# raine - home server Home server running on Ubuntu (hostname: `raine`, local IP: `10.0.0.100`). Hosts personal websites, Gitea, and a NAS for local file sharing. ## Architecture ``` Internet │ ▼ ┌─────────────┐ │ Cloudflare │ (terminates TLS, hides home IP) └──────┬──────┘ │ encrypted tunnel │ ▼ ┌─────────────┐ │ cloudflared │ (native systemd service) │ (raine) │ └──────┬──────┘ │ HTTP :80 ▼ ┌─────────────┐ │ Caddy │ (Docker, reverse proxy) │ │ └──┬───┬───┬──┘ │ │ │ oversteep.com│ │ │git.chunli.net │ │ └──────┐ ▼ ▼ ▼ /srv/oversteep.com ┌──────┐ /srv/chunli.net │Gitea │ (Docker, :3000) (static sites) └──────┘ ``` Local-only services (not exposed via tunnel): - **Samba** — serves `/mnt/nas` over the LAN for file sharing between Linux/Mac clients - **SSH** — on port 22, key auth only - **Gitea SSH** — on port 2222, for local git operations ## Services ### Native (systemd) | Service | Purpose | |--------------|--------------------------------------| | cloudflared | Cloudflare tunnel to the internet | | smbd | Samba file sharing on LAN | | ssh | Remote shell access on LAN | ### Docker (managed per-directory) | Service | Directory | Ports | Notes | |---------|----------------|-------------|--------------------------------| | caddy | `./caddy/` | 80, 443 | Reverse proxy, serves sites | | gitea | `./gitea/` | 3000, 2222 | Self-hosted git, SQLite | Each service has its own `compose.yml` for independent management. They communicate over the Docker host network via `host.docker.internal` (configured in caddy's `extra_hosts`). ## Domains | Domain | Points to | |------------------|------------------------------| | oversteep.com | Static site (Madison's) | | chunli.net | Static site (personal) | | git.chunli.net | Gitea via Caddy proxy | All domains go through the Cloudflare tunnel. Cloudflare handles TLS, so Caddy serves plain HTTP internally (the `http://` prefix in the Caddyfile disables Caddy's automatic HTTPS). ## Storage - `/mnt/nas` — 2TB ext4 drive (`sda2`), shared via Samba - Owned by `chun:nas`, mode 775 - Users in the `nas` group have full read/write - Folder layout: `photos/`, `media/`, `files/` - Future: add more drives + mergerfs + snapraid when prices drop ## Backups **Important:** Gitea's `data/` directory contains repos, the SQLite database, and config. It's gitignored but needs a separate backup strategy. (TODO: set up backup scheme) ## Common tasks ```bash # Restart a service cd ~/docker/ docker compose restart # View logs docker logs # Update a service to the latest image cd ~/docker/ docker compose pull docker compose up -d # Check what's running docker ps ``` ## Gotchas - **Caddy can't reach containers in other compose projects via `localhost`.** Use `host.docker.internal:` instead (requires `extra_hosts: ["host.docker.internal:host-gateway"]`). - **Caddy must pass `X-Forwarded-Proto: https`** to Gitea so it generates correct URLs (since Cloudflare terminates TLS, not Caddy). - **Group changes don't apply to existing shell sessions.** After `usermod -aG`, log out and back in. - **NTFS/exFAT drives auto-mount as root.** If you need user-level access, either `sudo` or remount with `uid=1000,gid=1000`.