RWejlgaard/pez-docs
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-docs.git synced 2026-05-06 03:34:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
pez-docs/locations/helsinki.md
Rasmus Wejlgaard 4508f740e5 Update documentation for current setup 
- Update locations/london.md with current server state (london-a FreeBSD monitoring, london-b Ubuntu/ZFS storage, london-c offline)
- Update locations/copenhagen.md with current servers (copenhagen-a Minecraft+WoW, copenhagen-b offline, copenhagen-c general)
- Add locations/helsinki.md documenting helsinki-a (Caddy gateway, Authelia, Bitwarden, LDAP) and nuremberg-a (mail/poste.io)
- Add workloads/jellyfin, navidrome, nextcloud, arr-stack, minecraft, wow, mail, monitoring, bitwarden, authelia
- Add principles/zfs documenting the london-b ZFS pool setup
- Add principles/caddy documenting the reverse proxy setup on helsinki-a
- Update introduction.md to mention all locations
2026-03-04 09:41:57 +00:00

51 lines
2 KiB
Markdown
Raw Permalink Blame History

# Helsinki / Nuremberg
These are my Hetzner Cloud servers — the public-facing edge of the infrastructure.
## Servers
### helsinki-a
Primary public-facing server. Runs Ubuntu/Debian on Hetzner Cloud. Tailscale IP: 100.67.6.27. Uptime: 182+ days. Disk at ~50%.
This is the traffic gateway for everything exposed to the internet. All public subdomains terminate here via Caddy, which proxies traffic back to the appropriate server over Tailscale.
Runs:
- Caddy (reverse proxy — see [principles/caddy](../principles/caddy))
- Authelia (SSO — see [workloads/authelia](../workloads/authelia))
- Bitwarden (self-hosted — see [workloads/bitwarden](../workloads/bitwarden))
- LDAP (user directory, used by Authelia)
### nuremberg-a
Dedicated mail server. Runs Debian on Hetzner Cloud. Tailscale IP: 100.117.235.28. Disk at ~25%.
Runs:
- poste.io (full mail stack in Docker)
Handles inbound and outbound mail for pez.sh. DNS records (MX, SPF, DKIM, DMARC) managed via Cloudflare.
## Public Services
All subdomains are DNS-proxied through Cloudflare and terminate at helsinki-a. Traffic is forwarded over Tailscale to the appropriate backend server.
| Subdomain | Backend | Auth |
|---|---|---|
| auth.pez.sh | helsinki-a:9091 | — |
| bitwarden.pez.sh | helsinki-a:8443 | — |
| status.pez.sh | helsinki-a:/srv/status | — |
| apps.pez.sh | helsinki-a:/srv/apps | Authelia |
| grafana.pez.sh | london-a:3000 | Authelia |
| prometheus.pez.sh | london-a:9090 | Authelia |
| jellyfin.pez.sh | london-b:8096 | — |
| plex.pez.sh | london-b:32400 | — |
| request.pez.sh | london-b:5055 | — |
| cloud.pez.sh | london-b:11000 | — |
| music.pez.sh | london-b:4533 | — |
| radarr.pez.sh | london-b:7878 | Authelia |
| sonarr.pez.sh | london-b:8989 | Authelia |
| lidarr.pez.sh | london-b:8686 | Authelia |
| readarr.pez.sh | london-b:8787 | Authelia |
| prowlarr.pez.sh | london-b:9696 | Authelia |
| soulseek.pez.sh | london-b:5030 | Authelia |
| download.pez.sh | london-b:9091 | Authelia |
Reference in a new issue View git blame Copy permalink