# 🚀 Deploy LemonSec Now This is the **fast path** to get LemonSec running on your Proxmox VM with Portainer. ## Prerequisites - [ ] Proxmox VM with Docker and Portainer installed - [ ] TrueNAS Scale VM with Nextcloud app installed - [ ] Cloudflare account managing `lemonlink.eu` - [ ] Ports 80/443 forwarded to Proxmox VM - [ ] Git repository at `https://git.lemonlink.eu/impulsivefps/LemonSec` ## Step 1: Prepare (2 minutes) ### Get your info: ```bash # Proxmox VM IP (where Portainer runs) ip addr show | grep "inet " | head -2 # e.g., 192.168.1.50 # TrueNAS IP cat /etc/motd # or check TrueNAS UI # e.g., 192.168.1.100 # Nextcloud Port (TrueNAS → Apps → Nextcloud) # e.g., 9001 # Cloudflare API Key # https://dash.cloudflare.com/profile/api-tokens → Global API Key ``` ### Generate Secrets: ```bash # Run this 3 times, save each output: openssl rand -hex 32 ``` ## Step 2: Push to Git (1 minute) ```bash cd LemonSec git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git git add . git commit -m "Initial LemonSec deployment" git push -u origin main ``` ## Step 3: Deploy in Portainer (3 minutes) ### 3.1 Create Stack 1. Open Portainer: `http://your-proxmox-vm:9000` 2. **Stacks** → **Add Stack** 3. Select **Repository** 4. Fill in: - **Name**: `lemonsec` - **Repository URL**: `https://git.lemonlink.eu/impulsivefps/LemonSec` - **Compose path**: `docker-compose.yml` ### 3.2 Add Environment Variables Copy/paste from `stack.env` and fill in your values: ``` CF_API_EMAIL=your-email@example.com CF_API_KEY=your-cloudflare-global-api-key TRUENAS_IP=192.168.1.100 TRUENAS_NEXTCLOUD_PORT=9001 AUTHELIA_JWT_SECRET=aaaa... (64 hex chars) AUTHELIA_SESSION_SECRET=bbbb... (64 hex chars) AUTHELIA_STORAGE_KEY=cccc... (64 hex chars) TZ=Europe/Stockholm ``` ### 3.3 Deploy Click **Deploy the stack** Wait for containers to start (about 30 seconds). ## Step 4: Configure CrowdSec (2 minutes) After deployment, get the API key: ```bash # SSH to Proxmox VM or use Portainer Console docker exec crowdsec cscli bouncers add traefik-bouncer # Copy the key ``` Back in Portainer: 1. **Stacks** → **lemonsec** → **Editor** 2. Add environment variable: `CROWDSEC_API_KEY=the-key-you-copied` 3. Click **Update the stack** ## Step 5: Configure TrueNAS (2 minutes) In TrueNAS Scale UI: 1. **Apps** → **Installed** → **Nextcloud** → **Edit** 2. Add Environment Variables: ``` NEXTCLOUD_TRUSTED_DOMAINS=cloud.lemonlink.eu OVERWRITEPROTOCOL=https OVERWRITEHOST=cloud.lemonlink.eu OVERWRITECLIURL=https://cloud.lemonlink.eu TRUSTED_PROXIES=192.168.1.50 # Your Proxmox VM IP ``` 3. **Save** ## Step 6: Cloudflare DNS (1 minute) 1. Login to [Cloudflare Dashboard](https://dash.cloudflare.com) 2. **DNS** → Add records: | Type | Name | Target | Proxy | |------|------|--------|-------| | A | cloud | YOUR_PUBLIC_IP | 🟠 Orange | | A | auth | YOUR_PUBLIC_IP | 🟠 Orange | 3. **SSL/TLS** → Set to **Full (strict)** ## Step 7: Test (30 seconds) Open in browser: ``` https://cloud.lemonlink.eu ``` You should see the Nextcloud login page! 🎉 ## What You Got | Service | URL | Purpose | |---------|-----|---------| | Nextcloud | `https://cloud.lemonlink.eu` | Family file sharing | | Authelia | `https://auth.lemonlink.eu` | SSO login portal | | Traefik | `https://traefik.local.lemonlink.eu` | Reverse proxy dashboard | ## Next Steps 1. **Add family to Authelia**: Edit `authelia/users_database.yml` → push → "Pull and redeploy" 2. **Add more services**: Edit `docker-compose.yml` → add routers → push → redeploy 3. **Enable monitoring**: Uncomment monitoring profile in compose ## Troubleshooting | Problem | Fix | |---------|-----| | "CF_API_EMAIL not set" | Check environment variables in Portainer | | "502 Bad Gateway" | Verify TRUENAS_IP and PORT are correct | | "Untrusted domain" | Check TrueNAS Nextcloud env vars | | No SSL certificate | Check Cloudflare API key and DNS records | ## Full Documentation - **[PORTAINER-DEPLOY.md](PORTAINER-DEPLOY.md)** - Detailed Portainer guide - **[SETUP-TRUENAS-NEXTCLOUD.md](SETUP-TRUENAS-NEXTCLOUD.md)** - TrueNAS specifics - **[GIT-REPO-SETUP.md](GIT-REPO-SETUP.md)** - Git workflow - **[MIGRATE-FROM-NPM.md](MIGRATE-FROM-NPM.md)** - If migrating from NPM --- **You're done!** Family can now access Nextcloud at `https://cloud.lemonlink.eu`