Configuration¶

This guide covers post-installation configuration of Omakase services.

Environment Variables¶

All environment variables are managed through Infisical. See Secrets Management for details.

Required for all deployments:

Variable	Description	Example
`DATA_DIR`	Base directory for persistent data	`/mnt/storage/omakase`
`DOMAINNAME`	Base domain for services	`example.com`
`TRAEFIK_TRUSTED_IPS`	Trusted IP ranges	`192.168.1.0/24`
`PUID`	User ID for non-root execution	`1000`
`PGID`	Group ID for non-root execution	`1000`
`TZ`	Timezone	`Europe/Rome`

Each service requires its own set of secrets following the pattern: <SERVICE>_<COMPONENT>_<PURPOSE>

Example:

NEXTCLOUD_DB_PASSWORD=secure-password
NEXTCLOUD_ADMIN_PASSWORD=another-secure-password
VAULTWARDEN_ADMIN_TOKEN=token-here

Authelia provides single sign-on for all services.

Traefik automatically discovers services via Docker labels.

Configure TLS: - Automatic Let's Encrypt certificates - Custom certificate resolver: letsencrypt - DNS challenge for wildcard certificates

Configure security collections:

docker exec crowdsec cscli collections list
docker exec crowdsec cscli collections install crowdsecurity/traefik

Services use isolated networks. See Network Architecture for details.

To check allocated subnets:

make network

Standard layout:

${DATA_DIR}/
├── service-name/
│   ├── config/
│   ├── data/
│   └── logs/

Ensure correct ownership:

chown -R ${PUID}:${PGID} ${DATA_DIR}/service-name

See Backup Guide for configuring automated backups.

Configure monitoring dashboards: - Dozzle: Real-time container logs - Homepage: Service dashboard - Portainer: Container management