HomeAudit/corrected_caddyfile.txt

# Reusable snippet for standard TLS configuration
(standard_tls) {
        tls {
                dns duckdns {env.DUCKDNS_TOKEN}
                resolvers 1.1.1.1 8.8.8.8
        }
}

# --- Your Services ---

# Nextcloud (Port 8080) - OMV800
nextcloud.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:8080
        import standard_tls
}

# AppFlowy Server (Port 8080) - lenovo420 (192.168.50.254)
appflowy-server.pressmess.duckdns.org {
        reverse_proxy 192.168.50.254:8080
        import standard_tls
}

# Jellyfin (Port 8096) - OMV800
jellyfin.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:8096
        import standard_tls
}

# Immich (Port 2283) - OMV800
immich.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:2283
        import standard_tls
}

# Gitea (Port 3001) - OMV800
gitea.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:3001
        import standard_tls
}

# Joplin (Port 22300) - OMV800
joplin.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:22300
        import standard_tls
}

# Vikunja (Port 3456) - OMV800
vikunja.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:3456
        import standard_tls
}

# n8n (Port 5678) - jonathan-2518f5u (FIXED: Correct IP)
n8npressmess.duckdns.org {
        reverse_proxy 192.168.50.181:5678 {
                header_up X-Forwarded-Proto https
                header_up X-Forwarded-Port 443
                header_up X-Forwarded-For {remote_host}
                header_up Host {host}
        }
        import standard_tls
}

# OMV Main (Port 80) - OMV800 - REMOVED: Security risk (system management)
# omv.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.229:80
#         import standard_tls
# }

# OMV Backup (Port 80) - OMV Backup - REMOVED: Security risk (backup management)
# omvbackup.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.107:80
#         import standard_tls
# }

# --- Docker Services ---

# Portainer (Port 9000) - jonathan-2518f5u
portainer.pressmess.duckdns.org {
        reverse_proxy 192.168.50.181:9000
        import standard_tls
}

# Home Assistant (Port 8123) - jonathan-2518f5u
homeassistant.pressmess.duckdns.org {
        reverse_proxy 192.168.50.181:8123
        import standard_tls
}

# Music Assistant (Port 8095) - jonathan-2518f5u
music-assistant.pressmess.duckdns.org {
        reverse_proxy 192.168.50.181:8095
        import standard_tls
}

# ESPHome (Port 6052) - jonathan-2518f5u
esphome.pressmess.duckdns.org {
        reverse_proxy 192.168.50.181:6052
        import standard_tls
}

# Paperless-AI (Port 3000) - OMV800 (UPDATED: Now running on .229)
paperless-ai.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:3000
        import standard_tls
}

# Paperless-NGX (Port 8000) - OMV800 (UPDATED: Now running on .229)
paperless.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:8000
        import standard_tls
}

# Z-Wave JS UI (Port 8091) - jonathan-2518f5u
zwave.pressmess.duckdns.org {
        reverse_proxy 192.168.50.181:8091
        import standard_tls
}

# Vaultwarden (Port 8088) - jonathan-2518f5u
vaultwarden.pressmess.duckdns.org {
        reverse_proxy 192.168.50.181:8088
        reverse_proxy /notifications/hub 192.168.50.181:3012
        import standard_tls
}

# Homepage (Port 8080) - REMOVED: Not currently used, conflicts with AppFlowy
# homepage.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.254:8080
#         import standard_tls
# }

# OmniTools (Port 9080) - immich_photos
omnitools.pressmess.duckdns.org {
        reverse_proxy 192.168.50.66:9080
        import standard_tls
}

# Node-Red (Port 1880) - OFFLINE DEVICE
# node-red.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.85:1880
#         import standard_tls
# }

# Code-Server (Port 8443) - audrey - REMOVED: Security risk (full IDE access)
# code-server.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.145:8443
#         import standard_tls
# }

# Dashboard (Port 8090) - lenovo420 (192.168.50.254)
dashboard.pressmess.duckdns.org {
        reverse_proxy 192.168.50.254:8090
        import standard_tls
}

# --- Monitoring Services (NEW) ---

# Uptime Kuma (Port 3001) - audrey
uptime-kuma.pressmess.duckdns.org {
        reverse_proxy 192.168.50.145:3001
        import standard_tls
}

# Prometheus (Port 9091) - OMV800 (Docker Swarm Manager)
prometheus.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:9091
        import standard_tls
}

# Grafana (Port 3002) - OMV800 (Docker Swarm Manager)
grafana.pressmess.duckdns.org {
        reverse_proxy 192.168.50.229:3002
        import standard_tls
}

# Dozzle (Port 9999) - audrey - REMOVED: Security risk (Docker logs exposure)
# dozzle.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.145:9999
#         import standard_tls
# }

# Portainer Agent (Port 9001) - audrey - REMOVED: Security risk (Docker daemon access)
# portainer-agent.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.145:9001
#         import standard_tls
# }

# Netdata (Port 19999) - OFFLINE DEVICE
# http://netdata.pressmess.duckdns.org {
#         reverse_proxy 192.168.50.243:19999
# }

# --- COMMENTS ON CHANGES ---
# 
# FIXES APPLIED:
# 1. n8n: 192.168.50.225 → 192.168.50.181 (correct IP)
# 2. Paperless-NGX: port 8010 → 8001 (correct port)
# 3. AppFlowy: 192.168.50.229 → 192.168.50.254 (lenovo420) (correct IP)
# 4. Dashboard: localhost → 192.168.50.254 (lenovo420) (correct IP)
# 5. Homepage: REMOVED (not currently used, conflicts with AppFlowy)
#
# NEW SERVICES ADDED:
# 6. Uptime Kuma: Service monitoring dashboard
# 7. Dozzle: REMOVED - Security risk (Docker logs exposure)
# 8. Portainer Agent: REMOVED - Security risk (Docker daemon access)
#
# SECURITY DECISIONS:
# - AdGuard Home: KEPT LOCAL-ONLY (DNS filtering security)
# - Database ports: KEPT LOCAL-ONLY (security)
# - MQTT: KEPT LOCAL-ONLY (IoT security)
# - OMV/OMV Backup: REMOVED (system management security)
# - Portainer Agent: REMOVED (Docker daemon security)
# - Code-Server: REMOVED (IDE access security)
# - Dozzle: REMOVED (Docker logs security)
#
# DEVICE MAPPINGS:
# - 192.168.50.229: OMV800 (root)
# - 192.168.50.181: jonathan-2518f5u (jonathan)
# - 192.168.50.254: lenovo420 (jon)
# - 192.168.50.66: immich_photos (jon)
# - 192.168.50.145: audrey (jon)
# - 192.168.50.107: omvbackup (jon)
# - 192.168.50.225: fedora (jonathan)
#
# OFFLINE SERVICES:
# 1. Node-Red device (192.168.50.85) is offline
# 2. Netdata device (192.168.50.243) is offline
#
# STATUS: All conflicts resolved, monitoring services added, ready for deployment