appa-net/zet.home.arpa/README.md

# zet.home.arpa

Home lab server providing file sharing, DNS filtering, web proxy, and git hosting.

## Server Overview

| Field | Value |
|-------|-------|
| **Hostname** | zet / zet.home.arpa / zet.kenjim.com |
| **Primary IP** | 172.27.0.35 |
| **OS** | Ubuntu 24.04.4 LTS (Noble) |
| **Kernel** | 6.8.0-124-generic |
| **Network** | 172.27.0.0/24 |

## Services

| Service | Port(s) | How It Runs | Docs |
|---------|---------|-------------|------|
| nginx (SSL reverse proxy) | 80, 443/tcp | systemd (`nginx`) | [nginx/](nginx/) |
| Pi-hole (DNS + ad blocking) | 53/tcp+udp, 8081/tcp, 67/udp | Docker container | [pihole/](pihole/) |
| Samba (SMB file sharing) | 445, 139 | systemd (`smbd`, `nmbd`) | [samba/](samba/) |
| NFS | 2049/tcp+udp | systemd | [nfs/](nfs/) |
| Squid (web proxy) | 3128/tcp | systemd (`squid`) | [squid/](squid/) |
| Gitea (git server) | 3000/tcp | systemd (`gitea`) | [git-server/](git-server/) |
| SSH | 22/tcp | systemd (`ssh`) | — |
| Docker | — | systemd (`docker`) | — |

## Public Hostnames (HTTPS via nginx)

| Hostname | Target | Notes |
|----------|--------|-------|
| `git.kenjim.com` | Gitea (:3000) | Public |
| `www.kenjim.com` | Docker container | Public |
| `kenji.kenjim.com` | Docker container | Public |
| `gt.kenjim.com` | CNAME elsewhere | Cert covers it, nginx drops it |
| `zet.kenjim.com` | SSH only | No web — dynamic DNS entry |

All HTTPS subdomains share one Let's Encrypt cert. See [ssl/](ssl/) and [nginx/](nginx/).

## Storage

See [storage.md](storage.md) for full disk layout. Summary:

| Mount | Device | Size | Use |
|-------|--------|------|-----|
| `/` | nvme0n1p3 (LVM) | 950 GB | OS + apps |
| `/data/ssd-photos` | sda (LVM, Crucial MX500) | 916 GB | Photos SSD |
| `/data/hsgt10a` | sdb1 (HGST 10 TB) | 9.1 TB | Primary bulk storage |
| `/data/hsgt10b` | sdc1 (HGST 10 TB) | 9.1 TB | Secondary bulk storage |

## Network

The server holds four IPs on a single USB NIC (`enx00242788c03a`):

- `172.27.0.35` — primary (DHCP, used for most services)
- `172.27.0.36`, `172.27.0.37`, `172.27.0.38` — secondary aliases

The built-in NIC (`enp1s0`) and WiFi (`wlp2s0`) are both **DOWN**.

## Quick Service Commands

```bash
# nginx (SSL reverse proxy)
sudo systemctl restart nginx
sudo nginx -t                                 # test config before reload

# Pi-hole (admin UI now on :8081)
cd ~/docker-pi-hole && docker compose up -d   # start
cd ~/docker-pi-hole && docker compose down    # stop
docker exec pihole pihole version             # version check

# Samba
sudo systemctl restart smbd nmbd

# NFS
sudo systemctl restart nfs-server

# Squid
sudo systemctl restart squid

# Gitea
sudo systemctl restart gitea
```