docs: remove decommissioned Miniflux refs; fix status-page + minor drift (#129)
Some checks failed
Deploy (on merge) / Discover hosts (push) Has been cancelled
Deploy (on merge) / deploy (push) Has been cancelled

This commit is contained in:
Rasmus Wejlgaard 2026-06-09 19:49:16 +01:00 committed by GitHub
parent 9d56a22c30
commit 0c00a3cb4d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 6 additions and 12 deletions

View file

@ -29,7 +29,6 @@ There is **no** per-host subdirectory — services are named by what they are, a
| navidrome | Docker | london-b | Music streaming |
| bookshelf | Docker | london-b | Ebook/audiobook manager (Readarr revival) |
| slskd | Docker | london-b | Soulseek client |
| miniflux | Docker | london-b | RSS reader (with postgres) |
| smartctl-exporter | Docker | london-b, copenhagen-a | SMART metrics |
| plex-exporter | Docker | london-b | Plex metrics |
| octopus-exporter | Docker | london-c | Octopus Energy metrics |

View file

@ -80,7 +80,6 @@ forward_auth localhost:9091 {
| Radarr, Sonarr, Lidarr, Bookshelf | Authelia | Media management |
| Prowlarr, Transmission (download) | Authelia | Download tools |
| slskd (Soulseek) | Authelia | P2P client |
| Miniflux (RSS) | Authelia | RSS reader |
| Apps dashboard | Authelia | Internal apps page |
| Jellyfin, Plex | Own auth | Have built-in user management |
| Overseerr, Jellyseerr | Own auth | Have built-in user management |

View file

@ -25,7 +25,6 @@ SERVICE_MAP["100.84.65.101:8989"]="Sonarr"
SERVICE_MAP["100.84.65.101:9091"]="Transmission"
SERVICE_MAP["100.84.65.101:9696"]="Prowlarr"
SERVICE_MAP["localhost:9091"]="Authelia"
SERVICE_MAP["100.84.65.101:8181"]="Miniflux"
SERVICE_MAP["localhost:3000"]="Forgejo"
# Desired display order
@ -46,7 +45,6 @@ DISPLAY_ORDER=(
"100.84.65.101:8787"
"100.84.65.101:9696"
"100.84.65.101:9091"
"100.84.65.101:8181"
"localhost:3000"
)

View file

@ -67,7 +67,6 @@ RAIDZ1 tolerates one drive failure per vdev. With this many drives and this much
| Service | Port | URL |
|---------|------|-----|
| Nextcloud AIO | 11000 | cloud.pez.sh (internal) |
| Miniflux | 8181 | rss.pez.sh |
| slskd (Soulseek) | 5030 | soulseek.pez.sh |
| Syncthing (`syncthing@pez`) | 8384 | (LAN / Tailscale) |
| Ollama | 11434 | (Tailscale) |
@ -96,7 +95,7 @@ The media automation suite and several supporting services run as native systemd
| node_exporter | prometheus-node-exporter | apt-managed |
| Alloy | alloy | Grafana Alloy, fleet-managed config |
Docker services: Nextcloud AIO, Jellyseerr, Navidrome, slskd, Miniflux (with postgres sidecar), smartctl-exporter, plex-exporter.
Docker services: Nextcloud AIO (manually managed via AIO mastercontainer, not in this repo), Jellyseerr, Navidrome, slskd, smartctl-exporter, plex-exporter.
Snap: Overseerr (`latest/beta` channel).

View file

@ -98,7 +98,6 @@ All subdomains are Cloudflare-proxied and terminate at helsinki-a. Hosts marked
| jellyfin.pez.sh / .solutions | london-b:8096 | Own auth |
| plex.pez.sh / .solutions | london-b:32400 | Own auth |
| music.pez.sh | london-b:4533 (Navidrome) | Own auth |
| rss.pez.sh | london-b:8181 (Miniflux) | Authelia |
| request.pez.sh / .solutions | london-b:5055 (Jellyseerr) | Own auth |
| jellyfin-requests.pez.sh / .solutions | london-b:5056 (Overseerr) | Own auth |
| radarr.pez.sh / .solutions | london-b:7878 | Authelia |

View file

@ -14,7 +14,7 @@ Encrypted files use `.enc.` in their extension:
```
services/authelia/config.enc.yml # encrypted YAML
services/miniflux/miniflux.enc.env # encrypted env file
services/<service>/<file>.enc.env # encrypted env file (convention)
terraform/secrets.enc.yaml # encrypted Terraform vars
ansible/group_vars/all/secrets.enc.yml
```
@ -80,7 +80,7 @@ sops -d services/authelia/config.enc.yml
```bash
# If you have a plaintext file you want to encrypt in-place:
sops -e -i services/miniflux/miniflux.enc.env
sops -e -i services/<service>/<file>.enc.env
```
### Add a new recipient

View file

@ -13,6 +13,7 @@ Complete map of every service in the fleet — what it does, where it runs, how
| Bitwarden (Vaultwarden) | 8443, 8080 | Docker | Own auth | bitwarden.pez.sh |
| Bitwarden MariaDB | 3306 (internal) | Docker | — | (Vaultwarden backing DB) |
| Forgejo | 3000 (HTTP), 2222 (SSH) | Docker | Own auth | git.pez.sh |
| Apps dashboard | — | Static (`/srv/apps`, Caddy) | Authelia | apps.pez.sh |
Caddy is the single entry point for all public traffic and runs as a native apt-managed systemd service so it can bind 80/443 directly. Everything else on this host runs in Docker.
@ -52,8 +53,7 @@ The arr stack pipeline: Jellyseerr/Overseerr accept requests → Radarr/Sonarr/L
| Service | Port | Deployment | Auth | URL |
|---------|------|-----------|------|-----|
| Nextcloud AIO | 11000 | Docker | Own auth | cloud.pez.sh (internal/Tailscale) |
| Miniflux | 8181 | Docker (with postgres sidecar) | Authelia | rss.pez.sh |
| Nextcloud AIO | 11000 | Docker (manually managed via AIO mastercontainer — not in this repo) | Own auth | cloud.pez.sh (internal/Tailscale) |
| slskd (Soulseek) | 5030 | Docker | Authelia | soulseek.pez.sh |
| Syncthing (`syncthing@pez`) | 8384 | Native (apt) | Own auth | (LAN/Tailscale only) |
| Samba (`smbd`) | 445 | Native (apt) | Local users | (LAN/Tailscale only) |
@ -129,7 +129,7 @@ Plus host-specific exporters (smartctl, plex, octopus) called out above. See [mo
Services fall into two categories:
**Behind Authelia** (SSO via Caddy `forward_auth`):
- Radarr, Sonarr, Lidarr, Bookshelf, Prowlarr, Transmission, Soulseek, Miniflux, apps.pez.sh
- Radarr, Sonarr, Lidarr, Bookshelf, Prowlarr, Transmission, Soulseek, apps.pez.sh
**Own auth** (handle login themselves):
- Bitwarden, Forgejo, Plex, Jellyfin, Navidrome, Jellyseerr, Overseerr, Proxmox, poste.io