare:
icon: cloudflare.png
href: https://dash.cloudflare.com
description: DNS & Tunnel Management
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Uptime Monitoring
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: Private AI Workspace
- LiteLLM:
icon: si-openai
href: https://llm.kitestacks.com
description: AI Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books, Comics & PDFs
- Shaarli:
icon: shaarli.png
href: https://links.kitestacks.com
description: Bookmark Library
- Code:
- Forgejo:
icon: forgejo.png
href: https://gitforge.kitestacks.com
description: Self-Hosted Git
- TicketSystem:
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- Monitoring:
- Grafana:
icon: grafana.png
href: http://192.168.1.205:3150
description: Monitoring Dashboards
- Prometheus:
icon: prometheus.png
href: http://192.168.1.205:9090
description: Metrics Database
- Node Exporter:
icon: prometheus.png
href: http://192.168.1.205:9100
description: Host Metrics
- Future Projects:
- Kubernetes:
icon: kubernetes.png
href: https://kubernetes.io
description: Cluster Platform
- FluxCD:
icon: flux-cd.png
href: https://fluxcd.io
description: GitOps Automation
- Cilium:
icon: cilium.png
href: https://cilium.io
description: eBPF Networking
- CloudNativePG:
icon: postgresql.png
href: https://cloudnative-pg.io
description: PostgreSQL Operator
- Social:
- Discord:
icon: discord.png
href: https://discord.gg
description: Discord

32
apps/homepage-archived-2026-06-07/config/settings-live.yaml Normal file
View file

@ -0,0 +1,32 @@
---
title: KiteStacks.AO
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 1
Library:
style: row
columns: 1
Code:
style: row
columns: 1
Projects:
style: row
columns: 1
Monitoring:
style: row
columns: 2
Social:
style: row
columns: 1

32
apps/homepage-archived-2026-06-07/config/settings.yaml Normal file
View file

@ -0,0 +1,32 @@
---
title: KiteStacks.AO
theme: dark
color: slate
headerStyle: boxed
hideVersion: true
useEqualHeights: true
layout:
Infrastructure:
style: row
columns: 1
Library:
style: row
columns: 1
Code:
style: row
columns: 1
Projects:
style: row
columns: 1
Monitoring:
style: row
columns: 2
Social:
style: row
columns: 1

24
apps/homepage-archived-2026-06-07/config/widgets-live.yaml Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

24
apps/homepage-archived-2026-06-07/config/widgets.yaml Normal file
View file

@ -0,0 +1,24 @@
---
- resources:
label: System
cpu: true
memory: true
disk: /
- datetime:
text_size: xl
format:
dateStyle: full
timeStyle: short
- openmeteo:
label: Wheaton
latitude: 41.8661
longitude: -88.1065
timezone: America/Chicago
units: imperial
cache: 5
- search:
provider: google
target: _blank

12
apps/homepage-archived-2026-06-07/docker-compose.test.yml Normal file
View file

@ -0,0 +1,12 @@
services:
homepage-test:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage-test
restart: unless-stopped
ports:
- "3007:3000"
environment:
- HOMEPAGE_ALLOWED_HOSTS=localhost:3007,192.168.1.205:3007,www.kitestacks.test.com,kitestacks.test.com
volumes:
- ./config-test:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro

13
apps/homepage-archived-2026-06-07/docker-compose.yml Normal file
View file

@ -0,0 +1,13 @@
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
restart: unless-stopped
ports:
- "3005:3000"
environment:
- HOMEPAGE_ALLOWED_HOSTS=localhost:3005,192.168.1.205:3005,www.kitestacks.com,kitestacks.com,home.kitestacks.com
volumes:
- ./config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro

69
apps/homepage-archived-2026-06-07/services.yaml Normal file
View file

@ -0,0 +1,69 @@
- Infrastructure:
- Homepage:
icon: homepage.png
href: https://www.kitestacks.com
description: Main Dashboard
- Authentik:
icon: authentik.png
href: https://auth.kitestacks.com
description: Identity Provider
- Portainer:
icon: portainer.png
href: https://portainer.kitestacks.com
description: Container Management
- Development:
- Forgejo:
icon: forgejo.png
href: https://git.kitestacks.com
description: Git Repositories
- OpenProject:
icon: openproject.png
href: https://tasks.kitestacks.com
description: Project Management
- AI:
- Kite AI:
icon: open-webui.png
href: https://ai.kitestacks.com
description: AI Workspace
- LiteLLM:
icon: litellm.png
href: https://llm.kitestacks.com
description: Model Gateway
- OpenRouter:
icon: si-openai
href: https://openrouter.ai
description: Hosted AI Models
- Library:
- Kavita:
icon: kavita.png
href: https://kavita.kitestacks.com
description: Books & Documents
- Shaarli:
icon: shaarli.png
href: https://links.kitestacks.com
description: Bookmark Library
- Monitoring:
- Grafana:
icon: grafana.png
href: https://grafana.kitestacks.com
description: Dashboards
- Prometheus:
icon: prometheus.png
href: https://prometheus.kitestacks.com
description: Metrics Collection
- Uptime Kuma:
icon: uptime-kuma.png
href: https://status.kitestacks.com
description: Service Monitoring

0
apps/homepage-archived-2026-06-07/test-autosync.txt Normal file
View file

BIN
apps/homepage-backup-pre-cyberpunk-2026-06-07-0152.tar.gz Normal file
View file

Binary file not shown.

15
apps/kavita/config/appsettings.json Normal file
View file

@ -0,0 +1,15 @@
{
"TokenKey": "0dAB10RcaX3mUwxMGE5pVcauZhDybFyoaPM6bGup5GLTFGq3yO6GFKpsnWCJ2TMS8GT2BpB4cXXc8wqB7mOV14\u002BS3ys5fgb2eWjX31DrmDgfJJYapAFr2Unx\u002BTv5fpeS9TyH\u002BnzAEhISPxXRApn4n6zJ7RUbJ79QEGyX2eKCjxJqsV6xBrHta4weL7zGQmPcWoMswezglOnFMoEYhzURpyVkwl1KeXFnfbdrPuGzcUCtsbdjBoRYXqIn5gcdjDOyrdwAxNT8Of3CGMnYFGLzg0kMIwPzBPqD5nsGXBisHQYEPUSwYsIIGwAfYLV3HtS\u002B\u002BXagEW3pgnbHYljsxSTQ==",
"Port": 5000,
"IpAddresses": "",
"BaseUrl": "/",
"Cache": 75,
"AllowIFraming": false,
"OpenIdConnectSettings": {
"Authority": "https://auth.kitestacks.com/application/o/kavita/",
"ClientId": "kavita",
"Secret": "73038a9414121817852fb59923f7ff3870cc5af78098c09a0311d37a74c663b6a8b266c823db0a812e8e784241ead772",
"CustomScopes": [],
"Enabled": true
}
}

BIN
apps/kavita/config/backups/kavita_backup_v0.9.0.2_06_05_2026_2026-06-05T02_00_06Z.zip Normal file
View file

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more