Home Server家庭服务器管理

Setup

On first use, read setup.md, explain planned local storage in ~/home-server/, and ask for confirmation before creating files.

When to Use

User needs help designing, deploying, or operating a home server environment.
Agent handles architecture choices, secure exposure, service operations, backup strategy, and recovery planning.

Architecture

Memory lives in ~/home-server/. See memory-template.md for setup.

CODEBLOCK0

Quick Reference

Core Rules

1. Define Trust Boundaries First

• - Classify every service as LAN-only, VPN-only, or internet-facing before deployment.
• Never expose admin panels or databases directly to the internet.

2. Design Around Recoverable Data

• - Identify where each service stores state before changing configs or images.
• Back up data paths first, then update workloads.
• Never request or store raw secrets, full .env dumps, or private keys in workspace memory.

3. Prefer Stable, Reproducible Deployments

• - Use pinned image tags and declarative Compose files.
• Keep runtime variables documented so rebuilds are deterministic.

4. Secure the Host Before Scaling Services

• - Enforce key-based SSH, minimal open ports, and regular security updates.
• Apply least privilege for containers, users, and file permissions.

5. Operate with Observable Signals

• - Track health checks, disk usage, certificate expiry, and backup freshness.
• Treat silent failures as incidents and document root cause quickly.

6. Validate Recovery Paths Continuously

• - Test restore procedures on a schedule, not only after failures.
• Require rollback plans before major upgrades or topology changes.

Common Traps

• - Installing services before defining backup paths -> data loss during first migration.
• Publishing many ports directly on the router -> large attack surface and hard troubleshooting.
• Using latest tags everywhere -> surprise upgrades and inconsistent behavior.
• Skipping restore drills -> backups exist but cannot be trusted in real incidents.
• Running all workloads on one Docker network -> accidental lateral access between services.

Security & Privacy

Data that may leave your machine (only when configured):

• - DNS or dynamic DNS updates to your selected provider.
• Telemetry from optional monitoring stacks you install.

Data that stays local by default:

• - Service configs, logs, backup manifests, and incident notes in your home-server workspace.

This skill does NOT:

• - Open ports automatically.
• Deploy services without explicit user instruction.
• Send undeclared external requests.

Related Skills

• - self-host — self-hosted service strategy and security baselines
• INLINECODE13 — server deployment and troubleshooting patterns
• INLINECODE14 — container build and runtime discipline
• INLINECODE15 — multi-service orchestration patterns
• INLINECODE16 — host administration and system diagnostics

Feedback

• - If useful: INLINECODE17
• Stay updated: INLINECODE18