Bookstack

Self-hosted wiki platform. Used as the internal knowledge base for homelab documentation.

Where it runs

• Host: Nexus (192.168.1.226)
• UI: http://192.168.1.226:6875
• Managed by: Komodo — auto-deployed on every push to main
• Compose file: bookstack/docker-compose.yml in homelab-docker repo

Docker

Two containers defined in the same compose file:

Container	Image	Role
bookstack	linuxserver/bookstack	Application
bookstack_db	linuxserver/mariadb	Database (MariaDB)

Both containers share a single .env file for credentials.

Data volumes:

Path on Nexus	Contents
/mnt/server/containers/bookstack/	App config and uploads
/mnt/server/containers/bookstack/DB/	MariaDB data

Secrets

Runtime .env lives only on Nexus at /home/matt/repos/homelab-docker/bookstack/.env — gitignored, read directly by docker compose up -d. Contains: APP_URL, DB credentials.

An encrypted backup exists at bookstack/.env.enc (SOPS/age) committed to git for disaster recovery. Either the Nexus or Atlas age key can decrypt it.

Decrypt the backup:

sops -d --input-type dotenv --output-type dotenv bookstack/.env.enc > bookstack/.env

Never commit the plaintext .env — the gitignore blocks **/.env automatically.

Renovate

Renovate opens PRs for both linuxserver/bookstack and linuxserver/mariadb image updates. These require extra care before merging:

• Bookstack major versions — check the changelog for breaking changes; back up before merging.
• MariaDB major versions — major version upgrades require manual migration steps. Back up the database before merging any MariaDB major version PR.

Before merging any update to a stateful service, take a manual snapshot:

ssh matt@192.168.1.226
tar czf /mnt/server/containers/backups/bookstack-pre-upgrade-$(date +%Y%m%d).tar.gz \
  /mnt/server/containers/bookstack

Backup

What	Method
MariaDB data and app uploads	PBS daily backup of /mnt/server/containers/ on Nexus
Secrets (.env)	bookstack/.env.enc encrypted in git

Troubleshooting

# App container logs
ssh matt@192.168.1.226 'docker logs bookstack --tail 50'

# Database container logs
ssh matt@192.168.1.226 'docker logs bookstack_db --tail 50'

# Manual redeploy (e.g. after restoring .env or rolling back a tag)
ssh matt@192.168.1.226 'cd /home/matt/repos/homelab-docker/bookstack && docker compose up -d'

# Decrypt secrets backup after a Nexus rebuild
sops -d --input-type dotenv --output-type dotenv bookstack/.env.enc > bookstack/.env

Service broken after image update — rollback

# Edit the compose file on Nexus to restore the old tag, then redeploy
ssh matt@192.168.1.226
vi /home/matt/repos/homelab-docker/bookstack/docker-compose.yml
docker compose -f /home/matt/repos/homelab-docker/bookstack/docker-compose.yml up -d

# Or: revert the merge commit in Forgejo — Komodo redeploys on next push to main

Webhook fired but Bookstack didn't update

1. Check Forgejo webhook delivery log: repo → Settings → Webhooks → recent deliveries
2. Confirm Komodo is reachable: curl http://192.168.1.226:9120
3. Check Komodo run history: Komodo UI → Procedures → expand the latest run
4. Manual redeploy: ssh matt@192.168.1.226 'cd /home/matt/repos/homelab-docker/bookstack && docker compose up -d'

.env missing or corrupted on Nexus

ssh matt@192.168.1.226
cd /home/matt/repos/homelab-docker
sops -d --input-type dotenv --output-type dotenv bookstack/.env.enc > bookstack/.env
docker compose -f bookstack/docker-compose.yml up -d