pi_mcps/plans/HOMELAB-HANDOVER.md

# Homelab Session Handover
_Last updated: 2026-06-11 by Lumen_

## 🔑 SSH Access (no password needed)

```bash
ssh-add ~/.ssh/id_ed25519_homelab
```

| Alias | Host | User | What it is |
|-------|------|------|-----------|
| `ssh vps` | 85.214.154.199 | root | plate.software — Strato OpenVZ, Plesk, Apache |
| `ssh ionos` | 82.165.206.45 | root | plate-software.de — IONOS, Ubuntu 18.04, Apache |
| `ssh truenas` | 192.168.188.119 | root | TrueNAS SCALE 24.10.2.4, k3s, Gitea |

---

## ✅ Fully Done

### plate.software (VPS — 85.214.154.199)
- Let's Encrypt cert valid (ACME path fixed in Plesk HTTP directives)
- `frps` v0.68.1 running systemd, port 7000, token in BigMind fact #188
- `git.plate.software` Apache proxy → `localhost:30008` via frpc ✅ HTTP 200
- `frpc.service` on TrueNAS tunneling port 30008 → VPS

### IONOS (plate-software.de — 82.165.206.45)
- SSL wildcard-like cert renewed via acme.sh — now covers `git.plate-software.de` too
- Valid until ~2026-08-04
- ownCloud, Collabora still running

### TrueNAS — ChunkyTown ZFS Pool (rebuilt 2026-05-04)
- New pool: RAIDZ1 on `sda`+`sdb`+`sdd`+`sdl` (3 Toshibas + new Seagate WWZAXXKL)
- Hot spare: `sdk` (oldest Toshiba 3220A0PBFA3H)
- **29.1TB usable**, ONLINE, 0 errors
- Old pool was unrecoverable (2 simultaneous failures)
- Data was acceptable loss (Plex re-downloadable, photos in Google Photos)

### TrueNAS — frpc tunnel
- Binary: `/mnt/VM_SSD_Pool/frp/frpc`
- Config: `/mnt/VM_SSD_Pool/frp/frpc.toml`
- Systemd: `frpc.service` (enabled, running)
- Gitea `app.ini`: `/mnt/VM_SSD_Pool/VM_POOL1/gitea/config/app.ini`
  - `ROOT_URL = https://git.plate.software/`
  - `SSH_DOMAIN = git.plate.software`

### git.plate.software ✅ LIVE
- `curl https://git.plate.software/` → HTTP 200

---

## ✅ IONOS Gitea Mirror — FIXED 2026-06-11

### Status: FULLY WORKING
- `https://git.plate-software.de/` → HTTP 200 ✅
- Gitea API → HTTP 200 ✅
- Push mirrors syncing: `pplate/bigmind`, `pplate/cannamanage`, `pplate/pi_mcps` ✅

### What's running
- Gitea Docker container on IONOS: `docker ps | grep gitea-mirror`
  - Port: `127.0.0.1:3000` (local only, behind Apache)
  - Data: `/opt/gitea/data`
  - Admin user: `pplate` (password: `HomelabGit2026!` — reset 2026-06-11)
  - API token: `1e87f855d448727e9d213599d654542881bdca0f`

### Root cause (fixed)
The `sites-enabled/` files for collabora, owncloud, and ssl.conf were **stale copies** (not symlinks) still using hostname-specific VirtualHost bindings (`collabora.plate-software.de:443`, `owncloud.plate-software.de:443`, `plate-software.de:443`). These resolved to `82.165.206.45:443` and Apache treated that as a separate higher-priority NameVirtualHost group — intercepting all git smart HTTP requests before the `*:443` git vhost was ever consulted.

**Fix applied 2026-06-11:**
```bash
sed -i "s|VirtualHost collabora.plate-software.de:443|VirtualHost *:443|g" /etc/apache2/sites-enabled/collabora.plate-software.de.conf
sed -i "s|VirtualHost collabora.plate-software.de:80|VirtualHost *:80|g" /etc/apache2/sites-enabled/collabora.plate-software.de.conf
sed -i "s|VirtualHost owncloud.plate-software.de:443|VirtualHost *:443|g" /etc/apache2/sites-enabled/owncloud.plate-software.de.conf
sed -i "s|VirtualHost owncloud.plate-software.de:80|VirtualHost *:80|g" /etc/apache2/sites-enabled/owncloud.plate-software.de.conf
sed -i "s|VirtualHost plate-software.de:443|VirtualHost *:443|g" /etc/apache2/sites-enabled/ssl.conf
systemctl reload apache2
```

⚠️ **Note:** `sites-enabled/collabora`, `owncloud`, and `ssl.conf` are plain files (not symlinks to `sites-available/`). If Apache is ever reconfigured via `a2ensite`, these edits will be lost — the `sites-available/` originals still have the correct `*:443` bindings.

---

## ⚠️ Other Pending Items

### Plex (superplex app)
- Shows CRASHED in TrueNAS app panel
- Likely due to old ChunkyTown dataset paths being gone
- Fix: TrueNAS web UI → Apps → superplex → Edit → update media library paths to new `/mnt/ChunkyTown/...` datasets

### Let's Encrypt for git.plate.software (VPS side)
- Currently no SSL cert for `git.plate.software` in Plesk
- Apache proxy works but is HTTP→HTTP (Plesk's SSL termination handles it)
- Issue cert: Plesk UI → Domains → git.plate.software → Let's Encrypt

---

## 🏗️ Infrastructure Overview

```
Internet
   ↓ DNS
plate.software VPS (85.214.154.199)
   Apache/Plesk
   ├── plate.software          → :8080 (Docker WildFly)
   └── git.plate.software      → :30008 (frp tunnel ← TrueNAS) ✅
   frps :7000 ← frpc on TrueNAS ✅

TrueNAS.local (192.168.188.119)
   ├── Gitea      :30008  (ROOT_URL = https://git.plate.software/) ✅
   ├── VM_SSD_Pool (ZFS RAIDZ2, ONLINE) — Gitea data lives here
   └── ChunkyTown (ZFS RAIDZ1, ONLINE, 29.1TB) — rebuilt 2026-05-04
       ├── raidz1: sda + sdb + sdd + sdl (Seagate)
       └── spare: sdk

IONOS (82.165.206.45)
   Apache
   ├── owncloud.plate-software.de → :8080 ✅
   ├── collabora.plate-software.de → :9980 ✅
   └── git.plate-software.de → :3000 (Gitea mirror Docker) ✅ FULLY WORKING (fixed 2026-06-11)
       Docker: gitea-mirror, data: /opt/gitea/data
       Token: 1e87f855d448727e9d213599d654542881bdca0f (in BigMind fact #192)
       Repos: pplate/bigmind, pplate/cannamanage, pplate/pi_mcps (push mirrors from TrueNAS)
```

---

## 🗂️ Key File Locations

| File | Purpose |
|------|---------|
| `~/.ssh/id_ed25519_homelab` | Automation SSH key |
| `~/.ssh/config` | SSH aliases (vps, ionos, truenas) |
| `plans/frpc-truenas-deploy.sh` | frpc installer (already run on TrueNAS) |
| `plans/HOMELAB-HANDOVER.md` | This file |