jramos/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eec4c4b29876feef8d8d77900b9237f083384af8
homelab/services/homepage/services.yaml.template
Jordan Ramos eec4c4b298 feat(security): implement template-based credential management for sensitive configurations 
Introduce template-based approach to prevent credential exposure in version control.
This security enhancement establishes a standard pattern for managing sensitive data
across the homelab repository.

Changes:
- Create services/homepage/services.yaml.template with env var placeholders
  * Replace 7 hardcoded credentials with ${VARIABLE_NAME} format
  * Add OPNSense, Proxmox, Plex, Radarr, Sonarr, Deluge placeholders
- Create scripts/fix_n8n_db_c_locale.sh.template with env var validation
  * Remove hardcoded PostgreSQL password
  * Add N8N_DB_PASSWORD environment variable requirement
  * Include security reminder to shred script after use
- Update .gitignore with explicit exclusions for sensitive files
  * Add services/homepage/services.yaml exclusion
  * Add scripts/fix_n8n_db_c_locale.sh exclusion
- Create services/homepage/README.md with comprehensive setup guide
  * Document environment variable usage (recommended method)
  * Provide API key acquisition instructions for all services
  * Include troubleshooting and security best practices
- Update scripts/README.md with template pattern documentation
  * Add fix_n8n_db_c_locale.sh template usage instructions
  * Create "Template-Based Script Pattern" section
  * Enhance security guidelines with shred usage

Template Pattern Benefits:
- Repository remains credential-free
- Templates serve as documentation
- Easy to recreate configs on new systems
- Supports CI/CD pipelines with secret injection

Security Validation:
- No API keys in staged files (verified)
- No passwords in staged files (verified)
- .gitignore properly excludes sensitive files
- Templates contain clear usage instructions

Related: n8n troubleshooting (CLAUDE_STATUS.md), Docker Compose migration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 19:49:28 -07:00

89 lines
2.6 KiB
Plaintext
Raw Blame History

---
# Homepage Services Configuration Template
# =========================================
# This is a TEMPLATE file. To use it:
# 1. Copy this file to services.yaml: cp services.yaml.template services.yaml
# 2. Replace all ${VARIABLE_NAME} placeholders with actual values
# 3. Or use environment variables by sourcing a .env file
#
# SECURITY: services.yaml is excluded from git via .gitignore
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/services/
- Networking:
- OPNSense:
href: https://192.168.50.1/
description: Firewall - Router
widget:
type: opnsense
url: https://192.168.50.1
username: ${OPNSENSE_API_USERNAME}
password: ${OPNSENSE_API_PASSWORD}
#wan: re1 # optional, defaults to wan
- Home Lab:
- Homeramoslab:
href: http://192.168.50.230:8006
description: AMD Game/Media Server
widget:
type: proxmox
url: https://192.168.50.230:8006
username: api@pam!homepage
password: ${PROXMOX_HOMERAMOSLAB_API_TOKEN}
#node: pve-1 # optional
- PVE:
href: https://192.168.50.240:8006
description: Poweredge R610
widget:
type: proxmox
url: https://192.168.50.240:8006
username: api@pam!homepage
password: ${PROXMOX_PVE_API_TOKEN}
- Utilities:
- PlaceHolder:
href: http://localhost/
description: Homepage is 😎
- Media:
- Plex:
href: http://192.168.50.231:32400
icon: plex.png
description: Media Server
widget:
type: plex
url: http://192.168.50.231:32400
key: ${PLEX_API_KEY}
- Radarr:
href: http://192.168.50.231:7878
icon: radarr.png
description: Movie Management
widget:
type: radarr
url: http://192.168.50.231:7878
key: ${RADARR_API_KEY}
enableQueue: true # optional, defaults to false
- Sonar:
href: http://192.168.50.231:8989
icon: sonarr.png
description: Series Management
widget:
type: sonarr
url: http://192.168.50.231:8989
key: ${SONARR_API_KEY}
enableQueue: true # optional, defaults to false
- Deulge:
href: http://192.168.50.231:8112
icon: deluge.png
description: Media collector
widget:
type: deluge
url: http://192.168.50.231:8112
password: ${DELUGE_WEBUI_PASSWORD}
enableLeechProgress: true # optional, defaults to false
Reference in New Issue View Git Blame Copy Permalink