Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24f1036b45a29bfb7fc9978b8780afcbe8ff3193
homelab-optimized/docs/getting-started/complete-rebuild-guide.md
Gitea Mirror Bot 24f1036b45
Some checks failed
Documentation / Deploy to GitHub Pages (push) Has been cancelled
Details
Documentation / Build Docusaurus (push) Has been cancelled
Details
Sanitized mirror from private repository - 2026-04-16 07:04:43 UTC
2026-04-16 07:04:43 +00:00

991 lines
24 KiB
Markdown
Raw Blame History

# 🏗️ Complete Homelab Rebuild Guide - From Hardware to Services
**🔴 Advanced Guide - Complete Infrastructure Rebuild**
This guide provides step-by-step instructions for rebuilding the entire homelab infrastructure from scratch, including hardware setup, network configuration, and service deployment. Use this guide for complete disaster recovery or when setting up a new homelab.
## 📋 Prerequisites & Planning
### **Required Hardware Inventory**
Before starting, ensure you have all hardware components:
#### **Primary Infrastructure**
- [ ] **Synology DS1823xs+** (8-bay NAS)
- [ ] **8x Seagate IronWolf Pro 16TB** (ST16000NT001)
- [ ] **2x Crucial P310 1TB NVMe** (CT1000P310SSD801)
- [ ] **1x Synology SNV5420-400G NVMe**
- [ ] **Synology E10M20-T1** (10GbE + M.2 adapter)
- [ ] **TP-Link TL-SX1008** (10GbE switch)
- [ ] **TP-Link Archer BE800** (Wi-Fi 7 router)
#### **Compute Infrastructure**
- [ ] **Intel NUC6i3SYB** (Concord NUC)
- [ ] **Raspberry Pi 5 16GB** (with PiRonMan case)
- [ ] **Raspberry Pi 5 8GB** (Kevin)
- [ ] **NVIDIA Shield TV Pro** (travel device)
- [ ] **MSI Prestige 13 AI Plus** (travel laptop)
#### **Network & Power**
- [ ] **UPS system** (1500VA minimum)
- [ ] **Ethernet cables** (Cat6/Cat6a for 10GbE)
- [ ] **Power cables and adapters**
- [ ] **HDMI cables** (for initial setup)
### **Required Software & Accounts**
- [ ] **Synology DSM** (latest version)
- [ ] **Docker** and **Docker Compose**
- [ ] **Tailscale account** (for VPN mesh)
- [ ] **Domain registration** (for external access)
- [ ] **Email account** (for SMTP notifications)
- [ ] **Cloud storage** (for offsite backups)
---
## 🌐 Phase 1: Network Infrastructure Setup (Day 1)
### **Step 1: Router Configuration**
#### **TP-Link Archer BE800 Setup**
```bash
# 1. Physical connections
# - Connect modem to WAN port
# - Connect computer to LAN port 1
# - Power on router and wait 2-3 minutes
# 2. Initial access
# Open browser: http://192.168.0.1 or http://tplinkwifi.net
# Default login: admin/admin
# 3. Basic configuration
# - Set admin password (store in password manager)
# - Configure internet connection (DHCP/Static/PPPoE)
# - Set WiFi SSID: "Vish-Homelab-5G" and "Vish-Homelab-2.4G"
# - Set WiFi password (WPA3, strong password)
# 4. Network settings
# - Change LAN subnet to 192.168.1.0/24
# - Set DHCP range: 192.168.1.100-192.168.1.200
# - Set DNS servers: 1.1.1.1, 8.8.8.8
# - Enable UPnP (for media services)
# - Disable WPS (security)
```
#### **Static IP Reservations**
```bash
# Configure DHCP reservations for all devices
# Router > Advanced > Network > DHCP Server > Address Reservation
# Primary Infrastructure
atlantis.vish.local → 192.168.1.100 # DS1823xs+
calypso.vish.local → 192.168.1.101 # DS723+ (if present)
setillo.vish.local → 192.168.1.108 # Monitoring NAS
# Compute Hosts
concord-nuc.vish.local → 192.168.1.102 # Intel NUC
homelab-vm.vish.local → 192.168.1.103 # Proxmox VM
chicago-vm.vish.local → 192.168.1.104 # Gaming VM
bulgaria-vm.vish.local → 192.168.1.105 # Communication VM
# Physical Hosts
anubis.vish.local → 192.168.1.106 # Mac Mini
guava.vish.local → 192.168.1.107 # AMD Workstation
shinku-ryuu.vish.local → 192.168.1.120 # Main Desktop
# Edge Devices
rpi-vish.vish.local → 192.168.1.109 # Raspberry Pi 5 (16GB)
rpi-kevin.vish.local → 192.168.1.110 # Raspberry Pi 5 (8GB)
nvidia-shield.vish.local → 192.168.1.111 # NVIDIA Shield TV Pro
# Travel Devices
msi-laptop.vish.local → 192.168.1.115 # MSI Prestige 13 AI Plus
```
### **Step 2: 10 Gigabit Network Setup**
#### **TP-Link TL-SX1008 Configuration**
```bash
# 1. Physical setup
# - Connect TL-SX1008 to router LAN port via 1GbE
# - Power on switch
# - No configuration needed (unmanaged switch)
# 2. Device connections (as devices come online)
# Port 1: Atlantis (via E10M20-T1 card)
# Port 2: Calypso (via PCIe 10GbE card)
# Port 3: Shinku-Ryuu (via PCIe 10GbE card)
# Port 4: Guava (via PCIe 10GbE card)
# Ports 5-8: Available for future expansion
```
### **Step 3: DNS and Domain Setup**
#### **Dynamic DNS Configuration**
```bash
# 1. Choose DDNS provider (Synology, No-IP, DuckDNS)
# 2. Register domain: vishinator.synology.me (or custom domain)
# 3. Configure in router:
# - Advanced > Dynamic DNS
# - Provider: Synology
# - Hostname: vishinator.synology.me
# - Username/Password: "REDACTED_PASSWORD" account credentials
# 4. Test DDNS
# Wait 10 minutes, then test:
nslookup vishinator.synology.me
# Should return your external IP address
```
---
## 🏛️ Phase 2: Primary NAS Setup (Day 1-2)
### **Step 1: Synology DS1823xs+ Hardware Assembly**
#### **Drive Installation**
```bash
# 1. Unpack DS1823xs+ and drives
# 2. Install drives in order (for RAID consistency):
# Bay 1: Seagate IronWolf Pro 16TB #1
# Bay 2: Seagate IronWolf Pro 16TB #2
# Bay 3: Seagate IronWolf Pro 16TB #3
# Bay 4: Seagate IronWolf Pro 16TB #4
# Bay 5: Seagate IronWolf Pro 16TB #5
# Bay 6: Seagate IronWolf Pro 16TB #6
# Bay 7: Seagate IronWolf Pro 16TB #7
# Bay 8: Seagate IronWolf Pro 16TB #8
# 3. Install M.2 drives:
# Slot 1: Crucial P310 1TB #1
# Slot 2: Crucial P310 1TB #2
# 4. Install expansion card:
# PCIe Slot 1: Synology E10M20-T1
# E10M20-T1 M.2 Slot: Synology SNV5420-400G
# 5. Install RAM upgrade:
# - Remove existing 4GB module
# - Install 32GB DDR4 ECC module
```
#### **Network Connections**
```bash
# 1. Primary connections:
# - LAN 1: Connect to router (1GbE management)
# - LAN 2: Available for bonding/backup
# - 10GbE: Connect to TL-SX1008 switch
# 2. Power connection:
# - Connect 180W power adapter
# - Connect to UPS if available
```
### **Step 2: DSM Installation and Initial Setup**
#### **DSM Installation**
```bash
# 1. Power on DS1823xs+
# 2. Wait for boot (2-3 minutes, listen for beep)
# 3. Find NAS on network:
# - Use Synology Assistant (download from synology.com)
# - Or browse to http://find.synology.com
# - Or direct IP: http://192.168.1.100
# 4. DSM Installation:
# - Download latest DSM for DS1823xs+
# - Upload .pat file during setup
# - Follow installation wizard
# - Create admin account (store credentials securely)
```
#### **Basic DSM Configuration**
```bash
# 1. Network settings:
# - Control Panel > Network > Network Interface
# - Set static IP: 192.168.1.100
# - Subnet: 255.255.255.0
# - Gateway: 192.168.1.1
# - DNS: 1.1.1.1, 8.8.8.8
# 2. Time and region:
# - Control Panel > Regional Options
# - Time zone: America/Los_Angeles
# - NTP server: pool.ntp.org
# 3. Notifications:
# - Control Panel > Notification > Email
# - SMTP server: smtp.gmail.com:587
# - Configure email notifications for critical events
```
### **Step 3: Storage Configuration**
#### **RAID Array Setup**
```bash
# 1. Storage Manager > Storage > Create
# 2. Choose RAID type:
# - RAID 6: Best balance of capacity and redundancy
# - Can survive 2 drive failures
# - Usable capacity: ~96TB (6 drives worth)
# 3. Volume creation:
# - Create Volume 1 on RAID array
# - File system: Btrfs (for snapshots and data integrity)
# - Enable data checksum
# - Enable compression (if desired)
```
#### **M.2 Storage Configuration**
```bash
# CRITICAL: Install 007revad scripts FIRST
# SSH to NAS as admin user
# 1. Download and install scripts:
cd /volume1
git clone https://github.com/007revad/Synology_HDD_db.git
git clone https://github.com/007revad/Synology_M2_volume.git
git clone https://github.com/007revad/Synology_enable_M2_volume.git
# 2. Run HDD database script:
cd Synology_HDD_db
sudo ./syno_hdd_db.sh
# This adds IronWolf Pro drives to compatibility database
# 3. Enable M.2 volume support:
cd ../Synology_enable_M2_volume
sudo ./syno_enable_m2_volume.sh
# 4. Create M.2 volumes:
cd ../Synology_M2_volume
sudo ./syno_m2_volume.sh
# 5. Configure M.2 storage:
# Storage Manager > Storage > Create
# - Volume 2: Crucial P310 drives in RAID 1 (high-performance storage)
# - Volume 3: Synology SNV5420 (cache and metadata)
```
### **Step 4: Essential Services Setup**
#### **Docker Installation**
```bash
# 1. Package Center > Search "Docker"
# 2. Install Docker package
# 3. Enable SSH (Control Panel > Terminal & SNMP > Enable SSH)
# 4. SSH to NAS and verify Docker:
ssh admin@192.168.1.100
docker --version
docker-compose --version
```
#### **File Sharing Setup**
```bash
# 1. Create shared folders:
# Control Panel > Shared Folder > Create
# Essential folders:
# - docker (for container data)
# - media (for Plex library)
# - documents (for Paperless-NGX)
# - backups (for system backups)
# - homes (for user directories)
# 2. Set permissions:
# - admin: Read/Write access to all folders
# - Create service accounts as needed
```
---
## 🔧 Phase 3: Core Services Deployment (Day 2-3)
### **Step 1: Infrastructure Services**
#### **Portainer (Container Management)**
```bash
# 1. Create Portainer directory:
mkdir -p /volume1/docker/portainer
# 2. Deploy Portainer:
docker run -d \
--name portainer \
--restart always \
-p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /volume1/docker/portainer:/data \
portainer/portainer-ce:latest
# 3. Access: http://192.168.1.100:9000
# 4. Create admin account
# 5. Connect to local Docker environment
```
#### **Watchtower (Auto-Updates)**
```bash
# Deploy Watchtower for automatic container updates:
docker run -d \
--name watchtower \
--restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
--schedule "0 0 4 * * *" \
--cleanup
```
### **Step 2: Security Services**
#### **Vaultwarden (Password Manager)**
```bash
# 1. Create directory structure:
mkdir -p /volume2/metadata/docker/vaultwarden/{data,db}
# 2. Deploy using the commented configuration:
# Copy /workspace/project/homelab/Atlantis/vaultwarden.yaml
# Update passwords and tokens
# Deploy: docker-compose -f vaultwarden.yaml up -d
# 3. Initial setup:
# - Access http://192.168.1.100:4080
# - Create first user account
# - Configure admin panel with admin token
```
#### **Pi-hole (DNS Filtering)**
```bash
# 1. Create Pi-hole directory:
mkdir -p /volume1/docker/pihole/{etc,dnsmasq}
# 2. Deploy Pi-hole:
docker run -d \
--name pihole \
--restart always \
-p 53:53/tcp -p 53:53/udp \
-p 8080:80 \
-e TZ=America/Los_Angeles \
-e WEBPASSWORD="REDACTED_PASSWORD" \
-v /volume1/docker/pihole/etc:/etc/pihole \
-v /volume1/docker/pihole/dnsmasq:/etc/dnsmasq.d \
pihole/pihole:latest
# 3. Configure router to use Pi-hole:
# Router DNS: 192.168.1.100
```
### **Step 3: Monitoring Stack**
#### **Grafana and Prometheus**
```bash
# 1. Create monitoring directories:
mkdir -p /volume1/docker/{grafana,prometheus}
# 2. Deploy monitoring stack:
# Copy monitoring-stack.yaml from homelab repo
# Update configurations
# Deploy: docker-compose -f monitoring-stack.yaml up -d
# 3. Configure dashboards:
# - Import Synology dashboard
# - Configure data sources
# - Set up alerting
```
#### **Uptime Kuma (Service Monitoring)**
```bash
# 1. Deploy Uptime Kuma:
docker run -d \
--name uptime-kuma \
--restart always \
-p 3001:3001 \
-v /volume1/docker/uptime-kuma:/app/data \
louislam/uptime-kuma:1
# 2. Configure monitoring:
# - Add all critical services
# - Set up notifications
# - Configure status page
```
---
## 📺 Phase 4: Media Services (Day 3-4)
### **Step 1: Plex Media Server**
```bash
# 1. Create Plex directories:
mkdir -p /volume1/docker/plex
mkdir -p /volume1/data/media/{movies,tv,music,photos}
# 2. Deploy Plex using commented configuration:
# Copy plex.yaml from homelab repo
# Update PUID/PGID and timezone
# Deploy: docker-compose -f plex.yaml up -d
# 3. Initial setup:
# - Access http://192.168.1.100:32400/web
# - Claim server with Plex account
# - Add media libraries
# - Configure hardware transcoding
```
### **Step 2: Media Management (Arr Suite)**
```bash
# 1. Deploy Arr suite services:
# - Sonarr (TV shows)
# - Radarr (Movies)
# - Prowlarr (Indexer management)
# - SABnzbd (Download client)
# 2. Configure each service:
# - Set up indexers in Prowlarr
# - Configure download clients
# - Set up media folders
# - Configure quality profiles
```
### **Step 3: Photo Management**
```bash
# 1. Deploy Immich (if using):
# Copy immich configuration
# Set up database and Redis
# Configure storage paths
# 2. Alternative: PhotoPrism
# Deploy PhotoPrism container
# Configure photo directories
# Set up face recognition
```
---
## 🌐 Phase 5: Network Services (Day 4-5)
### **Step 1: VPN Setup**
#### **Tailscale Mesh VPN**
```bash
# 1. Install Tailscale on NAS:
# Download Tailscale package for Synology
# Install via Package Center or manual installation
# 2. Configure Tailscale:
sudo tailscale up --advertise-routes=192.168.1.0/24
# Approve subnet routes in Tailscale admin console
# 3. Install on all devices:
# - Concord NUC
# - Raspberry Pi nodes
# - NVIDIA Shield
# - Travel devices
```
#### **WireGuard (Alternative/Backup VPN)**
```bash
# 1. Deploy WireGuard container:
docker run -d \
--name wireguard \
--restart always \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e PUID=1029 \
-e PGID=65536 \
-e TZ=America/Los_Angeles \
-p 51820:51820/udp \
-v /volume1/docker/wireguard:/config \
-v /lib/modules:/lib/modules \
linuxserver/wireguard
# 2. Configure port forwarding:
# Router: External 51820/UDP → 192.168.1.100:51820
```
### **Step 2: Reverse Proxy**
#### **Nginx Proxy Manager**
```bash
# 1. Deploy Nginx Proxy Manager:
docker run -d \
--name nginx-proxy-manager \
--restart always \
-p 8341:80 \
-p 8766:443 \
-p 8181:81 \
-v /volume1/docker/nginx-proxy-manager:/data \
-v /volume1/docker/nginx-proxy-manager/letsencrypt:/etc/letsencrypt \
jc21/nginx-proxy-manager:latest
# 2. Configure SSL certificates:
# - Set up Let's Encrypt
# - Configure proxy hosts
# - Set up access lists
```
---
## 🖥️ Phase 6: Compute Nodes Setup (Day 5-6)
### **Step 1: Intel NUC (Concord)**
#### **Operating System Installation**
```bash
# 1. Create Ubuntu 22.04 LTS installation media
# 2. Boot from USB and install Ubuntu
# 3. Configure network:
sudo netplan apply
# Set static IP: 192.168.1.102
# 4. Install Docker:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
# 5. Install Docker Compose:
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
#### **Home Assistant Setup**
```bash
# 1. Create Home Assistant directory:
mkdir -p ~/docker/homeassistant
# 2. Deploy Home Assistant:
docker run -d \
--name homeassistant \
--restart always \
--privileged \
--net=host \
-e TZ=America/Los_Angeles \
-v ~/docker/homeassistant:/config \
ghcr.io/home-assistant/home-assistant:stable
# 3. Access: http://192.168.1.102:8123
```
### **Step 2: Raspberry Pi Cluster**
#### **Pi-5 (Vish) Setup**
```bash
# 1. Flash Raspberry Pi OS Lite (64-bit)
# 2. Enable SSH and configure WiFi
# 3. Boot and configure:
sudo raspi-config
# - Enable SSH
# - Set timezone
# - Expand filesystem
# 4. Install Docker:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker pi
# 5. Install Tailscale:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
```
#### **Pi-5-Kevin Setup**
```bash
# Follow same process as Pi-5 (Vish)
# Configure as secondary node
# Set static IP: 192.168.1.110
```
---
## 📱 Phase 7: Edge and Travel Devices (Day 6-7)
### **Step 1: NVIDIA Shield TV Pro**
#### **Initial Setup**
```bash
# 1. Connect to TV and complete Android TV setup
# 2. Enable Developer Options:
# Settings > Device Preferences > About
# Click "Build" 7 times
# 3. Enable USB Debugging:
# Settings > Device Preferences > Developer Options
# Enable "USB Debugging"
# 4. Install Tailscale:
# - Download Tailscale APK
# - Install via file manager or ADB
# - Configure with homelab tailnet
```
#### **Media Apps Configuration**
```bash
# 1. Install Plex app from Play Store
# 2. Configure Plex server connection:
# Server: atlantis.vish.local:32400
# Or Tailscale IP: 100.83.230.112:32400
# 3. Install additional apps:
# - VLC Media Player
# - Chrome Browser
# - Termux (for SSH access)
```
### **Step 2: MSI Prestige 13 AI Plus**
#### **Tailscale Setup**
```bash
# 1. Download and install Tailscale for Windows
# 2. Sign in with homelab account
# 3. Configure as exit node (optional):
# Tailscale > Settings > Use as exit node
# 4. Test connectivity:
ping atlantis.vish.local
ping 100.83.230.112
```
#### **Development Environment**
```bash
# 1. Install WSL2:
wsl --install Ubuntu-22.04
# 2. Configure WSL2:
# - Install Docker Desktop
# - Enable WSL2 integration
# - Install development tools
# 3. SSH key setup:
ssh-keygen -t ed25519 -C "msi-laptop@homelab"
# Copy public key to homelab hosts
```
---
## 🔄 Phase 8: Backup and Monitoring (Day 7)
### **Step 1: Backup Configuration**
#### **Local Backups**
```bash
# 1. Configure Synology backup tasks:
# Control Panel > Task Scheduler > Create > Backup
# 2. Critical backup jobs:
# - Docker configurations (daily)
# - Database backups (daily)
# - System configurations (weekly)
# - Media metadata (weekly)
# 3. Backup verification:
# - Test restore procedures
# - Verify backup integrity
# - Document recovery procedures
```
#### **Offsite Backups**
```bash
# 1. Configure cloud backup:
# - Synology C2 Backup
# - Or AWS S3/Glacier
# - Or Google Drive/OneDrive
# 2. Encrypt sensitive backups:
# - Use Synology encryption
# - Or GPG encryption for scripts
# - Store encryption keys securely
```
### **Step 2: Monitoring Setup**
#### **Service Monitoring**
```bash
# 1. Configure Uptime Kuma monitors:
# - All critical services
# - Network connectivity
# - Certificate expiration
# - Disk space usage
# 2. Set up notifications:
# - Email alerts
# - Discord/Slack webhooks
# - SMS for critical alerts
```
#### **Performance Monitoring**
```bash
# 1. Configure Grafana dashboards:
# - System performance
# - Network utilization
# - Service health
# - Storage usage
# 2. Set up alerting rules:
# - High CPU/memory usage
# - Disk space warnings
# - Service failures
# - Network issues
```
---
## 🧪 Phase 9: Testing and Validation (Day 8)
### **Step 1: Service Testing**
#### **Connectivity Tests**
```bash
# 1. Internal network tests:
ping atlantis.vish.local
ping concord-nuc.vish.local
ping rpi-vish.vish.local
# 2. Service accessibility tests:
curl -I http://atlantis.vish.local:32400 # Plex
curl -I http://atlantis.vish.local:9000 # Portainer
curl -I http://atlantis.vish.local:4080 # Vaultwarden
# 3. External access tests:
# Test from mobile device or external network
# Verify VPN connectivity
# Test domain resolution
```
#### **Performance Tests**
```bash
# 1. Network performance:
iperf3 -s # On server
iperf3 -c atlantis.vish.local # From client
# 2. Storage performance:
dd if=/dev/zero of=/volume1/test bs=1M count=1000
rm /volume1/test
# 3. Media streaming tests:
# Test Plex transcoding
# Verify hardware acceleration
# Test multiple concurrent streams
```
### **Step 2: Disaster Recovery Testing**
#### **Backup Restoration Tests**
```bash
# 1. Test configuration restore:
# - Stop a service
# - Restore from backup
# - Verify functionality
# 2. Test database restore:
# - Create test database backup
# - Restore to different location
# - Verify data integrity
# 3. Test complete service rebuild:
# - Remove service completely
# - Rebuild from documentation
# - Restore data from backup
```
#### **Failover Tests**
```bash
# 1. Network failover:
# - Disconnect primary network
# - Test Tailscale connectivity
# - Verify service accessibility
# 2. Power failure simulation:
# - Graceful shutdown test
# - UPS functionality test
# - Startup sequence verification
# 3. Drive failure simulation:
# - Remove one drive from RAID
# - Verify RAID degraded mode
# - Test rebuild process
```
---
## 📚 Phase 10: Documentation and Maintenance (Ongoing)
### **Step 1: Documentation Updates**
#### **Configuration Documentation**
```bash
# 1. Update network documentation:
# - IP address assignments
# - Port forwarding rules
# - DNS configurations
# - VPN settings
# 2. Update service documentation:
# - Container configurations
# - Database schemas
# - API endpoints
# - Access credentials
# 3. Update hardware documentation:
# - Serial numbers
# - Warranty information
# - Replacement procedures
# - Performance baselines
```
#### **Procedure Documentation**
```bash
# 1. Create runbooks:
# - Service restart procedures
# - Backup and restore procedures
# - Troubleshooting guides
# - Emergency contacts
# 2. Update disaster recovery plans:
# - Recovery time objectives
# - Recovery point objectives
# - Escalation procedures
# - Communication plans
```
### **Step 2: Maintenance Schedules**
#### **Daily Tasks**
```bash
# Automated:
# - Service health checks
# - Backup verification
# - Security updates
# - Log rotation
# Manual:
# - Review monitoring alerts
# - Check service status
# - Verify backup completion
```
#### **Weekly Tasks**
```bash
# - Review system performance
# - Check disk usage
# - Update documentation
# - Test backup restores
# - Review security logs
```
#### **Monthly Tasks**
```bash
# - Full system backup
# - Hardware health check
# - Security audit
# - Performance optimization
# - Documentation review
```
#### **Quarterly Tasks**
```bash
# - Disaster recovery drill
# - Hardware warranty review
# - Software license review
# - Capacity planning
# - Security assessment
```
---
## 🚨 Emergency Procedures
### **Critical Service Failures**
```bash
# 1. Vaultwarden failure:
# - Use offline password backup
# - Restore from latest backup
# - Verify database integrity
# - Test all password access
# 2. Network failure:
# - Check physical connections
# - Verify router configuration
# - Test internet connectivity
# - Activate backup internet (mobile hotspot)
# 3. Storage failure:
# - Check RAID status
# - Replace failed drives
# - Monitor rebuild progress
# - Verify data integrity
```
### **Complete Infrastructure Failure**
```bash
# 1. Assess damage:
# - Check power systems
# - Verify network connectivity
# - Test individual components
# - Document failures
# 2. Prioritize recovery:
# - Network infrastructure first
# - Critical services (Vaultwarden, DNS)
# - Media and productivity services
# - Development and testing services
# 3. Execute recovery plan:
# - Follow this rebuild guide
# - Restore from backups
# - Verify service functionality
# - Update documentation
```
---
## 📋 Final Checklist
### **Infrastructure Validation**
```bash
☐ All hardware installed and functional
☐ Network connectivity verified (1GbE and 10GbE)
☐ Static IP assignments configured
☐ DNS resolution working
☐ VPN access functional (Tailscale and WireGuard)
☐ External domain access working
☐ SSL certificates installed and valid
```
### **Service Validation**
```bash
☐ Vaultwarden accessible and functional
☐ Plex streaming working with hardware transcoding
☐ Pi-hole DNS filtering active
☐ Monitoring stack operational (Grafana, Prometheus)
☐ Backup systems configured and tested
☐ All Docker services running and healthy
☐ Mobile and travel device access verified
```
### **Security Validation**
```bash
☐ All default passwords changed
☐ SSH keys configured for key-based authentication
☐ Firewall rules configured
☐ SSL/TLS encryption enabled for all web services
☐ 2FA enabled for critical accounts
☐ Backup encryption verified
☐ Access logs reviewed
```
### **Documentation Validation**
```bash
☐ Network configuration documented
☐ Service configurations documented
☐ Backup and restore procedures tested
☐ Emergency contact information updated
☐ Hardware warranty information recorded
☐ Disaster recovery procedures validated
```
---
**🎉 Congratulations!** You have successfully rebuilt your complete homelab infrastructure. This process typically takes 7-8 days for a complete rebuild, but the result is a fully documented, monitored, and maintainable homelab environment.
**🔄 Next Steps:**
1. Monitor system performance for the first week
2. Fine-tune configurations based on usage patterns
3. Schedule regular maintenance tasks
4. Plan for future expansions and upgrades
5. Share your experience with the homelab community
**💡 Pro Tip:** Keep this guide updated as you make changes to your infrastructure. A well-documented homelab is much easier to maintain and troubleshoot.
Reference in New Issue View Git Blame Copy Permalink