# ๐Ÿ—๏ธ Complete Homelab Rebuild Guide - From Hardware to Services **๐Ÿ”ด Advanced Guide - Complete Infrastructure Rebuild** This guide provides step-by-step instructions for rebuilding the entire homelab infrastructure from scratch, including hardware setup, network configuration, and service deployment. Use this guide for complete disaster recovery or when setting up a new homelab. ## ๐Ÿ“‹ Prerequisites & Planning ### **Required Hardware Inventory** Before starting, ensure you have all hardware components: #### **Primary Infrastructure** - [ ] **Synology DS1823xs+** (8-bay NAS) - [ ] **8x Seagate IronWolf Pro 16TB** (ST16000NT001) - [ ] **2x Crucial P310 1TB NVMe** (CT1000P310SSD801) - [ ] **1x Synology SNV5420-400G NVMe** - [ ] **Synology E10M20-T1** (10GbE + M.2 adapter) - [ ] **TP-Link TL-SX1008** (10GbE switch) - [ ] **TP-Link Archer BE800** (Wi-Fi 7 router) #### **Compute Infrastructure** - [ ] **Intel NUC6i3SYB** (Concord NUC) - [ ] **Raspberry Pi 5 16GB** (with PiRonMan case) - [ ] **Raspberry Pi 5 8GB** (Kevin) - [ ] **NVIDIA Shield TV Pro** (travel device) - [ ] **MSI Prestige 13 AI Plus** (travel laptop) #### **Network & Power** - [ ] **UPS system** (1500VA minimum) - [ ] **Ethernet cables** (Cat6/Cat6a for 10GbE) - [ ] **Power cables and adapters** - [ ] **HDMI cables** (for initial setup) ### **Required Software & Accounts** - [ ] **Synology DSM** (latest version) - [ ] **Docker** and **Docker Compose** - [ ] **Tailscale account** (for VPN mesh) - [ ] **Domain registration** (for external access) - [ ] **Email account** (for SMTP notifications) - [ ] **Cloud storage** (for offsite backups) --- ## ๐ŸŒ Phase 1: Network Infrastructure Setup (Day 1) ### **Step 1: Router Configuration** #### **TP-Link Archer BE800 Setup** ```bash # 1. Physical connections # - Connect modem to WAN port # - Connect computer to LAN port 1 # - Power on router and wait 2-3 minutes # 2. Initial access # Open browser: http://192.168.0.1 or http://tplinkwifi.net # Default login: admin/admin # 3. Basic configuration # - Set admin password (store in password manager) # - Configure internet connection (DHCP/Static/PPPoE) # - Set WiFi SSID: "Vish-Homelab-5G" and "Vish-Homelab-2.4G" # - Set WiFi password (WPA3, strong password) # 4. Network settings # - Change LAN subnet to 192.168.1.0/24 # - Set DHCP range: 192.168.1.100-192.168.1.200 # - Set DNS servers: 1.1.1.1, 8.8.8.8 # - Enable UPnP (for media services) # - Disable WPS (security) ``` #### **Static IP Reservations** ```bash # Configure DHCP reservations for all devices # Router > Advanced > Network > DHCP Server > Address Reservation # Primary Infrastructure atlantis.vish.local โ†’ 192.168.1.100 # DS1823xs+ calypso.vish.local โ†’ 192.168.1.101 # DS723+ (if present) setillo.vish.local โ†’ 192.168.1.108 # Monitoring NAS # Compute Hosts concord-nuc.vish.local โ†’ 192.168.1.102 # Intel NUC homelab-vm.vish.local โ†’ 192.168.1.103 # Proxmox VM chicago-vm.vish.local โ†’ 192.168.1.104 # Gaming VM bulgaria-vm.vish.local โ†’ 192.168.1.105 # Communication VM # Physical Hosts anubis.vish.local โ†’ 192.168.1.106 # Mac Mini guava.vish.local โ†’ 192.168.1.107 # AMD Workstation shinku-ryuu.vish.local โ†’ 192.168.1.120 # Main Desktop # Edge Devices rpi-vish.vish.local โ†’ 192.168.1.109 # Raspberry Pi 5 (16GB) rpi-kevin.vish.local โ†’ 192.168.1.110 # Raspberry Pi 5 (8GB) nvidia-shield.vish.local โ†’ 192.168.1.111 # NVIDIA Shield TV Pro # Travel Devices msi-laptop.vish.local โ†’ 192.168.1.115 # MSI Prestige 13 AI Plus ``` ### **Step 2: 10 Gigabit Network Setup** #### **TP-Link TL-SX1008 Configuration** ```bash # 1. Physical setup # - Connect TL-SX1008 to router LAN port via 1GbE # - Power on switch # - No configuration needed (unmanaged switch) # 2. Device connections (as devices come online) # Port 1: Atlantis (via E10M20-T1 card) # Port 2: Calypso (via PCIe 10GbE card) # Port 3: Shinku-Ryuu (via PCIe 10GbE card) # Port 4: Guava (via PCIe 10GbE card) # Ports 5-8: Available for future expansion ``` ### **Step 3: DNS and Domain Setup** #### **Dynamic DNS Configuration** ```bash # 1. Choose DDNS provider (Synology, No-IP, DuckDNS) # 2. Register domain: vishinator.synology.me (or custom domain) # 3. Configure in router: # - Advanced > Dynamic DNS # - Provider: Synology # - Hostname: vishinator.synology.me # - Username/Password: "REDACTED_PASSWORD" account credentials # 4. Test DDNS # Wait 10 minutes, then test: nslookup vishinator.synology.me # Should return your external IP address ``` --- ## ๐Ÿ›๏ธ Phase 2: Primary NAS Setup (Day 1-2) ### **Step 1: Synology DS1823xs+ Hardware Assembly** #### **Drive Installation** ```bash # 1. Unpack DS1823xs+ and drives # 2. Install drives in order (for RAID consistency): # Bay 1: Seagate IronWolf Pro 16TB #1 # Bay 2: Seagate IronWolf Pro 16TB #2 # Bay 3: Seagate IronWolf Pro 16TB #3 # Bay 4: Seagate IronWolf Pro 16TB #4 # Bay 5: Seagate IronWolf Pro 16TB #5 # Bay 6: Seagate IronWolf Pro 16TB #6 # Bay 7: Seagate IronWolf Pro 16TB #7 # Bay 8: Seagate IronWolf Pro 16TB #8 # 3. Install M.2 drives: # Slot 1: Crucial P310 1TB #1 # Slot 2: Crucial P310 1TB #2 # 4. Install expansion card: # PCIe Slot 1: Synology E10M20-T1 # E10M20-T1 M.2 Slot: Synology SNV5420-400G # 5. Install RAM upgrade: # - Remove existing 4GB module # - Install 32GB DDR4 ECC module ``` #### **Network Connections** ```bash # 1. Primary connections: # - LAN 1: Connect to router (1GbE management) # - LAN 2: Available for bonding/backup # - 10GbE: Connect to TL-SX1008 switch # 2. Power connection: # - Connect 180W power adapter # - Connect to UPS if available ``` ### **Step 2: DSM Installation and Initial Setup** #### **DSM Installation** ```bash # 1. Power on DS1823xs+ # 2. Wait for boot (2-3 minutes, listen for beep) # 3. Find NAS on network: # - Use Synology Assistant (download from synology.com) # - Or browse to http://find.synology.com # - Or direct IP: http://192.168.1.100 # 4. DSM Installation: # - Download latest DSM for DS1823xs+ # - Upload .pat file during setup # - Follow installation wizard # - Create admin account (store credentials securely) ``` #### **Basic DSM Configuration** ```bash # 1. Network settings: # - Control Panel > Network > Network Interface # - Set static IP: 192.168.1.100 # - Subnet: 255.255.255.0 # - Gateway: 192.168.1.1 # - DNS: 1.1.1.1, 8.8.8.8 # 2. Time and region: # - Control Panel > Regional Options # - Time zone: America/Los_Angeles # - NTP server: pool.ntp.org # 3. Notifications: # - Control Panel > Notification > Email # - SMTP server: smtp.gmail.com:587 # - Configure email notifications for critical events ``` ### **Step 3: Storage Configuration** #### **RAID Array Setup** ```bash # 1. Storage Manager > Storage > Create # 2. Choose RAID type: # - RAID 6: Best balance of capacity and redundancy # - Can survive 2 drive failures # - Usable capacity: ~96TB (6 drives worth) # 3. Volume creation: # - Create Volume 1 on RAID array # - File system: Btrfs (for snapshots and data integrity) # - Enable data checksum # - Enable compression (if desired) ``` #### **M.2 Storage Configuration** ```bash # CRITICAL: Install 007revad scripts FIRST # SSH to NAS as admin user # 1. Download and install scripts: cd /volume1 git clone https://github.com/007revad/Synology_HDD_db.git git clone https://github.com/007revad/Synology_M2_volume.git git clone https://github.com/007revad/Synology_enable_M2_volume.git # 2. Run HDD database script: cd Synology_HDD_db sudo ./syno_hdd_db.sh # This adds IronWolf Pro drives to compatibility database # 3. Enable M.2 volume support: cd ../Synology_enable_M2_volume sudo ./syno_enable_m2_volume.sh # 4. Create M.2 volumes: cd ../Synology_M2_volume sudo ./syno_m2_volume.sh # 5. Configure M.2 storage: # Storage Manager > Storage > Create # - Volume 2: Crucial P310 drives in RAID 1 (high-performance storage) # - Volume 3: Synology SNV5420 (cache and metadata) ``` ### **Step 4: Essential Services Setup** #### **Docker Installation** ```bash # 1. Package Center > Search "Docker" # 2. Install Docker package # 3. Enable SSH (Control Panel > Terminal & SNMP > Enable SSH) # 4. SSH to NAS and verify Docker: ssh admin@192.168.1.100 docker --version docker-compose --version ``` #### **File Sharing Setup** ```bash # 1. Create shared folders: # Control Panel > Shared Folder > Create # Essential folders: # - docker (for container data) # - media (for Plex library) # - documents (for Paperless-NGX) # - backups (for system backups) # - homes (for user directories) # 2. Set permissions: # - admin: Read/Write access to all folders # - Create service accounts as needed ``` --- ## ๐Ÿ”ง Phase 3: Core Services Deployment (Day 2-3) ### **Step 1: Infrastructure Services** #### **Portainer (Container Management)** ```bash # 1. Create Portainer directory: mkdir -p /volume1/docker/portainer # 2. Deploy Portainer: docker run -d \ --name portainer \ --restart always \ -p 9000:9000 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /volume1/docker/portainer:/data \ portainer/portainer-ce:latest # 3. Access: http://192.168.1.100:9000 # 4. Create admin account # 5. Connect to local Docker environment ``` #### **Watchtower (Auto-Updates)** ```bash # Deploy Watchtower for automatic container updates: docker run -d \ --name watchtower \ --restart always \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower \ --schedule "0 0 4 * * *" \ --cleanup ``` ### **Step 2: Security Services** #### **Vaultwarden (Password Manager)** ```bash # 1. Create directory structure: mkdir -p /volume2/metadata/docker/vaultwarden/{data,db} # 2. Deploy using the commented configuration: # Copy /workspace/project/homelab/Atlantis/vaultwarden.yaml # Update passwords and tokens # Deploy: docker-compose -f vaultwarden.yaml up -d # 3. Initial setup: # - Access http://192.168.1.100:4080 # - Create first user account # - Configure admin panel with admin token ``` #### **Pi-hole (DNS Filtering)** ```bash # 1. Create Pi-hole directory: mkdir -p /volume1/docker/pihole/{etc,dnsmasq} # 2. Deploy Pi-hole: docker run -d \ --name pihole \ --restart always \ -p 53:53/tcp -p 53:53/udp \ -p 8080:80 \ -e TZ=America/Los_Angeles \ -e WEBPASSWORD="REDACTED_PASSWORD" \ -v /volume1/docker/pihole/etc:/etc/pihole \ -v /volume1/docker/pihole/dnsmasq:/etc/dnsmasq.d \ pihole/pihole:latest # 3. Configure router to use Pi-hole: # Router DNS: 192.168.1.100 ``` ### **Step 3: Monitoring Stack** #### **Grafana and Prometheus** ```bash # 1. Create monitoring directories: mkdir -p /volume1/docker/{grafana,prometheus} # 2. Deploy monitoring stack: # Copy monitoring-stack.yaml from homelab repo # Update configurations # Deploy: docker-compose -f monitoring-stack.yaml up -d # 3. Configure dashboards: # - Import Synology dashboard # - Configure data sources # - Set up alerting ``` #### **Uptime Kuma (Service Monitoring)** ```bash # 1. Deploy Uptime Kuma: docker run -d \ --name uptime-kuma \ --restart always \ -p 3001:3001 \ -v /volume1/docker/uptime-kuma:/app/data \ louislam/uptime-kuma:1 # 2. Configure monitoring: # - Add all critical services # - Set up notifications # - Configure status page ``` --- ## ๐Ÿ“บ Phase 4: Media Services (Day 3-4) ### **Step 1: Plex Media Server** ```bash # 1. Create Plex directories: mkdir -p /volume1/docker/plex mkdir -p /volume1/data/media/{movies,tv,music,photos} # 2. Deploy Plex using commented configuration: # Copy plex.yaml from homelab repo # Update PUID/PGID and timezone # Deploy: docker-compose -f plex.yaml up -d # 3. Initial setup: # - Access http://192.168.1.100:32400/web # - Claim server with Plex account # - Add media libraries # - Configure hardware transcoding ``` ### **Step 2: Media Management (Arr Suite)** ```bash # 1. Deploy Arr suite services: # - Sonarr (TV shows) # - Radarr (Movies) # - Prowlarr (Indexer management) # - SABnzbd (Download client) # 2. Configure each service: # - Set up indexers in Prowlarr # - Configure download clients # - Set up media folders # - Configure quality profiles ``` ### **Step 3: Photo Management** ```bash # 1. Deploy Immich (if using): # Copy immich configuration # Set up database and Redis # Configure storage paths # 2. Alternative: PhotoPrism # Deploy PhotoPrism container # Configure photo directories # Set up face recognition ``` --- ## ๐ŸŒ Phase 5: Network Services (Day 4-5) ### **Step 1: VPN Setup** #### **Tailscale Mesh VPN** ```bash # 1. Install Tailscale on NAS: # Download Tailscale package for Synology # Install via Package Center or manual installation # 2. Configure Tailscale: sudo tailscale up --advertise-routes=192.168.1.0/24 # Approve subnet routes in Tailscale admin console # 3. Install on all devices: # - Concord NUC # - Raspberry Pi nodes # - NVIDIA Shield # - Travel devices ``` #### **WireGuard (Alternative/Backup VPN)** ```bash # 1. Deploy WireGuard container: docker run -d \ --name wireguard \ --restart always \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ -e PUID=1029 \ -e PGID=65536 \ -e TZ=America/Los_Angeles \ -p 51820:51820/udp \ -v /volume1/docker/wireguard:/config \ -v /lib/modules:/lib/modules \ linuxserver/wireguard # 2. Configure port forwarding: # Router: External 51820/UDP โ†’ 192.168.1.100:51820 ``` ### **Step 2: Reverse Proxy** #### **Nginx Proxy Manager** ```bash # 1. Deploy Nginx Proxy Manager: docker run -d \ --name nginx-proxy-manager \ --restart always \ -p 8341:80 \ -p 8766:443 \ -p 8181:81 \ -v /volume1/docker/nginx-proxy-manager:/data \ -v /volume1/docker/nginx-proxy-manager/letsencrypt:/etc/letsencrypt \ jc21/nginx-proxy-manager:latest # 2. Configure SSL certificates: # - Set up Let's Encrypt # - Configure proxy hosts # - Set up access lists ``` --- ## ๐Ÿ–ฅ๏ธ Phase 6: Compute Nodes Setup (Day 5-6) ### **Step 1: Intel NUC (Concord)** #### **Operating System Installation** ```bash # 1. Create Ubuntu 22.04 LTS installation media # 2. Boot from USB and install Ubuntu # 3. Configure network: sudo netplan apply # Set static IP: 192.168.1.102 # 4. Install Docker: curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo usermod -aG docker $USER # 5. Install Docker Compose: sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose ``` #### **Home Assistant Setup** ```bash # 1. Create Home Assistant directory: mkdir -p ~/docker/homeassistant # 2. Deploy Home Assistant: docker run -d \ --name homeassistant \ --restart always \ --privileged \ --net=host \ -e TZ=America/Los_Angeles \ -v ~/docker/homeassistant:/config \ ghcr.io/home-assistant/home-assistant:stable # 3. Access: http://192.168.1.102:8123 ``` ### **Step 2: Raspberry Pi Cluster** #### **Pi-5 (Vish) Setup** ```bash # 1. Flash Raspberry Pi OS Lite (64-bit) # 2. Enable SSH and configure WiFi # 3. Boot and configure: sudo raspi-config # - Enable SSH # - Set timezone # - Expand filesystem # 4. Install Docker: curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo usermod -aG docker pi # 5. Install Tailscale: curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up ``` #### **Pi-5-Kevin Setup** ```bash # Follow same process as Pi-5 (Vish) # Configure as secondary node # Set static IP: 192.168.1.110 ``` --- ## ๐Ÿ“ฑ Phase 7: Edge and Travel Devices (Day 6-7) ### **Step 1: NVIDIA Shield TV Pro** #### **Initial Setup** ```bash # 1. Connect to TV and complete Android TV setup # 2. Enable Developer Options: # Settings > Device Preferences > About # Click "Build" 7 times # 3. Enable USB Debugging: # Settings > Device Preferences > Developer Options # Enable "USB Debugging" # 4. Install Tailscale: # - Download Tailscale APK # - Install via file manager or ADB # - Configure with homelab tailnet ``` #### **Media Apps Configuration** ```bash # 1. Install Plex app from Play Store # 2. Configure Plex server connection: # Server: atlantis.vish.local:32400 # Or Tailscale IP: 100.83.230.112:32400 # 3. Install additional apps: # - VLC Media Player # - Chrome Browser # - Termux (for SSH access) ``` ### **Step 2: MSI Prestige 13 AI Plus** #### **Tailscale Setup** ```bash # 1. Download and install Tailscale for Windows # 2. Sign in with homelab account # 3. Configure as exit node (optional): # Tailscale > Settings > Use as exit node # 4. Test connectivity: ping atlantis.vish.local ping 100.83.230.112 ``` #### **Development Environment** ```bash # 1. Install WSL2: wsl --install Ubuntu-22.04 # 2. Configure WSL2: # - Install Docker Desktop # - Enable WSL2 integration # - Install development tools # 3. SSH key setup: ssh-keygen -t ed25519 -C "msi-laptop@homelab" # Copy public key to homelab hosts ``` --- ## ๐Ÿ”„ Phase 8: Backup and Monitoring (Day 7) ### **Step 1: Backup Configuration** #### **Local Backups** ```bash # 1. Configure Synology backup tasks: # Control Panel > Task Scheduler > Create > Backup # 2. Critical backup jobs: # - Docker configurations (daily) # - Database backups (daily) # - System configurations (weekly) # - Media metadata (weekly) # 3. Backup verification: # - Test restore procedures # - Verify backup integrity # - Document recovery procedures ``` #### **Offsite Backups** ```bash # 1. Configure cloud backup: # - Synology C2 Backup # - Or AWS S3/Glacier # - Or Google Drive/OneDrive # 2. Encrypt sensitive backups: # - Use Synology encryption # - Or GPG encryption for scripts # - Store encryption keys securely ``` ### **Step 2: Monitoring Setup** #### **Service Monitoring** ```bash # 1. Configure Uptime Kuma monitors: # - All critical services # - Network connectivity # - Certificate expiration # - Disk space usage # 2. Set up notifications: # - Email alerts # - Discord/Slack webhooks # - SMS for critical alerts ``` #### **Performance Monitoring** ```bash # 1. Configure Grafana dashboards: # - System performance # - Network utilization # - Service health # - Storage usage # 2. Set up alerting rules: # - High CPU/memory usage # - Disk space warnings # - Service failures # - Network issues ``` --- ## ๐Ÿงช Phase 9: Testing and Validation (Day 8) ### **Step 1: Service Testing** #### **Connectivity Tests** ```bash # 1. Internal network tests: ping atlantis.vish.local ping concord-nuc.vish.local ping rpi-vish.vish.local # 2. Service accessibility tests: curl -I http://atlantis.vish.local:32400 # Plex curl -I http://atlantis.vish.local:9000 # Portainer curl -I http://atlantis.vish.local:4080 # Vaultwarden # 3. External access tests: # Test from mobile device or external network # Verify VPN connectivity # Test domain resolution ``` #### **Performance Tests** ```bash # 1. Network performance: iperf3 -s # On server iperf3 -c atlantis.vish.local # From client # 2. Storage performance: dd if=/dev/zero of=/volume1/test bs=1M count=1000 rm /volume1/test # 3. Media streaming tests: # Test Plex transcoding # Verify hardware acceleration # Test multiple concurrent streams ``` ### **Step 2: Disaster Recovery Testing** #### **Backup Restoration Tests** ```bash # 1. Test configuration restore: # - Stop a service # - Restore from backup # - Verify functionality # 2. Test database restore: # - Create test database backup # - Restore to different location # - Verify data integrity # 3. Test complete service rebuild: # - Remove service completely # - Rebuild from documentation # - Restore data from backup ``` #### **Failover Tests** ```bash # 1. Network failover: # - Disconnect primary network # - Test Tailscale connectivity # - Verify service accessibility # 2. Power failure simulation: # - Graceful shutdown test # - UPS functionality test # - Startup sequence verification # 3. Drive failure simulation: # - Remove one drive from RAID # - Verify RAID degraded mode # - Test rebuild process ``` --- ## ๐Ÿ“š Phase 10: Documentation and Maintenance (Ongoing) ### **Step 1: Documentation Updates** #### **Configuration Documentation** ```bash # 1. Update network documentation: # - IP address assignments # - Port forwarding rules # - DNS configurations # - VPN settings # 2. Update service documentation: # - Container configurations # - Database schemas # - API endpoints # - Access credentials # 3. Update hardware documentation: # - Serial numbers # - Warranty information # - Replacement procedures # - Performance baselines ``` #### **Procedure Documentation** ```bash # 1. Create runbooks: # - Service restart procedures # - Backup and restore procedures # - Troubleshooting guides # - Emergency contacts # 2. Update disaster recovery plans: # - Recovery time objectives # - Recovery point objectives # - Escalation procedures # - Communication plans ``` ### **Step 2: Maintenance Schedules** #### **Daily Tasks** ```bash # Automated: # - Service health checks # - Backup verification # - Security updates # - Log rotation # Manual: # - Review monitoring alerts # - Check service status # - Verify backup completion ``` #### **Weekly Tasks** ```bash # - Review system performance # - Check disk usage # - Update documentation # - Test backup restores # - Review security logs ``` #### **Monthly Tasks** ```bash # - Full system backup # - Hardware health check # - Security audit # - Performance optimization # - Documentation review ``` #### **Quarterly Tasks** ```bash # - Disaster recovery drill # - Hardware warranty review # - Software license review # - Capacity planning # - Security assessment ``` --- ## ๐Ÿšจ Emergency Procedures ### **Critical Service Failures** ```bash # 1. Vaultwarden failure: # - Use offline password backup # - Restore from latest backup # - Verify database integrity # - Test all password access # 2. Network failure: # - Check physical connections # - Verify router configuration # - Test internet connectivity # - Activate backup internet (mobile hotspot) # 3. Storage failure: # - Check RAID status # - Replace failed drives # - Monitor rebuild progress # - Verify data integrity ``` ### **Complete Infrastructure Failure** ```bash # 1. Assess damage: # - Check power systems # - Verify network connectivity # - Test individual components # - Document failures # 2. Prioritize recovery: # - Network infrastructure first # - Critical services (Vaultwarden, DNS) # - Media and productivity services # - Development and testing services # 3. Execute recovery plan: # - Follow this rebuild guide # - Restore from backups # - Verify service functionality # - Update documentation ``` --- ## ๐Ÿ“‹ Final Checklist ### **Infrastructure Validation** ```bash โ˜ All hardware installed and functional โ˜ Network connectivity verified (1GbE and 10GbE) โ˜ Static IP assignments configured โ˜ DNS resolution working โ˜ VPN access functional (Tailscale and WireGuard) โ˜ External domain access working โ˜ SSL certificates installed and valid ``` ### **Service Validation** ```bash โ˜ Vaultwarden accessible and functional โ˜ Plex streaming working with hardware transcoding โ˜ Pi-hole DNS filtering active โ˜ Monitoring stack operational (Grafana, Prometheus) โ˜ Backup systems configured and tested โ˜ All Docker services running and healthy โ˜ Mobile and travel device access verified ``` ### **Security Validation** ```bash โ˜ All default passwords changed โ˜ SSH keys configured for key-based authentication โ˜ Firewall rules configured โ˜ SSL/TLS encryption enabled for all web services โ˜ 2FA enabled for critical accounts โ˜ Backup encryption verified โ˜ Access logs reviewed ``` ### **Documentation Validation** ```bash โ˜ Network configuration documented โ˜ Service configurations documented โ˜ Backup and restore procedures tested โ˜ Emergency contact information updated โ˜ Hardware warranty information recorded โ˜ Disaster recovery procedures validated ``` --- **๐ŸŽ‰ Congratulations!** You have successfully rebuilt your complete homelab infrastructure. This process typically takes 7-8 days for a complete rebuild, but the result is a fully documented, monitored, and maintainable homelab environment. **๐Ÿ”„ Next Steps:** 1. Monitor system performance for the first week 2. Fine-tune configurations based on usage patterns 3. Schedule regular maintenance tasks 4. Plan for future expansions and upgrades 5. Share your experience with the homelab community **๐Ÿ’ก Pro Tip:** Keep this guide updated as you make changes to your infrastructure. A well-documented homelab is much easier to maintain and troubleshoot.