admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
admin
2025-08-24 11:13:39 -04:00
commit fb869f1131
168 changed files with 47986 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

268
COMPREHENSIVE_SERVICE_INVENTORY.md Normal file
View File

@@ -0,0 +1,268 @@
# Comprehensive Home Lab Service Inventory Report
**Generated:** 2025-08-23
**Total Devices Audited:** 6 out of 7 (1 unreachable)
**Audit Status:** Complete
## Executive Summary
Your home lab infrastructure consists of **6 actively audited devices** running a sophisticated mix of **43 Docker containers** and **dozens of native services**. The infrastructure shows a well-architected approach with centralized storage, distributed monitoring, comprehensive home automation, and development environments.
### Quick Statistics
- **Total Running Containers:** 43 (across 5 hosts)
- **Host-Level Services:** 50+ unique services
- **Web Interfaces:** 15+ admin panels
- **Database Instances:** 6 (PostgreSQL, MariaDB, Redis)
- **Storage Capacity:** 26+ TB (19TB primary + 7.3TB backup)
---
## Host-by-Host Service Breakdown
### 1. OMV800 (192.168.50.229) - Primary Storage & Media Server
**OS:** Debian 12 | **Role:** NAS/Media/Document Hub | **Docker Containers:** 19
#### Docker Services (Running)
| Service | Port | Purpose | Status |
|---------|------|---------|--------|
| AdGuard Home | 53, 3000 | DNS filtering & ad blocking | Running |
| Paperless-NGX | 8010 | Document management | ⚠️ Unhealthy |
| Vikunja | 3456 | Task management | Running |
| PostgreSQL | 5432 | Database for Paperless | ⚠️ Restarting |
| Redis | 6379 | Cache/message broker | Running |
#### Native Services
- **Apache2** - Web server for OMV interface
- **OpenMediaVault** - NAS management
- **Netdata** - System monitoring
- **Tailscale** - VPN mesh networking
- **19TB Storage Array** - Primary file storage
### 2. jonathan-2518f5u (192.168.50.181) - Home Automation Hub
**OS:** Ubuntu 24.04 | **Role:** IoT/Automation Center | **Docker Containers:** 6
#### Docker Services
| Service | Port | Purpose | Status |
|---------|------|---------|--------|
| Home Assistant | 8123 | Smart home automation | Running |
| ESPHome | 6052 | ESP device management | Running |
| Paperless-NGX | 8001 | Document processing | Running |
| Paperless-AI | 3000 | AI-enhanced docs | Running |
| Portainer | 9000 | Container management | Running |
| Redis | 6379 | Data broker | Running |
#### Native Services
- **Netdata** (Port 19999) - System monitoring
- **iPerf3** - Network testing
- **Auditd** - Security monitoring
- **Smartmontools** - Disk health monitoring
- **NFS Client** - Storage access to OMV800
### 3. surface (192.168.50.254) - Development & Web Services
**OS:** Ubuntu 24.04 | **Role:** Development/Collaboration | **Docker Containers:** 7
#### Docker Services (AppFlowy Stack)
| Service | Port | Purpose | Status |
|---------|------|---------|--------|
| AppFlowy Cloud | 8000 | Collaboration platform API | Running |
| AppFlowy Web | 80 | Web interface | Running |
| GoTrue | - | Authentication service | Running |
| PostgreSQL | 5432 | AppFlowy database | Running |
| Redis | 6379 | Session cache | Running |
| Nginx | 8080, 8443 | Reverse proxy | Running |
| MinIO | - | Object storage | Running |
#### Native Services
- **Apache HTTP Server** (Port 8888) - Web server
- **MariaDB** (Port 3306) - Database server
- **Caddy** (Port 80, 443) - Reverse proxy
- **PHP 8.2 FPM** - PHP processing
- **Ollama** (Port 11434) - Local LLM service
- **Netdata** (Port 19999) - Monitoring
- **CUPS** - Printing service
- **GNOME Remote Desktop** - Remote access
### 4. raspberrypi (192.168.50.107) - Backup NAS
**OS:** Debian 12 | **Role:** Backup Storage | **Docker Containers:** 0
#### Native Services Only
- **OpenMediaVault** - NAS management interface
- **NFS Server** - Network file sharing (multiple exports)
- **Samba/SMB** (Ports 139, 445) - Windows file sharing
- **Nginx** (Port 80) - OMV web interface
- **Netdata** (Port 19999) - System monitoring
- **Orb** (Port 7443) - Custom service
- **RAID 1 Array** - 7.3TB backup storage
#### Storage Exports
- `/export/audrey_backup`
- `/export/surface_backup`
- `/export/omv800_backup`
- `/export/fedora_backup`
### 5. fedora (192.168.50.225) - Development Workstation
**OS:** Fedora 42 | **Role:** Development | **Docker Containers:** 1
#### Docker Services
| Service | Port | Purpose | Status |
|---------|------|---------|--------|
| Portainer Agent | 9001 | Container monitoring | ⚠️ Restarting |
#### Native Services
- **Netdata** (Port 19999) - System monitoring
- **Tailscale** - VPN client
- **Nextcloud WebDAV mount** - Cloud storage access
- **GNOME Desktop** - GUI workstation environment
### 6. audrey (192.168.50.145) - Monitoring Hub
**OS:** Ubuntu 24.04 | **Role:** Monitoring/Admin | **Docker Containers:** 4
#### Docker Services
| Service | Port | Purpose | Status |
|---------|------|---------|--------|
| Portainer Agent | 9001 | Container management | Running |
| Dozzle | 9999 | Docker log viewer | Running |
| Uptime Kuma | 3001 | Service uptime monitoring | Running |
| Code Server | 8443 | Web-based VS Code | Running |
#### Native Services
- **Orb** (Port 7443) - Custom monitoring
- **Tailscale** - VPN mesh networking
- **Fail2ban** - Intrusion prevention
- **NFS Client** - Backup storage access
---
## Network Architecture & Port Summary
### Administrative Interfaces
- **9000** - Portainer (central container management)
- **9001** - Portainer Agents (distributed)
- **3001** - Uptime Kuma (service monitoring)
- **9999** - Dozzle (log aggregation)
- **19999** - Netdata (system monitoring on 4 hosts)
### Home Automation & IoT
- **8123** - Home Assistant (smart home hub)
- **6052** - ESPHome (ESP device management)
- **7443** - Orb sensors (custom monitoring)
### Development & Productivity
- **8443** - Code Server & AppFlowy HTTPS
- **8000** - AppFlowy Cloud API
- **11434** - Ollama (local AI/LLM)
- **3000** - Paperless-AI, AppFlowy Auth
### Document Management
- **8001** - Paperless-NGX (jonathan-2518f5u)
- **8010** - Paperless-NGX (OMV800) ⚠️
- **3456** - Vikunja (task management)
### Database Services
- **5432** - PostgreSQL (surface, OMV800)
- **3306** - MariaDB (surface)
- **6379** - Redis (multiple hosts)
### File Sharing & Storage
- **80** - Nginx/OMV interfaces
- **139/445** - Samba/SMB (raspberrypi)
- **2049** - NFS server (raspberrypi)
---
## Installed But Not Running Services
### Package Analysis Summary
Based on package inventories across all hosts:
#### Security Tools (Installed)
- **AIDE** - Advanced Intrusion Detection (OMV800)
- **Fail2ban** - Available on most hosts
- **AppArmor** - Security framework (Ubuntu hosts)
- **Auditd** - Security auditing (audrey, jonathan-2518f5u)
#### Development Tools
- **Apache2** - Installed but not primary on some hosts
- **PHP** versions - Available across multiple hosts
- **Git, build tools** - Standard development stack
- **Docker/Podman** - Container runtimes
#### System Administration
- **Anacron** - Alternative to cron (all hosts)
- **APT tools** - Package management utilities
- **CUPS** - Printing system (available but not always active)
---
## Infrastructure Patterns & Architecture
### 1. **Centralized Storage with Distributed Access**
- **Primary:** OMV800 (19TB) serves files via NFS/SMB
- **Backup:** raspberrypi (7.3TB RAID-1) for redundancy
- **Access:** All hosts mount NFS shares for data access
### 2. **Layered Monitoring Architecture**
- **System Level:** Netdata on 4 hosts
- **Service Level:** Uptime Kuma for availability monitoring
- **Container Level:** Dozzle for log aggregation
- **Application Level:** Custom Orb sensors
### 3. **Hybrid Container Management**
- **Central Control:** Portainer on jonathan-2518f5u
- **Distributed Agents:** Portainer agents on remote hosts
- **Container Distribution:** Services spread based on resource needs
### 4. **Security Mesh Network**
- **Tailscale VPN:** Secure mesh networking across all hosts
- **Segmented Access:** Different hosts serve different functions
- **Monitoring:** Comprehensive logging and intrusion detection
### 5. **Home Automation Integration**
- **Central Hub:** Home Assistant with ESPHome integration
- **Storage Integration:** Document processing with NFS backend
- **Monitoring Integration:** Custom sensors feeding into monitoring stack
---
## Security Assessment
### ✅ Security Strengths
- SSH root disabled on 4/6 hosts
- Tailscale mesh VPN implemented
- Comprehensive monitoring and logging
- Regular security updates (recent package versions)
- Fail2ban intrusion prevention deployed
### ⚠️ Security Concerns
- **OMV800** & **raspberrypi**: SSH root login enabled
- Some containers showing health issues (PostgreSQL restarts)
- UFW firewall inactive on some hosts
- Failed SSH attempts logged on surface and audrey
### 🔧 Recommended Actions
1. Disable SSH root on OMV800 and raspberrypi
2. Enable UFW firewall on Ubuntu hosts
3. Investigate container health issues
4. Review SSH access logs for patterns
5. Consider centralizing authentication
---
## Summary & Recommendations
Your home lab demonstrates **sophisticated infrastructure management** with well-thought-out service distribution. The combination of centralized storage, distributed monitoring, comprehensive home automation, and development services creates a highly functional environment.
### Key Strengths
- **Comprehensive monitoring** across all layers
- **Redundant storage** with backup strategies
- **Service distribution** optimized for resources
- **Modern containerized** applications
- **Integrated automation** with document management
### Optimization Opportunities
1. **Health Monitoring:** Address container restart issues on OMV800
2. **Security Hardening:** Standardize SSH and firewall configurations
3. **Backup Automation:** Enhance the existing backup infrastructure
4. **Resource Optimization:** Consider workload balancing across hosts
5. **Documentation:** Maintain service dependency mapping
**Total Unique Services Identified:** 60+ distinct services across containerized and native deployments.