# KiteStacks Homelab — Master Guide

**Owner:** kenpat  
**Domain:** kitestacks.com  
**Status:** Live and running  
**Last Updated:** 2026-06-19

---

## What Is KiteStacks?

KiteStacks is a self-hosted homelab — a real, production web platform running on two computers
that serves eleven public websites to the internet, 24 hours a day, even when the home machine
is off.

It is not a tutorial project. It is not a demo. It runs at a real domain, with real users,
real uptime monitoring, and real failover. Every service is protected by single sign-on (SSO),
meaning one account unlocks everything. All traffic goes through Cloudflare's global network —
no ports are open on the home router, and the home IP address is never exposed.

### The One-Paragraph Summary

> *KiteStacks is a self-hosted homelab running eleven public-facing services behind Cloudflare
> Tunnel with no open ports on the home router. All logins are handled by Authentik — a
> self-hosted identity provider using OIDC/OAuth2, so one account unlocks every service.
> A Hetzner cloud VPS (kscloud1) acts as a permanent cloud replica: if the home machine (monk)
> goes offline, kscloud1 keeps everything running with zero downtime. Both hosts share a single
> Postgres and Redis database over a private Tailscale VPN, so SSO logins always work regardless
> of which server answers. Monitoring runs via Prometheus, Grafana, Uptime Kuma, and a desktop
> Conky widget that shows live kscloud1 service health at a glance.*

---

## The Two Computers

| Name | What It Is | Role |
|------|-----------|------|
| **monk** | Home PC (ThinkPad T14s) | Development machine. Code and configs are built here, then pushed to kscloud1. |
| **kscloud1** | Hetzner VPS in Germany | Always-live production server. Receives what monk pushes. Stays up even if monk is off. |

A third machine — the **Samurai desktop** — will eventually join as a second home connector,
adding more redundancy when it is running.

---

## The Eleven Public Services

| Service | URL | What It Does |
|---------|-----|-------------|
| **Portal** | www.kitestacks.com | The homepage — links to everything, live system stats |
| **Authentik** | auth.kitestacks.com | SSO login provider — one account for all services |
| **Forgejo** | gitforge.kitestacks.com | Self-hosted Git — stores all code and documentation |
| **Open WebUI** | ai.kitestacks.com | AI chat interface (ChatGPT-style, self-hosted) |
| **Karakeep** | links.kitestacks.com | Bookmark and read-it-later manager |
| **Kavita** | kavita.kitestacks.com | eBook and manga library |
| **Grafana** | grafana.kitestacks.com | Monitoring dashboards — CPU, RAM, network |
| **Uptime Kuma** | status.kitestacks.com | Service uptime status page |
| **BookStack** | wiki.kitestacks.com | Self-hosted wiki and documentation platform |
| **OSTicket** | tasks.kitestacks.com | Help desk and ticket tracking system |
| **Portainer** | portainer.kitestacks.com | Docker container management dashboard |

---

## Navigation

| Section | What Is Inside |
|---------|---------------|
| [architecture/overview.md](architecture/overview.md) | How the whole system is wired together — diagrams, traffic flow |
| [architecture/services.md](architecture/services.md) | Every service: container name, port, volume, command reference |
| [architecture/decisions.md](architecture/decisions.md) | Why each technology was chosen over the alternatives |
| [build-guide/README.md](build-guide/README.md) | How to build this from scratch — choose beginner (AI) or advanced |
| [concepts/docker.md](concepts/docker.md) | What Docker actually is and how containers work |
| [concepts/networking.md](concepts/networking.md) | DNS, ports, TLS, Tailscale, Cloudflare Tunnel, firewalls |
| [concepts/oauth2-oidc.md](concepts/oauth2-oidc.md) | How SSO works — OAuth2, OIDC, JWTs explained simply |
| [concepts/linux.md](concepts/linux.md) | Linux commands, file ownership, sudo, SSH tunnels |
| [certifications/roadmap.md](certifications/roadmap.md) | Cert path to Cloud Engineer — what to study and in what order |
| [interview-prep/explain-the-project.md](interview-prep/explain-the-project.md) | What to say to hiring managers — model answers |
| [learning-path/README.md](learning-path/README.md) | Structured study plan, free resources, daily habits |

---

## Where to Start

**If you want to understand what you built:**
→ [architecture/overview.md](architecture/overview.md)

**If you want to rebuild it from scratch:**
→ [build-guide/README.md](build-guide/README.md) — pick your track

**If you have an interview coming up:**
→ [interview-prep/explain-the-project.md](interview-prep/explain-the-project.md)

**If you want to understand the tech behind it:**
→ Pick a topic in [concepts/](concepts/)

**If you want to know what certifications to study next:**
→ [certifications/roadmap.md](certifications/roadmap.md)

---

## Certification Path

| Cert | Status |
|------|--------|
| CCNA | Networking foundation |
| AWS Solutions Architect Associate | Core cloud cert |
| AWS SysOps Administrator Associate | Operations focus |
| CKA (Kubernetes) | Container orchestration |