Reorganize repo: one folder per application under apps/.

Move docker/ and configs/ into apps/<name>/ with config/ subfolders.
Proxmox split into hosts/pve and hosts/dell-proxmox. Nginx under
infrastructure/. Update sync script, RESTORE.md, and per-app READMEs.

Co-authored-by: Cursor <cursoragent@cursor.com>

README.md

@@ -1,53 +1,58 @@
 # Homelab Infrastructure Configuration
 
-Docker compose, applicatie-configs, nginx en deploy-scripts voor Synology NAS (`192.168.1.211`).
+Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox hosts.
 
-**Snel herstellen:** zie [RESTORE.md](RESTORE.md)
+**Snel herstellen:** [RESTORE.md](RESTORE.md)  
+**App-overzicht:** [apps/README.md](apps/README.md)
+
+## Structuur
+
+```
+apps/                    # Één map per applicatie
+  postgres/
+    docker-compose.yml
+    .env
+  adguard/
+    docker-compose.yml
+    config/AdGuardHome.yaml
+  proxmox/
+    hosts/
+      pve/               # 192.168.1.216
+      dell-proxmox/      # 192.168.1.56
+  sonarr/ radarr/ ...    # config/ per app
+infrastructure/
+  nginx/                 # Reverse proxy
+scripts/
+  sync-from-nas.sh
+.env                     # Globale secrets (private repo)
+```
 
 ## Repos op Gitea
 
 | Repo | Inhoud |
 |------|--------|
-| [homelab-configs](http://192.168.1.211:3000/mo/homelab-configs) | Dit repo — infra, compose, configs |
-| [homelab-command](http://192.168.1.211:3000/mo/homelab-command) | Dashboard-app + Grafana-build + mesh |
-| [ha-voice-control-mcp](http://192.168.1.211:3000/mo/ha-voice-control-mcp) | Home Assistant voice MCP |
-
-## Structuur
-
-```
-docker/
-  postgres/           # PostgreSQL homelab (5433)
-  postgres-web/       # pgAdmin (5434)
-  gitea/              # Git server (3000)
-  adguard/            # DNS/filter (host network)
-  duckdns/            # Dynamische DNS
-  homarr/             # Dashboard (4755)
-  neo4j/              # Graph DB
-  portainer/          # Docker UI (9000)
-  remotely/           # Remote support (8080)
-  excalidraw/         # Whiteboard (3765)
-  guacamole/          # Remote desktop (8348)
-  wazuh/              # SIEM
-  ha-voice-control/   # HA MCP (8765)
-  monitoring/         # Prometheus + refs naar homelab-command
-  homelab-command/    # README → aparte repo
-configs/
-  adguard/            # AdGuardHome.yaml
-  homarr/             # Dashboard JSON
-  home-assistant/
-  prowlarr/ sonarr/ radarr/ qbittorrent/ sabnzbd/
-  proxmox/
-nginx/
-scripts/
-  sync-from-nas.sh    # NAS → git vóór commit
-```
+| [homelab-configs](http://192.168.1.211:3000/mo/homelab-configs) | Dit repo |
+| [homelab-command](http://192.168.1.211:3000/mo/homelab-command) | Dashboard + Grafana-build + mesh |
+| [ha-voice-control-mcp](http://192.168.1.211:3000/mo/ha-voice-control-mcp) | HA voice MCP |
 
 ## Workflow
 
-1. Wijziging op NAS → `sh scripts/sync-from-nas.sh`
-2. `git add -A && git commit && git push`
-3. Bij disaster → [RESTORE.md](RESTORE.md)
+```bash
+# 1. Sync live configs van NAS
+sh scripts/sync-from-nas.sh
 
-## Poorten
+# 2. Commit
+cd /volume1/docker/homelab-configs
+git add -A && git commit -m "sync configs" && git push
 
-Zie RESTORE.md tabel.
+# 3. Service starten
+cd apps/postgres && docker compose up -d
+```
+
+## Proxmox backup
+
+```bash
+scp -r root@192.168.1.216:/etc/pve/* apps/proxmox/hosts/pve/
+scp -r root@192.168.1.56:/etc/pve/* apps/proxmox/hosts/dell-proxmox/
+git add apps/proxmox && git commit -m "proxmox backup"
+```

RESTORE.md

@@ -1,8 +1,8 @@
-# Snel herstellen na NAS-reset of nieuwe host
+# Snel herstellen na NAS-reset
 
-**NAS:** `192.168.1.211` · **Gitea:** http://192.168.1.211:3000
+**NAS:** `192.168.1.211` · **Gitea:** http://192.168.1.211:3000 (private)
 
-## 1. Clone repos
+## 1. Clone
 
 ```bash
 mkdir -p /volume1/docker /volume1/homes/mo
@@ -10,29 +10,30 @@ git clone http://192.168.1.211:3000/mo/homelab-configs.git /volume1/docker/homel
 git clone http://192.168.1.211:3000/mo/homelab-command.git /volume1/homes/mo/homelab-command
 ```
 
+Repo-pad: `CFG=/volume1/docker/homelab-configs`
+
 ## 2. Secrets
 
-Wachtwoorden staan in `.env` / `.env.example` (private Gitea-repo).  
-Optioneel: `cp .env.example .env` per service als `.env` ontbreekt.
+Wachtwoorden staan in `.env` en per-app `.env` (private repo).
 
-## 3. Startvolgorde (Docker)
+## 3. Startvolgorde
 
-| Stap | Service | Commando |
-|------|---------|----------|
-| 1 | Netwerk monitoring | `docker network create homelab-monitor` |
-| 2 | PostgreSQL | `cd /volume1/docker/homelab-configs/docker/postgres && docker compose up -d` |
-| 3 | Gitea | `cd .../docker/gitea && docker compose up -d` |
-| 4 | AdGuard | Zet `configs/adguard/AdGuardHome.yaml` op NAS, dan `docker/adguard` |
-| 5 | DuckDNS | `docker/duckdns` met `.env` |
-| 6 | Neo4j | `docker/neo4j` |
-| 7 | pgAdmin | `docker/postgres-web` |
-| 8 | Monitoring | Zie `docker/monitoring/README.md` + homelab-command build |
-| 9 | Homelab Command | `homelab-command`: `docker compose -f docker-compose.homelab.yml up -d --build` |
-| 10 | Mesh (NATS) | `homelab-command`: `docker compose -f docker-compose.mesh.yml up -d` |
-| 11 | Homarr, Portainer, Remotely, Excalidraw | elk in `docker/<naam>/` |
-| 12 | Overige | Guacamole, Wazuh, HA-voice — zie `docker/` submappen |
+| # | App | Commando |
+|---|-----|----------|
+| 1 | Netwerk | `docker network create homelab-monitor` |
+| 2 | PostgreSQL | `cd $CFG/apps/postgres && docker compose up -d` |
+| 3 | Gitea | `cd $CFG/apps/gitea && docker compose up -d` |
+| 4 | AdGuard | Kopieer `apps/adguard/config/` → `/volume1/docker/Configs/adguard/`, dan `cd $CFG/apps/adguard && docker compose up -d` |
+| 5 | DuckDNS | `cd $CFG/apps/duckdns && docker compose up -d` |
+| 6 | Neo4j | `cd $CFG/apps/neo4j && docker compose up -d` |
+| 7 | pgAdmin | `cd $CFG/apps/pgadmin && docker compose up -d` |
+| 8 | Monitoring | Zie `apps/monitoring/README.md` + build in homelab-command |
+| 9 | Homelab Command | `cd /volume1/homes/mo/homelab-command && docker compose -f docker-compose.homelab.yml up -d --build` |
+| 10 | NATS mesh | `cd homelab-command && docker compose -f docker-compose.mesh.yml up -d` |
+| 11 | Homarr | Kopieer `apps/homarr/config/*.json` → `/volume1/docker/homarr/`, dan `cd $CFG/apps/homarr && docker compose up -d` |
+| 12 | Overige | portainer, remotely, excalidraw, guacamole, wazuh — elk `cd $CFG/apps/<naam>` |
 
-Na stap 8: verbind containers op `homelab-monitor`:
+Monitoring-netwerk koppelen:
 
 ```bash
 for c in postgres-homelab neo4j prometheus-homelab postgres-exporter-homelab grafana-homelab; do
@@ -40,26 +41,24 @@ for c in postgres-homelab neo4j prometheus-homelab postgres-exporter-homelab gra
 done
 ```
 
-## 4. Config terugzetten
+## 4. Config terugzetten (niet-Docker)
 
-| Wat | Bron in git | NAS-pad |
-|-----|-------------|---------|
-| Homarr | `configs/homarr/*.json` | `/volume1/docker/homarr/` |
-| AdGuard | `configs/adguard/AdGuardHome.yaml` | `/volume1/docker/Configs/adguard/` |
-| pgAdmin servers | `docker/postgres-web/servers.json` | naast compose |
-| *arr / HA / Proxmox | `configs/` | zie README.md structuur |
+| App | Git | NAS |
+|-----|-----|-----|
+| Homarr | `apps/homarr/config/` | `/volume1/docker/homarr/` |
+| AdGuard | `apps/adguard/config/` | `/volume1/docker/Configs/adguard/` |
+| Home Assistant | `apps/home-assistant/config/` | `/volume1/docker/Configs/HA/config/` |
+| *arr / qbit | `apps/<naam>/config/` | `/volume1/docker/Configs/<Naam>/` |
+| Proxmox | `apps/proxmox/hosts/<host>/` | `/etc/pve/` op betreffende node |
 
-## 5. Sync vóór commit
+## 5. Proxmox hosts
 
-```bash
-sh /volume1/docker/homelab-configs/scripts/sync-from-nas.sh
-cd /volume1/docker/homelab-configs && git add -A && git status
-```
+Zie [apps/proxmox/README.md](apps/proxmox/README.md).
 
-## Poorten (referentie)
+## Poorten
 
-| Poort | Service |
-|-------|---------|
+| Poort | App |
+|-------|-----|
 | 3000 | Gitea |
 | 3002 | Grafana |
 | 4222 | NATS |

apps/README.md

@@ -0,0 +1,55 @@
+# Apps — overzicht
+
+Elke map = **één applicatie**. Bevat `docker-compose.yml`, `.env`, en/of `config/` waar van toepassing.
+
+**NAS-repo:** `/volume1/docker/homelab-configs`  
+**Starten:** `cd apps/<naam> && docker compose up -d`
+
+## Docker op Synology (192.168.1.211)
+
+| App | Map | Poort | Container | Data op NAS |
+|-----|-----|-------|-----------|-------------|
+| PostgreSQL | [postgres](postgres/) | 5433 | postgres-homelab | `/volume1/docker/postgres/data` |
+| pgAdmin | [pgadmin](pgadmin/) | 5434 | pgadmin | volume |
+| Gitea | [gitea](gitea/) | 3000 | gitea | docker volumes |
+| AdGuard Home | [adguard](adguard/) | 53, 3001 | Adguard | config in repo → `/volume1/docker/Configs/adguard` |
+| DuckDNS | [duckdns](duckdns/) | — | duckdns | — |
+| Neo4j | [neo4j](neo4j/) | 49153–49155 | neo4j | `/volume1/docker/neo4j` |
+| Homarr | [homarr](homarr/) | 4755 | homarr | `/volume1/docker/homarr` |
+| Portainer | [portainer](portainer/) | 9000 | portainer | `/volume1/docker/portainer` |
+| Remotely | [remotely](remotely/) | 8080 | remotely | `/volume1/docker/remotely` |
+| Excalidraw | [excalidraw](excalidraw/) | 3765 | Excalidraw | — |
+| Guacamole | [guacamole](guacamole/) | 8348 | Guacamole | `/volume1/docker/guacamole` |
+| Wazuh | [wazuh](wazuh/) | — | — | `/volume1/docker/wazuh` |
+| HA Voice MCP | [ha-voice-control](ha-voice-control/) | 8765 | ha-voice-control | build |
+| Monitoring | [monitoring](monitoring/) | 9090, 3002, 9187 | prometheus, grafana, exporter | volumes |
+| Homelab Command | [homelab-command](homelab-command/) | 8765 | homelab-command | aparte repo |
+
+## Media / automation (configs, draaien op Proxmox LXC)
+
+| App | Map | Config-bron op NAS |
+|-----|-----|-------------------|
+| Sonarr | [sonarr](sonarr/) | `/volume1/docker/Configs/Sonarr` |
+| Radarr | [radarr](radarr/) | `/volume1/docker/Configs/Radarr` |
+| Prowlarr | [prowlarr](prowlarr/) | `/volume1/docker/Configs/Prowlarr` |
+| qBittorrent | [qbittorrent](qbittorrent/) | `/volume1/docker/Configs/QBitTorrent` |
+| SABnzbd | [sabnzbd](sabnzbd/) | `/volume1/docker/Configs/Sabnzb` |
+| Home Assistant | [home-assistant](home-assistant/) | `/volume1/docker/Configs/HA/config` |
+
+## Proxmox hosts
+
+| Host | Map | IP |
+|------|-----|-----|
+| pve (RTX 3090, PVE 9) | [proxmox/hosts/pve](proxmox/hosts/pve/) | 192.168.1.216 |
+| dell-proxmox (Dell, PVE 8) | [proxmox/hosts/dell-proxmox](proxmox/hosts/dell-proxmox/) | 192.168.1.56 |
+
+Zie [proxmox/README.md](proxmox/README.md).
+
+## Reverse proxy
+
+Nginx-configs: [../infrastructure/nginx/](../infrastructure/nginx/)
+
+## Aparte Gitea-repos
+
+- **homelab-command** — dashboard, Grafana-build, NATS mesh
+- **ha-voice-control-mcp** — MCP server

apps/adguard/README.md

@@ -0,0 +1,8 @@
+# adguard
+
+| | |
+|---|---|
+| **Poort** | zie compose |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/adguard/docker-compose.yml

@@ -1,5 +1,5 @@
 # AdGuard Home — DNS + filtering (host network, poort 53 + web UI).
-# Config: configs/adguard/AdGuardHome.yaml → mount naar /opt/adguardhome/conf
+# Config: apps/adguard/config/AdGuardHome.yaml → /volume1/docker/Configs/adguard/
 
 services:
   adguard:

apps/duckdns/README.md

@@ -0,0 +1,8 @@
+# duckdns
+
+| | |
+|---|---|
+| **Poort** | zie compose |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/excalidraw/README.md

@@ -0,0 +1,8 @@
+# excalidraw
+
+| | |
+|---|---|
+| **Poort** | 3765 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/gitea/README.md

@@ -0,0 +1,8 @@
+# gitea
+
+| | |
+|---|---|
+| **Poort** | 3000 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/guacamole/README.md

@@ -0,0 +1,8 @@
+# guacamole
+
+| | |
+|---|---|
+| **Poort** | 8348 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/ha-voice-control/README.md

@@ -0,0 +1,8 @@
+# ha-voice-control
+
+| | |
+|---|---|
+| **Poort** | zie compose |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/homarr/README.md

@@ -0,0 +1,8 @@
+# homarr
+
+| | |
+|---|---|
+| **Poort** | 4755 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/home-assistant/README.md

@@ -0,0 +1,10 @@
+# Home Assistant
+
+Config-only — HA draait op `192.168.1.235:8123`.
+
+| | |
+|---|---|
+| **Git** | `config/*.yaml` |
+| **NAS backup** | `/volume1/docker/Configs/HA/config` |
+
+Sync: `sh scripts/sync-from-nas.sh`

apps/homelab-command/README.md

@@ -12,4 +12,4 @@ cp .env.example .env   # vul in
 docker compose -f docker-compose.homelab.yml up -d --build
 ```
 
-Zie ook `docker/monitoring/` in homelab-configs voor Prometheus/Grafana compose.
+Zie ook `apps/monitoring/` in homelab-configs voor Prometheus/Grafana compose.

apps/monitoring/docker-compose.grafana.yml

@@ -24,8 +24,8 @@ services:
     ports:
       - "${PROMETHEUS_PORT:-9090}:9090"
     volumes:
-      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
-      - ./prometheus/targets:/etc/prometheus/targets:ro
+      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - ./monitoring/prometheus/targets:/etc/prometheus/targets:ro
       - prometheus-homelab-data:/prometheus
     command:
       - --config.file=/etc/prometheus/prometheus.yml
@@ -46,7 +46,9 @@ services:
       - homelab-monitor
 
   grafana:
-    # Bouw image vanuit homelab-command repo (zie docker/monitoring/README.md)
+    build:
+      context: .
+      dockerfile: Dockerfile.grafana
     image: grafana-homelab:latest
     container_name: grafana-homelab
     restart: unless-stopped
@@ -54,7 +56,7 @@ services:
       - "${GRAFANA_PORT:-3002}:3000"
     environment:
       GF_SECURITY_ADMIN_USER: ${GRAFANA_ADMIN_USER:-admin}
-      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-WaQTUw2t}
+      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-changeme_grafana}
       GF_USERS_DEFAULT_THEME: dark
       GF_SERVER_ROOT_URL: ${GRAFANA_ROOT_URL:-http://localhost:3002}
       PG_USER: ${PG_USER:-mo}
@@ -62,7 +64,9 @@ services:
       HOMELAB_PG_PASSWORD: ${PG_PASSWORD:-}
     volumes:
       - grafana-homelab-data:/var/lib/grafana
-      # Grafana provisioning/dashboards: clone homelab-command en mount paden daar
+      - ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards:ro
+      - ./grafana/dashboards/homelab:/var/lib/grafana/dashboards/homelab:ro
+      - ./grafana/dashboards/imported:/var/lib/grafana/dashboards/imported:ro
     depends_on:
       - prometheus
     networks:

apps/neo4j/README.md

@@ -0,0 +1,8 @@
+# neo4j
+
+| | |
+|---|---|
+| **Poort** | 49153 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/pgadmin/README.md

@@ -0,0 +1,8 @@
+# pgadmin
+
+| | |
+|---|---|
+| **Poort** | 5434 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/portainer/README.md

@@ -0,0 +1,8 @@
+# portainer
+
+| | |
+|---|---|
+| **Poort** | 9000 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/postgres/README.md

@@ -0,0 +1,8 @@
+# postgres
+
+| | |
+|---|---|
+| **Poort** | 5433 |
+| **Start** | `docker compose up -d` |
+
+Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).

apps/prowlarr/README.md

@@ -0,0 +1,10 @@
+# Prowlarr
+
+Config-only (draait op Proxmox LXC).
+
+| | |
+|---|---|
+| **Git** | `config/config.xml`, `config/Definitions/` |
+| **NAS** | `/volume1/docker/Configs/Prowlarr` |
+
+Sync: `sh scripts/sync-from-nas.sh`