# Server Reference Documentation for the home infrastructure — two servers working together. ## Servers | Server | Role | Docs | | ------------------------- | ---------------------------------------------------------- | ------------------ | | **Homelab** | Primary server. Runs most services. | [[homelab/README]] | | **Pihole / Raspberry Pi** | Secondary server. DNS, Home Assistant, Tailscale bridging. | [[pihole/README]] | --- ## Tailscale Sidecar Setup The standard pattern for exposing a service via Tailscale. Used across nearly every stack. 1. Create your service container and a Tailscale sidecar container 2. On the sidecar, set: ```yaml network_mode: "service:[service-name]" ``` 3. Connect to the sidecar via SSH or the Tailscale admin console and run: ``` tailscale funnel --bg [port] ``` The sidecar shares the main container's network namespace, so Tailscale sees the service's ports as its own. --- ## Credentials & Tokens All credentials are stored in an encrypted file: `credentials.gpg` (AES256, GPG symmetric). To decrypt: ```bash gpg -d "credentials.gpg" ``` Requires GPG — available on Linux/macOS natively, or [GPG4Win](https://gpg4win.org) on Windows. Works fully offline. --- ## File Index ``` 21-Server Reference/ ├── README.md ← You are here ├── AI-UPDATE-INSTRUCTIONS.md ← How to pull live data and update these docs ├── credentials.gpg ← Encrypted credentials (GPG AES256) ├── homelab/ │ ├── README.md — Homelab overview & stack index │ ├── hardware.md — CPU, RAM, storage │ ├── network.md — IPs, ports, Tailscale nodes, Docker networks │ ├── environments.md — Dockhand environments (Homelab + Pihole) │ └── stacks/ │ ├── README.md — All stacks at a glance │ ├── dockhand.md │ ├── minecraft.md │ ├── mealie.md │ ├── linkwarden.md │ ├── gitea.md │ ├── matrix.md │ ├── homepage.md │ ├── n8n.md │ ├── calibre.md │ ├── gluetun.md │ ├── openproject.md │ └── melodix.md └── pihole/ ├── README.md — Pi overview └── stacks/ ├── home_assistant.md ├── ts_kh_bridge.md └── portainer_agent.md ```