Provides comprehensive Docker management capabilities including listing, monitoring, and controlling containers and Dockge stacks, reading and writing compose files, managing volumes and networks, and executing commands in containers.
Enables monitoring of OPNsense firewall status and restarting services through the OPNsense API.
Provides tools for checking ZFS pool health, managing datasets, retrieving alerts, and creating snapshots through the TrueNAS API.
Homelab MCP Server
A remote MCP (Model Context Protocol) server for managing homelab infrastructure. Provides Claude with tools to monitor and manage Docker containers, OPNsense firewall, TrueNAS storage, Proxmox virtualization, and Home Assistant service status.
Features
4 Capability Levels: From read-only monitoring to full management control
Docker Management: List, monitor, control containers and Dockge stacks
OPNsense Integration: Monitor firewall status and restart services
TrueNAS Integration: Check pool health, manage datasets, create snapshots
Proxmox Integration: Monitor and manage VMs/containers, create snapshots
Home Assistant Integration: Monitor service health, entity states, configuration, and error logs
System Monitoring: CPU, memory, disk usage on the host
⚠️ DANGER - READ THIS FIRST
This software grants AI models direct control over your network infrastructure. Use with extreme caution.
Critical Risks
AI Can Make Mistakes: Language models can misinterpret instructions, hallucinate requirements, or execute unintended actions. A simple request like "clean up unused containers" could result in critical services being stopped.
Destructive Actions Are Possible: At higher capability levels (3-4), the AI can:
Delete virtual machines and containers
Modify network configurations
Remove critical datasets or snapshots
Execute arbitrary commands in production systems
Overwrite docker-compose files, potentially causing data loss
No Undo Button: Once the AI executes a destructive action (deletes a VM, removes a dataset, stops a critical service), the damage is immediate and may be irreversible.
Network Security Implications: This server provides API access to your firewall, storage system, and virtualization platform. A compromised API key or misconfigured capability level could allow unauthorized control over your entire homelab.
Misunderstandings Happen: AI models may not fully understand your infrastructure's dependencies. Restarting one service could cascade into network-wide outages.
Recommendations
Start with Level 1 (Read-Only): Always begin with monitoring-only access and only increase capability levels when absolutely necessary.
Test in Development: If possible, test with non-production infrastructure first to understand how the AI interprets your requests.
Review Before Executing: At Level 2+, carefully review what actions the AI plans to take before confirming execution.
Keep Backups: Ensure you have recent backups of all critical systems before granting Level 3+ access.
Rotate Credentials: Regularly rotate API keys and OAuth credentials. Treat them as highly sensitive.
Monitor Logs: Watch the container logs to see what actions are being executed in real-time.
Use Network Segmentation: Consider running this server in a restricted network segment with limited access to critical infrastructure.
BY USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU UNDERSTAND THESE RISKS AND ACCEPT FULL RESPONSIBILITY FOR ANY ACTIONS TAKEN BY THE AI, INCLUDING DATA LOSS, SERVICE DISRUPTION, OR SECURITY INCIDENTS.
Quick Start
1. Prerequisites
Docker and Docker Compose installed on target host (Wharf)
OPNsense API credentials (optional)
TrueNAS API key (optional)
Node.js 20+ (for local development)
2. Setup
3. Configuration
Edit .env with your settings:
4. Build and Deploy
5. Configure Claude Desktop
Add to your Claude Desktop MCP settings:
Remote Access (Claude Chat)
For accessing the MCP server from Claude Chat (web interface), deploy with HTTP transport:
Set environment variables in
PORT=3000 API_KEY=your-generated-key CAPABILITY_LEVEL=1Deploy the container:
docker compose up -dConfigure reverse proxy (e.g., Traefik, Pangolin, nginx) to route
mcp.example.comtohttp://localhost:3000Add DNS record pointing
mcp.example.comto your serverIn Claude Chat, add the MCP server:
URL:
https://mcp.example.com/mcpAuthentication: Bearer token
Token: Your API_KEY value
OAuth 2.0 Authentication (for Claude Chat)
Claude Chat requires OAuth 2.0 for custom connectors. This server supports the Client Credentials flow.
Generate OAuth credentials:
# Generate client ID openssl rand -hex 32 # Generate client secret openssl rand -hex 32Add to
OAUTH_CLIENT_ID=your-generated-client-id OAUTH_CLIENT_SECRET=your-generated-client-secretIn Claude Chat, add the connector:
Name:
HomelabRemote MCP server URL:
https://mcp.example.com/mcpOAuth Client ID: Your generated client ID
OAuth Client Secret: Your generated client secret
The server will issue access tokens valid for 1 hour. Claude Chat handles token refresh automatically.
Endpoints
When running in HTTP mode:
Endpoint | Method | Auth | Description |
| GET | No | Health check, returns status and capability level |
| POST | No | OAuth 2.0 token endpoint |
| POST | Yes | MCP protocol endpoint |
| POST | Yes | Alias for /mcp |
Testing
Capability Levels
Level | Name | Capabilities |
1 | Monitor | Read-only: container status, logs, stats, system info, service health |
2 | Operate | Level 1 + start/stop/restart containers and services |
3 | Configure | Level 2 + read compose files, configs, volumes, networks |
4 | Manage | Level 3 + write configs, create/remove containers, exec commands |
Recommendation: Start with Level 1 and increase as needed.
Available Tools
Level 1 - Monitor
docker_list_containers- List all containersdocker_container_logs- Get container logsdocker_container_stats- Get container CPU/memory statssystem_info- Get host system infoopnsense_status- Get OPNsense statustruenas_status- Get TrueNAS pool statustruenas_alerts- Get TrueNAS alertsproxmox_status- Get Proxmox cluster statusproxmox_list_vms- List all VMs and containersproxmox_vm_status- Get VM/container statushome_assistant_status- Get Home Assistant version and entity countshome_assistant_list_entities- List all entities (lights, switches, sensors)home_assistant_get_entity- Get specific entity state and attributes
Level 2 - Operate
docker_restart_container- Restart a containerdocker_start_container- Start a containerdocker_stop_container- Stop a containeropnsense_service_restart- Restart OPNsense serviceproxmox_start_vm- Start a VM/containerproxmox_stop_vm- Stop a VM/containerproxmox_shutdown_vm- Gracefully shutdown a VM/containerproxmox_reboot_vm- Reboot a VM/container
Level 3 - Configure
docker_read_compose- Read docker-compose.ymldocker_list_volumes- List Docker volumesdocker_list_networks- List Docker networksdocker_inspect_container- Inspect container detailstruenas_list_datasets- List ZFS datasetstruenas_dataset_info- Get dataset detailsproxmox_vm_config- Get VM/container configurationproxmox_list_storage- List Proxmox storageproxmox_list_nodes- List cluster nodeshome_assistant_get_config- Get Home Assistant configurationhome_assistant_error_log- Get error log
Level 4 - Manage
docker_write_compose- Write docker-compose.ymldocker_compose_up- Deploy a stackdocker_compose_down- Remove a stackdocker_exec- Execute command in containertruenas_create_snapshot- Create ZFS snapshotproxmox_create_snapshot- Create VM/container snapshotproxmox_delete_vm- Delete a VM/container
Development
Security Notes
The API key should be kept secret and rotated periodically
Start with the lowest capability level you need
For Level 4, the
/opt/stacksmount must be:rwinstead of:roThe container requires access to the Docker socket for container management
OPNsense and TrueNAS APIs use self-signed certificates by default
Troubleshooting
Container won't start
Tools failing
Permission issues
If you need Level 4 (write access to stacks), update the volume mount:
License
MIT
Contributing
Issues and pull requests welcome!