canadabot/hops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
721f7d7a75e6e7f83d3085ea0687663eb5378138
hops/CLAUDE.md
T
Stephen Klein 721f7d7a75 Release HOPS v3.1.0 with major security and architecture improvements 
🆕 New Features:
- Encrypted secret management with AES-256 encryption
- Privilege separation (root vs user operations)
- Comprehensive input validation and sanitization
- Pinned container versions for security
- Modular architecture with shared libraries

🔒 Security Enhancements:
- Encrypted .env file storage with master key management
- Input validation preventing injection attacks
- Secure password generation with complexity requirements
- Enhanced file permissions and ownership handling
- Security auditing capabilities

🏗️ Architecture Improvements:
- Shared library structure (lib/) for common functions
- Enhanced error handling with detailed context
- Improved service definitions with validation
- Standardized logging and UI components
- Better code organization and maintainability

📝 New Components:
- hops_install.sh: New secure installation wrapper
- hops_privileged_setup.sh: Root-only operations
- hops_user_operations.sh: User operations without sudo
- hops_service_definitions_improved.sh: Enhanced service generation
- lib/: Shared libraries for common functionality
- CLAUDE.md: Complete development documentation

🔧 User Experience:
- Multiple installation methods (new secure, manual, legacy)
- Better error messages and troubleshooting guidance
- Improved service management commands
- Enhanced documentation and help system

This release maintains backward compatibility while adding enterprise-grade security features.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-17 07:02:43 -04:00

5.7 KiB
Raw Blame History

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Project Overview

HOPS (Homelab Orchestration Provisioning Script) is a comprehensive automation tool for deploying homelab infrastructure using Docker Compose. It provides menu-driven installation, management, and monitoring of popular homelab services including media servers, download clients, monitoring tools, and more.

Architecture

Core Components

  • Main Script (hops.sh): Primary entry point providing menu-driven interface for all operations
  • Installer (hops_installer_enhanced.sh): Handles service installation and Docker Compose deployment
  • Uninstaller (hops_uninstaller_fixed.sh): Manages complete removal of services and configurations
  • Service Definitions (hops_service_definitions.sh): Contains Docker Compose service templates and configurations

Key Design Patterns

  • Modular Architecture: Each major function is separated into dedicated scripts
  • Service-Driven: All services are defined as Docker Compose configurations with standardized patterns
  • Error Handling: Comprehensive error handling with logging and rollback capabilities
  • Security First: Built-in security hardening, firewall configuration, and secure password generation

Development Commands

Running HOPS

# Main script (requires root)
sudo ./hops.sh

# Direct installation
sudo ./hops_installer_enhanced.sh

# Uninstallation
sudo ./hops_uninstaller_fixed.sh

Testing and Validation

# Check script syntax
bash -n hops.sh
bash -n hops_installer_enhanced.sh
bash -n hops_service_definitions.sh
bash -n hops_uninstaller_fixed.sh

# Test service definitions
source hops_service_definitions.sh
generate_service_definition jellyfin

Log Management

# View installation logs
sudo tail -f /var/log/hops/hops-main-*.log

# View Docker Compose logs
cd ~/homelab && docker compose logs -f [service-name]

Service Architecture

Service Definition Pattern

All services follow a standardized Docker Compose pattern:

  • LinuxServer.io containers with PUID/PGID/TZ environment variables
  • Consistent volume mounting (/opt/appdata for configs, /mnt/media for data)
  • Health checks for web services
  • Unified network configuration (homelab network)
  • Restart policy: unless-stopped

Supported Service Categories

  1. Media Management: Sonarr, Radarr, Lidarr, Readarr, Bazarr, Prowlarr, Tdarr
  2. Download Clients: qBittorrent, Transmission, NZBGet, SABnzbd
  3. Media Servers: Jellyfin, Plex, Emby, Jellystat
  4. Request Management: Overseerr, Jellyseerr, Ombi
  5. Reverse Proxy: Traefik, Nginx Proxy Manager, Authelia
  6. Monitoring: Portainer, Uptime Kuma, Watchtower

File Structure

~/homelab/                    # Main deployment directory
├── docker-compose.yml        # Generated service definitions
├── .env                      # Environment variables
└── logs/                     # Application logs

/opt/appdata/                 # Application configurations
└── [service-name]/           # Individual service configs

/mnt/media/                   # Media storage
├── movies/
├── tv/
├── music/
└── downloads/

Environment Configuration

Key environment variables in ~/homelab/.env:

  • PUID/PGID: User/group IDs for file permissions
  • TZ: Timezone configuration
  • DATA_ROOT: Media storage location
  • CONFIG_ROOT: Application configuration location
  • Security passwords (auto-generated)

Security Features

  • Firewall Integration: Automatic UFW rule management
  • Secure Password Generation: Cryptographically secure passwords
  • File Permission Hardening: Restrictive permissions on sensitive files
  • Network Isolation: Docker network segregation
  • SSL/TLS Support: Automatic certificate management with reverse proxies

Error Handling

  • Comprehensive Logging: All operations logged to /var/log/hops/
  • Rollback Capability: Automatic rollback on deployment failure
  • Dependency Validation: Pre-deployment system requirement checks
  • Service Health Monitoring: Built-in health checks for all services

Key Functions

In hops.sh

  • show_main_menu(): Primary interface
  • manage_services(): Service start/stop/restart
  • show_service_status(): Real-time monitoring
  • show_access_info(): Service URL and credential display

In hops_service_definitions.sh

  • generate_service_definition(): Creates Docker Compose service blocks
  • get_linuxserver_env(): Standard environment variables
  • get_web_healthcheck(): Health check configurations

In hops_installer_enhanced.sh

  • Service selection and dependency resolution
  • Docker Compose file generation
  • Security hardening implementation
  • Post-deployment verification

Development Guidelines

  • Bash Best Practices: Use set -e for error handling, quote variables, use readonly for constants
  • Logging: Use the logging functions (log, error_exit, warning, success, info)
  • Color Output: Use predefined color constants for consistent formatting
  • Service Patterns: Follow the established Docker Compose patterns when adding new services
  • Security: Never commit secrets, use secure password generation, implement proper file permissions

Common Operations

Adding New Services

  1. Add service definition function in hops_service_definitions.sh
  2. Add service to installer menu in hops_installer_enhanced.sh
  3. Configure any required dependencies or special handling
  4. Test deployment and health checks

Debugging Issues

  1. Check logs in /var/log/hops/
  2. Verify Docker Compose syntax with docker compose config
  3. Check service health with docker compose ps
  4. Review firewall rules with sudo ufw status
Reference in New Issue View Git Blame Copy Permalink