- Add Docker Compose configs with security hardening (cap_drop ALL, non-root, read-only FS)
- Add Prometheus node_exporter scrape target for 192.168.2.120:9100
- Update services/README.md, INDEX.md, and CLAUDE_STATUS.md with VM 120
- Image pinned to v2026.2.1 (patches CVE-2026-25253)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update infrastructure documentation across all files to accurately distinguish
between active VMs (8), templates (2), and LXC containers (4). Previously,
VM templates 104 (ubuntu-dev) and 107 (ubuntu-docker) were incorrectly counted
as active VMs, inflating the total VM count to 10.
Changes:
- CLAUDE.md: Update Quick Reference and Infrastructure Overview sections
- CLAUDE_STATUS.md: Add dedicated VM Templates section with explanatory note
- INDEX.md: Separate templates from active VMs in infrastructure inventory
- README.md: Add VM Templates section distinguishing from active VMs
- Claude_UPDATES.md: Update infrastructure counts in Quick Reference tables
- services/README.md: Correct footer infrastructure counts
- sub-agents/*.md: Update infrastructure context in all agent prompts
This ensures accurate resource tracking and clarifies that templates are
immutable base images for cloning, not running workloads.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit implements a comprehensive optimization of all sub-agent prompt
definitions based on Opus-powered prompt engineering analysis. All agents now
match the quality standard established by librarian.md.
Agent Improvements:
- scribe.md: 29→340 lines (11.7x expansion)
* Added 6 usage examples with role clarity
* Implemented comprehensive responsibilities section
* Added 3 complete ASCII diagram templates
* Included safety protocols and decision frameworks
- backend-builder.md: 40→291 lines (7.3x expansion)
* Added 6 usage examples with clear boundaries
* Expanded core responsibilities (Ansible, Terraform, Docker, Python, Shell)
* Added technology stack and validation rules tables
* Included handoff protocol for lab-operator deployment
* Defined clear boundaries (CREATES code, does NOT deploy)
- lab-operator.md: 37→193 lines (5.2x expansion)
* Added 6 usage examples with role clarity
* Expanded domain expertise with specific commands
* Added command style guide (5-step pattern)
* Included safety protocols and decision-making framework
* Defined clear boundaries (DEPLOYS/OPERATES, does NOT create IaC)
- librarian.md: Minor formatting improvements
CLAUDE.md Fixes:
- Moved YAML frontmatter to line 1 (was incorrectly at line 89)
- Fixed trailing pipe character
- Completed incomplete sentences about backup strategy and storage growth
- Removed redundant information
- Expanded status file template with recovery instructions
Files Added:
- Claude_UPDATES.md: Comprehensive prompt engineering analysis report
- monitoring/pve-exporter/pve.yml: PVE monitoring configuration
Impact:
- Total agent documentation: 249→967 lines (288% increase)
- Usage examples: 6→24 total (400% increase)
- All agents now have comprehensive safety protocols
- Clear role boundaries prevent agent overlap
- Validation testing confirms all agents functional
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implement comprehensive directory reorganization to improve discoverability,
logical grouping, and separation of concerns across documentation, scripts,
and infrastructure snapshots.
Major Changes:
1. Documentation Reorganization:
- Created start-here-docs/ for onboarding documentation
* Moved QUICK-START.md, START-HERE.md, GIT-SETUP-GUIDE.md
* Moved GIT-QUICK-REFERENCE.md, SCRIPT-USAGE.md, SETUP-COMPLETE.md
- Created troubleshooting/ directory
* Moved BUGFIX-SUMMARY.md for centralized issue resolution
- Created mcp/ directory for Model Context Protocol configurations
* Moved OBSIDIAN-MCP-SETUP.md to mcp/obsidian/
2. Scripts Reorganization:
- Created scripts/crawlers-exporters/ for infrastructure collection
* Moved collect*.sh scripts and collection documentation
* Consolidates Proxmox homelab export tooling
- Created scripts/fixers/ for operational repair scripts
* Moved fix_n8n_db_*.sh scripts
* Isolated scripts with embedded credentials (templates tracked)
- Created scripts/qol/ for quality-of-life utilities
* Moved git-aliases.sh and git-first-commit.sh
3. Infrastructure Snapshots:
- Created disaster-recovery/ for active infrastructure state
* Moved latest homelab-export-20251202-204939/ snapshot
* Contains current VM/CT configurations and system state
- Created archive-homelab/ for historical snapshots
* Moved homelab-export-*.tar.gz archives
* Preserves point-in-time backups for reference
4. Agent Definitions:
- Created sub-agents/ directory
* Added backend-builder.md (development agent)
* Added lab-operator.md (infrastructure operations agent)
* Added librarian.md (git/version control agent)
* Added scribe.md (documentation agent)
5. Updated INDEX.md:
- Reflects new directory structure throughout
- Updated all file path references
- Enhanced navigation with new sections
- Added agent roles documentation
- Updated quick reference commands
6. Security Improvements:
- Updated .gitignore to match reorganized file locations
- Corrected path for scripts/fixers/fix_n8n_db_c_locale.sh exclusion
- Maintained template-based credential management pattern
Infrastructure State Update:
- Latest snapshot: 2025-12-02 20:49:54
- Removed: VM 101 (gitlab), CT 112 (Anytype)
- Added: CT 113 (n8n)
- Total: 9 VMs, 3 Containers
Impact:
- Improved repository navigation and discoverability
- Logical separation of documentation, scripts, and snapshots
- Clearer onboarding path for new users
- Enhanced maintainability through organized structure
- Foundation for multi-agent workflow support
Files changed: 90 files (+935/-349)
- 3 modified, 14 new files, 73 renames/moves
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Introduce template-based approach to prevent credential exposure in version control.
This security enhancement establishes a standard pattern for managing sensitive data
across the homelab repository.
Changes:
- Create services/homepage/services.yaml.template with env var placeholders
* Replace 7 hardcoded credentials with ${VARIABLE_NAME} format
* Add OPNSense, Proxmox, Plex, Radarr, Sonarr, Deluge placeholders
- Create scripts/fix_n8n_db_c_locale.sh.template with env var validation
* Remove hardcoded PostgreSQL password
* Add N8N_DB_PASSWORD environment variable requirement
* Include security reminder to shred script after use
- Update .gitignore with explicit exclusions for sensitive files
* Add services/homepage/services.yaml exclusion
* Add scripts/fix_n8n_db_c_locale.sh exclusion
- Create services/homepage/README.md with comprehensive setup guide
* Document environment variable usage (recommended method)
* Provide API key acquisition instructions for all services
* Include troubleshooting and security best practices
- Update scripts/README.md with template pattern documentation
* Add fix_n8n_db_c_locale.sh template usage instructions
* Create "Template-Based Script Pattern" section
* Enhance security guidelines with shred usage
Template Pattern Benefits:
- Repository remains credential-free
- Templates serve as documentation
- Easy to recreate configs on new systems
- Supports CI/CD pipelines with secret injection
Security Validation:
- No API keys in staged files (verified)
- No passwords in staged files (verified)
- .gitignore properly excludes sensitive files
- Templates contain clear usage instructions
Related: n8n troubleshooting (CLAUDE_STATUS.md), Docker Compose migration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Root Cause:
- N8N_ENCRYPTION_KEY in /opt/n8n/.env contained literal shell command
string $(openssl rand -hex 32) instead of executed value
- .env files do not execute shell commands, only parse literal strings
- Caused n8n service crash loop preventing startup
Troubleshooting Process:
- Identified service crash loop via journalctl logs
- Backend-Builder diagnosed invalid encryption key issue
- Multiple heredoc script attempts failed due to Windows/Linux line
ending issues in WSL environment
- Created simple fix script using echo statements (no heredoc)
Solution:
- Fix script created at /tmp/fix_n8n_simple.sh
- Generates proper encryption key using openssl rand -hex 32
- Recreates .env with corrected configuration including missing
N8N_LISTEN_ADDRESS=0.0.0.0 and NODE_ENV=production
- Backs up existing .env before changes
- Sets proper permissions (600, n8n:n8n)
Reviews:
- Backend-Builder: APPROVED (95% confidence, technically sound)
- Lab-Operator: APPROVED with safeguards (ZFS snapshot, DB backup)
Status: Ready for deployment by user on CT 113 tomorrow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
