copenhagen-a: document all live services in host_vars and docs

Audit of copenhagen-a found several running services not captured in host_vars: cloudflared, node_exporter (systemd), and MariaDB. Also found postgresql and redis running with no active consumers. Updated host_vars to list all services and added undocumented_services for the potentially unused ones. Updated docs with cloudflare tunnel, monitoring, and notes about stale Docker images to clean up. Closes PESO-100
2026-05-06 04:14:43 +00:00 · 2026-03-30 21:10:06 +00:00 · 2026-03-30 21:10:06 +00:00 · 978d7c2b34
commit 978d7c2b34
parent 0bcc53b01d
2 changed files with 46 additions and 1 deletions
--- a/ansible/inventory/host_vars/copenhagen-a.yml
+++ b/ansible/inventory/host_vars/copenhagen-a.yml
@ -7,6 +7,20 @@ docker_services:
  - minecraft

 # MaNGOS runs as systemd services, not Docker
+# MariaDB is the MaNGOS database backend (character, world, auth DBs)
+# cloudflared provides Cloudflare Tunnel access
 systemd_services:
  - mangos-realmd
  - mangos-world
+  - cloudflared
+  - node_exporter
+
+# MaNGOS database backend — managed by apt, not Ansible
+system_packages_services:
+  - mariadb
+
+# Installed but appear unused (only default/empty databases).
+# Likely leftover from old projects. Candidates for removal.
+undocumented_services:
+  - postgresql@14-main  # only template0/template1/postgres DBs
+  - redis-server        # no known consumers
--- a/docs/hosts/copenhagen-a.md
+++ b/docs/hosts/copenhagen-a.md
@ -42,7 +42,7 @@ WoW 1.12 (Vanilla) private server using the MaNGOS Zero emulator. Runs natively
 |---------|------|-----------|
 | mangos-realmd | 3724 | systemd |
 | mangos-world | 8085 | systemd |
-| MariaDB | 3306 | systemd |
+| MariaDB | 3306 | systemd (apt-managed) |

 - Runs as the `mangos` user
 - Install path: `/home/mangos/mangos/zero/`
@ -50,6 +50,37 @@ WoW 1.12 (Vanilla) private server using the MaNGOS Zero emulator. Runs natively

 Both `mangos-realmd` and `mangos-world` start automatically on boot via systemd.

+### Cloudflare Tunnel
+
+| | |
+|---|---|
+| Binary | `/usr/bin/cloudflared` |
+| Managed by | systemd |
+| Unit file | `ansible/services/systemd/copenhagen-a/cloudflared.service` |
+
+Provides Cloudflare Tunnel access to the host. Token-based authentication configured directly in the systemd unit.
+
+### Monitoring
+
+| Service | Port | Managed by |
+|---------|------|-----------|
+| node_exporter | 9100 | systemd (Ansible-managed) |
+
+Prometheus Node Exporter for host metrics. Installed and managed via the Ansible `node_exporter` role. Scraped by Prometheus on london-a via Tailscale.
+
+> **Note:** Stale Docker images for `prom/node-exporter` and `quay.io/prometheus/node-exporter` exist on the host from a previous Docker-based deployment. These should be cleaned up — the systemd service is the active one.
+
+### Potentially Unused Services
+
+The following services are running but have no known active consumers:
+
+| Service | Notes |
+|---------|-------|
+| PostgreSQL 14 | Only default databases (template0, template1, postgres). Likely leftover. |
+| Redis 6.0 | Running but no known application depends on it. |
+
+These are candidates for removal or investigation.
+
 ## Networking

 Connected directly to the ISP router's built-in switch. Symmetrical 500 Mbit connection — more than enough for game servers.