services/homepage/services.yaml.template

---
# Homepage Services Configuration Template
# =========================================
# This is a TEMPLATE file. To use it:
# 1. Copy this file to services.yaml: cp services.yaml.template services.yaml
# 2. Replace all ${VARIABLE_NAME} placeholders with actual values
# 3. Or use environment variables by sourcing a .env file
#
# SECURITY: services.yaml is excluded from git via .gitignore
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/services/

- Networking:
    - OPNSense:
        href: https://192.168.50.1/
        description: Firewall - Router
        widget:
          type: opnsense
          url: https://192.168.50.1
          username: ${OPNSENSE_API_USERNAME}
          password: ${OPNSENSE_API_PASSWORD}
          #wan: re1 # optional, defaults to wan

- Home Lab:
    - Homeramoslab:
        href: http://192.168.50.230:8006
        description: AMD Game/Media Server
        widget:
          type: proxmox
          url: https://192.168.50.230:8006
          username: api@pam!homepage
          password: ${PROXMOX_HOMERAMOSLAB_API_TOKEN}
          #node: pve-1 # optional
    - PVE:
        href: https://192.168.50.240:8006
        description: Poweredge R610
        widget:
          type: proxmox
          url: https://192.168.50.240:8006
          username: api@pam!homepage
          password: ${PROXMOX_PVE_API_TOKEN}

- Utilities:
    - PlaceHolder:
        href: http://localhost/
        description: Homepage is 😎

- Media:
    - Plex:
        href: http://192.168.50.231:32400
        icon: plex.png
        description: Media Server
        widget:
          type: plex
          url: http://192.168.50.231:32400
          key: ${PLEX_API_KEY}

    - Radarr:
        href: http://192.168.50.231:7878
        icon: radarr.png
        description: Movie Management
        widget:
          type: radarr
          url: http://192.168.50.231:7878
          key: ${RADARR_API_KEY}
          enableQueue: true # optional, defaults to false

    - Sonar:
        href: http://192.168.50.231:8989
        icon: sonarr.png
        description: Series Management
        widget:
          type: sonarr
          url: http://192.168.50.231:8989
          key: ${SONARR_API_KEY}
          enableQueue: true # optional, defaults to false

    - Deulge:
        href: http://192.168.50.231:8112
        icon: deluge.png
        description: Media collector
        widget:
          type: deluge
          url: http://192.168.50.231:8112
          password: ${DELUGE_WEBUI_PASSWORD}
          enableLeechProgress: true # optional, defaults to false
feat(security): implement template-based credential management for sensitive configurations Introduce template-based approach to prevent credential exposure in version control. This security enhancement establishes a standard pattern for managing sensitive data across the homelab repository. Changes: - Create services/homepage/services.yaml.template with env var placeholders * Replace 7 hardcoded credentials with ${VARIABLE_NAME} format * Add OPNSense, Proxmox, Plex, Radarr, Sonarr, Deluge placeholders - Create scripts/fix_n8n_db_c_locale.sh.template with env var validation * Remove hardcoded PostgreSQL password * Add N8N_DB_PASSWORD environment variable requirement * Include security reminder to shred script after use - Update .gitignore with explicit exclusions for sensitive files * Add services/homepage/services.yaml exclusion * Add scripts/fix_n8n_db_c_locale.sh exclusion - Create services/homepage/README.md with comprehensive setup guide * Document environment variable usage (recommended method) * Provide API key acquisition instructions for all services * Include troubleshooting and security best practices - Update scripts/README.md with template pattern documentation * Add fix_n8n_db_c_locale.sh template usage instructions * Create "Template-Based Script Pattern" section * Enhance security guidelines with shred usage Template Pattern Benefits: - Repository remains credential-free - Templates serve as documentation - Easy to recreate configs on new systems - Supports CI/CD pipelines with secret injection Security Validation: - No API keys in staged files (verified) - No passwords in staged files (verified) - .gitignore properly excludes sensitive files - Templates contain clear usage instructions Related: n8n troubleshooting (CLAUDE_STATUS.md), Docker Compose migration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-12-02 19:49:28 -07:00			`---`
			`# Homepage Services Configuration Template`
			`# =========================================`
			`# This is a TEMPLATE file. To use it:`
			`# 1. Copy this file to services.yaml: cp services.yaml.template services.yaml`
			`# 2. Replace all ${VARIABLE_NAME} placeholders with actual values`
			`# 3. Or use environment variables by sourcing a .env file`
			`#`
			`# SECURITY: services.yaml is excluded from git via .gitignore`
			`# For configuration options and examples, please see:`
			`# https://gethomepage.dev/configs/services/`

			`- Networking:`
			`- OPNSense:`
			`href: https://192.168.50.1/`
			`description: Firewall - Router`
			`widget:`
			`type: opnsense`
			`url: https://192.168.50.1`
			`username: ${OPNSENSE_API_USERNAME}`
			`password: ${OPNSENSE_API_PASSWORD}`
			`#wan: re1 # optional, defaults to wan`

			`- Home Lab:`
			`- Homeramoslab:`
			`href: http://192.168.50.230:8006`
			`description: AMD Game/Media Server`
			`widget:`
			`type: proxmox`
			`url: https://192.168.50.230:8006`
			`username: api@pam!homepage`
			`password: ${PROXMOX_HOMERAMOSLAB_API_TOKEN}`
			`#node: pve-1 # optional`
			`- PVE:`
			`href: https://192.168.50.240:8006`
			`description: Poweredge R610`
			`widget:`
			`type: proxmox`
			`url: https://192.168.50.240:8006`
			`username: api@pam!homepage`
			`password: ${PROXMOX_PVE_API_TOKEN}`

			`- Utilities:`
			`- PlaceHolder:`
			`href: http://localhost/`
			`description: Homepage is 😎`

			`- Media:`
			`- Plex:`
			`href: http://192.168.50.231:32400`
			`icon: plex.png`
			`description: Media Server`
			`widget:`
			`type: plex`
			`url: http://192.168.50.231:32400`
			`key: ${PLEX_API_KEY}`

			`- Radarr:`
			`href: http://192.168.50.231:7878`
			`icon: radarr.png`
			`description: Movie Management`
			`widget:`
			`type: radarr`
			`url: http://192.168.50.231:7878`
			`key: ${RADARR_API_KEY}`
			`enableQueue: true # optional, defaults to false`

			`- Sonar:`
			`href: http://192.168.50.231:8989`
			`icon: sonarr.png`
			`description: Series Management`
			`widget:`
			`type: sonarr`
			`url: http://192.168.50.231:8989`
			`key: ${SONARR_API_KEY}`
			`enableQueue: true # optional, defaults to false`

			`- Deulge:`
			`href: http://192.168.50.231:8112`
			`icon: deluge.png`
			`description: Media collector`
			`widget:`
			`type: deluge`
			`url: http://192.168.50.231:8112`
			`password: ${DELUGE_WEBUI_PASSWORD}`
			`enableLeechProgress: true # optional, defaults to false`