Clarify subprocess persistence on session switch, mandatory auto-spawn
on /session, and message queueing delegation to ClaudeSubprocess.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 01: Session & Process Foundation
- 3 plan(s) in 2 wave(s)
- 2 parallel (wave 1), 1 sequential (wave 2)
- Ready for execution
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Telegram bot (@georgsen_homelab_bot) for two-way communication
- Commands: /status, /pbs, /backups, /beszel, /kuma, /ping
- Photos and files saved to inbox for Claude to read
- Runs as systemd user service
- Shared storage via ZFS bind mounts
- rpool/shared/mikkel on PVE host
- Mounted to ~/stuff in mgmt, dev, general containers
- SMB access via \\mgmt\stuff (Tailscale MagicDNS)
- Updated helper scripts list in CLAUDE.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
~/bin/pbs provides:
- status: Overview with datastore, storage, dedup ratio, task summary
- tasks: Recent backup/prune tasks with timestamps
- errors: Filter for failures only
- gc: Garbage collection details
- snapshots: List recent backups per namespace
- storage: Detailed dedup statistics
Also installed bc for calculations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Deployed Beszel hub in Dockge (10.5.0.10:8090)
- Installed agents on PVE host and PBS (with Synology mount monitoring)
- Created NPM proxy at dashboard.georgsen.dk
- Created ~/bin/beszel helper script for API management
- Added credentials for Beszel and Dockge
- Updated all documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created ~/bin/kuma for managing monitors via Socket.IO API
- Uses uptime-kuma-api Python library
- Added monitors: PBS, Forgejo, Technitium DNS
- Updated credentials with username/password for Socket.IO auth
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added API key to uptime-kuma/credentials
- Created README.md with full API documentation
- Updated homelab-documentation.md and CLAUDE.md
- Added TODO to review monitors for missing services
REST API is limited (metrics, push monitors, badges).
Full monitor management requires Socket.IO/web UI.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created TODO.md with pending task to fix ping on all containers
- Added setcap command to standard container setup in documentation
- Added detailed explanation in CLAUDE.md for future reference
- Unprivileged containers need cap_net_raw on /bin/ping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added firewall rules, Fail2ban on both core and Forgejo,
and NPM update command for quick reference.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documented that NPM runs in Docker at /opt/npm and added
the docker compose commands for updating it.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Whitelist home IP (83.89.248.247) for all traffic
- Block DNS (53), spiceproxy (3128), Proxmox UI (8006, 8008) from internet
- Add Fail2ban for SSH on PVE host
- Home IP whitelisted in Fail2ban
Access Proxmox from home IP directly or via Tailscale when remote.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix for CERT-Bund security notification about exposed rpcbind service.
Added iptables rules to drop port 111 on vmbr0 (public interface).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fail2ban on Forgejo (5 retries, 24h ban)
- NPM access list 'home_only' restricts admin UIs to 83.89.248.247
- Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
- Added home IP to documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- pve/credentials: Proxmox API token
- dns/credentials: Technitium DNS credentials
- forgejo/credentials: Forgejo API token
- npm/npm-api.conf: NPM API credentials
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
