Initial commit

README.md

@@ -0,0 +1,135 @@
+# Homelab Setup (Vaultwarden + 2FAuth + Caddy + DuckDNS)
+
+This repository contains the configuration for my personal homelab stack, including:
+
+- **Vaultwarden** – self-hosted password manager (Bitwarden-compatible)
+- **2FAuth** – self-hosted two-factor authentication manager
+- **Caddy** – reverse proxy with automatic HTTPS via DuckDNS (DNS-01)
+- **DuckDNS Updater** – updates my dynamic IP address automatically
+
+The setup is built with Docker Compose and is designed to be simple, secure, and easy to maintain.
+
+## Directory Structure
+
+```bash
+.
+├── duckdns
+│   ├── duck.log        # Log file for DuckDNS updates
+│   └── duck.sh         # DuckDNS update script (runs via cron)
+└── homelab
+    ├── Caddyfile       # Reverse proxy configuration for Caddy
+    └── compose.yml     # Docker Compose stack for Vaultwarden + 2FAuth + Caddy
+```
+
+## Secrets and Environment Variables
+
+Before deploying, you **must** replace all placeholder values in the config files.
+
+- `https://vault.example.com` and `vault.example.com` → your Vaultwarden domain
+- `https://auth.example.com` and `auth.example.com` → your 2FAuth domain
+- `admin@example.com` → your email address (used by Caddy / Let’s Encrypt and 2FAuth)
+- `TOKEN` → your DuckDNS token
+- `SomeRandomStringOf32CharsExactly` → a **32-character** random string for `APP_KEY`
+
+## DuckDNS Dynamic DNS Updater
+
+The `duckdns/duck.sh` script updates all DuckDNS domains used by the homelab. It always logs to `duckdns/duck.log`.
+
+### Run manually
+
+```bash
+cd duckdns
+./duck.sh
+```
+
+### Cron to run periodically (recommended)
+
+```bash
+cd duckdns
+chmod 700 duck.sh
+crontab -e
+```
+
+Add:
+
+```bash
+*/5 * * * * /path/to/duckdns/duck.sh >/dev/null 2>&1
+```
+
+This ensures your DuckDNS domains always point to your current IP.
+
+## Homelab Stack (Docker Compose)
+
+The **homelab/** folder contains:
+
+- `compose.yml` – runs Vaultwarden, 2FAuth, and Caddy
+- `Caddyfile` – defines routing for:
+  - `https://<vault-domain>` → Vaultwarden
+  - `https://<auth-domain>` → 2FAuth
+
+### Start the stack
+
+```bash
+cd homelab
+docker compose up -d
+```
+
+### Stop the stack
+
+```bash
+cd homelab
+docker compose down
+```
+
+### View logs
+
+```bash
+docker logs caddy -f
+docker logs vaultwarden -f
+docker logs 2fauth -f
+```
+
+### Auto-start on system boot
+
+The containers already use:
+
+```yml
+restart: always
+```
+
+But remember to enable Docker on startup:
+
+```bash
+sudo systemctl enable docker
+```
+
+### Set correct permissions for volumes (optional)
+
+Run:
+
+```bash
+sudo chown -R 1000:1000 homelab/vaultwarden
+sudo chmod -R 755 homelab/vaultwarden
+
+sudo chown -R 1000:1000 homelab/2fauth
+sudo chmod -R 755 homelab/2fauth
+```
+
+Then restart the containers:
+
+```bash
+cd homelab
+docker compose restart vaultwarden 2fauth
+```
+
+## Updating
+
+To update to the latest versions:
+
+```bash
+cd homelab
+docker compose pull
+docker compose up -d
+```
+
+This will refresh all Docker images with zero downtime.