From 290da029361ce3d3eb0cc4c22bc2aa9760314570 Mon Sep 17 00:00:00 2001
From: mo <mo@homelab.local>
Date: Sun, 17 May 2026 13:17:16 +0200
Subject: [PATCH] Restore real credentials in private repo configs.

Passwords and tokens in compose defaults, .env files, and servers.json
for quick NAS restore without manual secret setup.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .env                                         | 26 ++++++++++++++++++++
 .env.example                                 | 20 ++++++++++-----
 .gitignore                                   |  5 ++--
 RESTORE.md                                   |  4 +--
 docker/duckdns/.env                          |  7 ++++++
 docker/duckdns/.env.example                  |  2 +-
 docker/duckdns/docker-compose.yml            |  4 +--
 docker/ha-voice-control/docker-compose.yml   |  4 +--
 docker/monitoring/docker-compose.grafana.yml |  2 +-
 docker/neo4j/docker-compose.yml              |  2 +-
 docker/postgres-web/docker-compose.yml       |  2 +-
 docker/postgres-web/servers.json             |  2 +-
 docker/postgres-web/servers.json.example     |  2 +-
 docker/postgres/.env                         |  5 ++++
 docker/postgres/.env.example                 |  2 +-
 docker/postgres/docker-compose.yml           |  2 +-
 16 files changed, 68 insertions(+), 23 deletions(-)
 create mode 100644 .env
 create mode 100644 docker/duckdns/.env
 create mode 100644 docker/postgres/.env

diff --git a/.env b/.env
new file mode 100644
index 0000000..c1db120
--- /dev/null
+++ b/.env
@@ -0,0 +1,26 @@
+# Private homelab — echte credentials (repo is privé op Gitea)
+
+NAS_IP=192.168.1.211
+POSTGRES_USER=mo
+POSTGRES_PASSWORD=WaQTUw2t
+POSTGRES_DB=homelab
+PG_HOST_PORT=5433
+
+GRAFANA_ADMIN_USER=admin
+GRAFANA_ADMIN_PASSWORD=WaQTUw2t
+GRAFANA_ROOT_URL=http://192.168.1.211:3002
+
+PGADMIN_PASSWORD=WaQTUw2t
+PGADMIN_EMAIL=mo@el-kadi.nl
+
+NEO4J_AUTH=neo4j/WaQTUw2t
+DUCKDNS_SUBDOMAINS=mohome020
+DUCKDNS_TOKEN=8787f708-da03-41ed-97de-306436021d91
+
+ADGUARD_USERNAME=mo
+ADGUARD_PASSWORD=WaQTUw2t
+
+UNIFI_CONTROLLER_URL=https://192.168.1.24
+UNIFI_USERNAME=mo
+UNIFI_PASSWORD=WaQTUw2t123!
+UNIFI_SITE=default
diff --git a/.env.example b/.env.example
index 48bf6dc..c1db120 100644
--- a/.env.example
+++ b/.env.example
@@ -1,18 +1,26 @@
-# Globale referentie — per service staat een eigen .env.example in docker/<service>/
+# Private homelab — echte credentials (repo is privé op Gitea)
 
 NAS_IP=192.168.1.211
 POSTGRES_USER=mo
-POSTGRES_PASSWORD=changeme
+POSTGRES_PASSWORD=WaQTUw2t
 POSTGRES_DB=homelab
 PG_HOST_PORT=5433
 
 GRAFANA_ADMIN_USER=admin
-GRAFANA_ADMIN_PASSWORD=changeme_grafana
+GRAFANA_ADMIN_PASSWORD=WaQTUw2t
 GRAFANA_ROOT_URL=http://192.168.1.211:3002
 
-PGADMIN_PASSWORD=changeme
+PGADMIN_PASSWORD=WaQTUw2t
 PGADMIN_EMAIL=mo@el-kadi.nl
 
-NEO4J_AUTH=neo4j/changeme
+NEO4J_AUTH=neo4j/WaQTUw2t
 DUCKDNS_SUBDOMAINS=mohome020
-DUCKDNS_TOKEN=your-token
+DUCKDNS_TOKEN=8787f708-da03-41ed-97de-306436021d91
+
+ADGUARD_USERNAME=mo
+ADGUARD_PASSWORD=WaQTUw2t
+
+UNIFI_CONTROLLER_URL=https://192.168.1.24
+UNIFI_USERNAME=mo
+UNIFI_PASSWORD=WaQTUw2t123!
+UNIFI_SITE=default
diff --git a/.gitignore b/.gitignore
index d2ee129..36b217b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,9 +2,8 @@
 .DS_Store
 Thumbs.db
 *.bak
-.env
-.env.*
-!.env.example
+.env.local
+*.local
 
 # Runtime data (niet in git)
 *.db
diff --git a/RESTORE.md b/RESTORE.md
index fe2dca5..2994228 100644
--- a/RESTORE.md
+++ b/RESTORE.md
@@ -12,8 +12,8 @@ git clone http://192.168.1.211:3000/mo/homelab-command.git /volume1/homes/mo/hom
 
 ## 2. Secrets
 
-Kopieer per service `.env.example` → `.env` en vul wachtwoorden in.  
-**Nooit** echte `.env` committen.
+Wachtwoorden staan in `.env` / `.env.example` (private Gitea-repo).  
+Optioneel: `cp .env.example .env` per service als `.env` ontbreekt.
 
 ## 3. Startvolgorde (Docker)
 
diff --git a/docker/duckdns/.env b/docker/duckdns/.env
new file mode 100644
index 0000000..406abb7
--- /dev/null
+++ b/docker/duckdns/.env
@@ -0,0 +1,7 @@
+PUID=1026
+PGID=100
+TZ=Europe/Brussels
+DUCKDNS_SUBDOMAINS=mohome020
+DUCKDNS_TOKEN=8787f708-da03-41ed-97de-306436021d91
+DUCKDNS_UPDATE_IP=true
+DUCKDNS_INTERVAL=300
diff --git a/docker/duckdns/.env.example b/docker/duckdns/.env.example
index 9b4ea9b..406abb7 100644
--- a/docker/duckdns/.env.example
+++ b/docker/duckdns/.env.example
@@ -2,6 +2,6 @@ PUID=1026
 PGID=100
 TZ=Europe/Brussels
 DUCKDNS_SUBDOMAINS=mohome020
-DUCKDNS_TOKEN=your-duckdns-token
+DUCKDNS_TOKEN=8787f708-da03-41ed-97de-306436021d91
 DUCKDNS_UPDATE_IP=true
 DUCKDNS_INTERVAL=300
diff --git a/docker/duckdns/docker-compose.yml b/docker/duckdns/docker-compose.yml
index cc833ac..22a4204 100644
--- a/docker/duckdns/docker-compose.yml
+++ b/docker/duckdns/docker-compose.yml
@@ -10,7 +10,7 @@ services:
       PUID: ${PUID:-1026}
       PGID: ${PGID:-100}
       TZ: ${TZ:-Europe/Brussels}
-      SUBDOMAINS: ${DUCKDNS_SUBDOMAINS:?}
-      TOKEN: ${DUCKDNS_TOKEN:?}
+      SUBDOMAINS: ${DUCKDNS_SUBDOMAINS:-mohome020}
+      TOKEN: ${DUCKDNS_TOKEN:-8787f708-da03-41ed-97de-306436021d91}
       UPDATE_IP: ${DUCKDNS_UPDATE_IP:-true}
       INTERVAL: ${DUCKDNS_INTERVAL:-300}
diff --git a/docker/ha-voice-control/docker-compose.yml b/docker/ha-voice-control/docker-compose.yml
index e4968ce..818b2ed 100644
--- a/docker/ha-voice-control/docker-compose.yml
+++ b/docker/ha-voice-control/docker-compose.yml
@@ -25,11 +25,11 @@ services:
       - PG_HOST=localhost
       - PG_PORT=5433
       - PG_USER=mo
-      - PG_PASSWORD=${PG_PASSWORD:?}
+      - PG_PASSWORD=${PG_PASSWORD:-WaQTUw2t}
       - PG_DATABASE=homelab
       - NEO4J_URI=neo4j://localhost:49153
       - NEO4J_USER=neo4j
-      - NEO4J_PASSWORD=${NEO4J_PASSWORD:-}
+      - NEO4J_PASSWORD=${NEO4J_PASSWORD:-WaQTUw2t}
 
     volumes:
       - whisper-cache:/root/.cache/huggingface
diff --git a/docker/monitoring/docker-compose.grafana.yml b/docker/monitoring/docker-compose.grafana.yml
index 91255c6..6e6602f 100644
--- a/docker/monitoring/docker-compose.grafana.yml
+++ b/docker/monitoring/docker-compose.grafana.yml
@@ -54,7 +54,7 @@ services:
       - "${GRAFANA_PORT:-3002}:3000"
     environment:
       GF_SECURITY_ADMIN_USER: ${GRAFANA_ADMIN_USER:-admin}
-      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-changeme_grafana}
+      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-WaQTUw2t}
       GF_USERS_DEFAULT_THEME: dark
       GF_SERVER_ROOT_URL: ${GRAFANA_ROOT_URL:-http://localhost:3002}
       PG_USER: ${PG_USER:-mo}
diff --git a/docker/neo4j/docker-compose.yml b/docker/neo4j/docker-compose.yml
index 636e139..d6f45f2 100644
--- a/docker/neo4j/docker-compose.yml
+++ b/docker/neo4j/docker-compose.yml
@@ -11,6 +11,6 @@ services:
       - "${NEO4J_HTTP_PORT:-49154}:7474"
       - "${NEO4J_HTTPS_PORT:-49155}:7473"
     environment:
-      NEO4J_AUTH: ${NEO4J_AUTH:-neo4j/changeme}
+      NEO4J_AUTH: ${NEO4J_AUTH:-neo4j/WaQTUw2t}
     volumes:
       - ${NEO4J_DATA_DIR:-/volume1/docker/neo4j}:/data
diff --git a/docker/postgres-web/docker-compose.yml b/docker/postgres-web/docker-compose.yml
index ee08e23..833d24a 100644
--- a/docker/postgres-web/docker-compose.yml
+++ b/docker/postgres-web/docker-compose.yml
@@ -18,7 +18,7 @@ services:
     environment:
       # Standaard inlog voor de web UI
       - PGADMIN_DEFAULT_EMAIL=mo@el-kadi.nl
-      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:?Zet PGADMIN_PASSWORD in .env}
+      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:-WaQTUw2t}
       # Masquerade root URL voor nginx reverse proxy
       - PGADMIN_CONFIG_SERVER_MODE=True
       - PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED=False
diff --git a/docker/postgres-web/servers.json b/docker/postgres-web/servers.json
index f3c9e11..aee57ca 100644
--- a/docker/postgres-web/servers.json
+++ b/docker/postgres-web/servers.json
@@ -7,7 +7,7 @@
       "Port": 5433,
       "MaintenanceDB": "homelab",
       "Username": "mo",
-      "Password": "",
+      "Password": "WaQTUw2t",
       "SSLMode": "prefer",
       "PassFile": "",
       "SSLCert": "",
diff --git a/docker/postgres-web/servers.json.example b/docker/postgres-web/servers.json.example
index 59a0cdf..e6cb3af 100644
--- a/docker/postgres-web/servers.json.example
+++ b/docker/postgres-web/servers.json.example
@@ -7,7 +7,7 @@
       "Port": 5433,
       "MaintenanceDB": "homelab",
       "Username": "mo",
-      "Password": "VUL_IN_PGADMIN_UI",
+      "Password": "WaQTUw2t",
       "SSLMode": "prefer",
       "Comment": "Synology NAS — Homelab dashboard database"
     }
diff --git a/docker/postgres/.env b/docker/postgres/.env
new file mode 100644
index 0000000..65e247d
--- /dev/null
+++ b/docker/postgres/.env
@@ -0,0 +1,5 @@
+POSTGRES_USER=mo
+POSTGRES_PASSWORD=WaQTUw2t
+POSTGRES_DB=homelab
+PG_HOST_PORT=5433
+PG_DATA_DIR=/volume1/docker/postgres/data
diff --git a/docker/postgres/.env.example b/docker/postgres/.env.example
index 2f03021..65e247d 100644
--- a/docker/postgres/.env.example
+++ b/docker/postgres/.env.example
@@ -1,5 +1,5 @@
 POSTGRES_USER=mo
-POSTGRES_PASSWORD=changeme
+POSTGRES_PASSWORD=WaQTUw2t
 POSTGRES_DB=homelab
 PG_HOST_PORT=5433
 PG_DATA_DIR=/volume1/docker/postgres/data
diff --git a/docker/postgres/docker-compose.yml b/docker/postgres/docker-compose.yml
index 7d1fd2d..a13b136 100644
--- a/docker/postgres/docker-compose.yml
+++ b/docker/postgres/docker-compose.yml
@@ -11,7 +11,7 @@ services:
       - "${PG_HOST_PORT:-5433}:5432"
     environment:
       POSTGRES_USER: ${POSTGRES_USER:-mo}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Zet POSTGRES_PASSWORD in .env}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-WaQTUw2t}
       POSTGRES_DB: ${POSTGRES_DB:-homelab}
     volumes:
       - ${PG_DATA_DIR:-/volume1/docker/postgres/data}:/var/lib/postgresql/data