docs: remove decommissioned Miniflux refs; fix status-page + minor drift

Miniflux was decommissioned (#127) but lingered in docs and, more
importantly, in the status-page service map — which was probing a dead
port (london-b:8181) and reporting Miniflux as permanently down. Drop it
from update-status.sh and from every doc that still listed it.

Also:
- Annotate Nextcloud AIO as manually managed via its AIO mastercontainer
  (it's never been in this repo — clarifies why there's no service dir).
- Add the apps.pez.sh dashboard row to services.md so it's no longer
  referenced in the Auth Summary without a table entry.
- Make the secrets.md .enc.env examples generic placeholders instead of
  pointing at a service path that doesn't exist.
This commit is contained in:
Rasmus Wejlgaard 2026-06-09 19:44:58 +01:00
parent 9d56a22c30
commit a4e1e4175a
7 changed files with 6 additions and 12 deletions

View file

@ -29,7 +29,6 @@ There is **no** per-host subdirectory — services are named by what they are, a
| navidrome | Docker | london-b | Music streaming | | navidrome | Docker | london-b | Music streaming |
| bookshelf | Docker | london-b | Ebook/audiobook manager (Readarr revival) | | bookshelf | Docker | london-b | Ebook/audiobook manager (Readarr revival) |
| slskd | Docker | london-b | Soulseek client | | slskd | Docker | london-b | Soulseek client |
| miniflux | Docker | london-b | RSS reader (with postgres) |
| smartctl-exporter | Docker | london-b, copenhagen-a | SMART metrics | | smartctl-exporter | Docker | london-b, copenhagen-a | SMART metrics |
| plex-exporter | Docker | london-b | Plex metrics | | plex-exporter | Docker | london-b | Plex metrics |
| octopus-exporter | Docker | london-c | Octopus Energy metrics | | octopus-exporter | Docker | london-c | Octopus Energy metrics |

View file

@ -80,7 +80,6 @@ forward_auth localhost:9091 {
| Radarr, Sonarr, Lidarr, Bookshelf | Authelia | Media management | | Radarr, Sonarr, Lidarr, Bookshelf | Authelia | Media management |
| Prowlarr, Transmission (download) | Authelia | Download tools | | Prowlarr, Transmission (download) | Authelia | Download tools |
| slskd (Soulseek) | Authelia | P2P client | | slskd (Soulseek) | Authelia | P2P client |
| Miniflux (RSS) | Authelia | RSS reader |
| Apps dashboard | Authelia | Internal apps page | | Apps dashboard | Authelia | Internal apps page |
| Jellyfin, Plex | Own auth | Have built-in user management | | Jellyfin, Plex | Own auth | Have built-in user management |
| Overseerr, Jellyseerr | Own auth | Have built-in user management | | Overseerr, Jellyseerr | Own auth | Have built-in user management |

View file

@ -25,7 +25,6 @@ SERVICE_MAP["100.84.65.101:8989"]="Sonarr"
SERVICE_MAP["100.84.65.101:9091"]="Transmission" SERVICE_MAP["100.84.65.101:9091"]="Transmission"
SERVICE_MAP["100.84.65.101:9696"]="Prowlarr" SERVICE_MAP["100.84.65.101:9696"]="Prowlarr"
SERVICE_MAP["localhost:9091"]="Authelia" SERVICE_MAP["localhost:9091"]="Authelia"
SERVICE_MAP["100.84.65.101:8181"]="Miniflux"
SERVICE_MAP["localhost:3000"]="Forgejo" SERVICE_MAP["localhost:3000"]="Forgejo"
# Desired display order # Desired display order
@ -46,7 +45,6 @@ DISPLAY_ORDER=(
"100.84.65.101:8787" "100.84.65.101:8787"
"100.84.65.101:9696" "100.84.65.101:9696"
"100.84.65.101:9091" "100.84.65.101:9091"
"100.84.65.101:8181"
"localhost:3000" "localhost:3000"
) )

View file

@ -67,7 +67,6 @@ RAIDZ1 tolerates one drive failure per vdev. With this many drives and this much
| Service | Port | URL | | Service | Port | URL |
|---------|------|-----| |---------|------|-----|
| Nextcloud AIO | 11000 | cloud.pez.sh (internal) | | Nextcloud AIO | 11000 | cloud.pez.sh (internal) |
| Miniflux | 8181 | rss.pez.sh |
| slskd (Soulseek) | 5030 | soulseek.pez.sh | | slskd (Soulseek) | 5030 | soulseek.pez.sh |
| Syncthing (`syncthing@pez`) | 8384 | (LAN / Tailscale) | | Syncthing (`syncthing@pez`) | 8384 | (LAN / Tailscale) |
| Ollama | 11434 | (Tailscale) | | Ollama | 11434 | (Tailscale) |
@ -96,7 +95,7 @@ The media automation suite and several supporting services run as native systemd
| node_exporter | prometheus-node-exporter | apt-managed | | node_exporter | prometheus-node-exporter | apt-managed |
| Alloy | alloy | Grafana Alloy, fleet-managed config | | Alloy | alloy | Grafana Alloy, fleet-managed config |
Docker services: Nextcloud AIO, Jellyseerr, Navidrome, slskd, Miniflux (with postgres sidecar), smartctl-exporter, plex-exporter. Docker services: Nextcloud AIO (manually managed via AIO mastercontainer, not in this repo), Jellyseerr, Navidrome, slskd, smartctl-exporter, plex-exporter.
Snap: Overseerr (`latest/beta` channel). Snap: Overseerr (`latest/beta` channel).

View file

@ -98,7 +98,6 @@ All subdomains are Cloudflare-proxied and terminate at helsinki-a. Hosts marked
| jellyfin.pez.sh / .solutions | london-b:8096 | Own auth | | jellyfin.pez.sh / .solutions | london-b:8096 | Own auth |
| plex.pez.sh / .solutions | london-b:32400 | Own auth | | plex.pez.sh / .solutions | london-b:32400 | Own auth |
| music.pez.sh | london-b:4533 (Navidrome) | Own auth | | music.pez.sh | london-b:4533 (Navidrome) | Own auth |
| rss.pez.sh | london-b:8181 (Miniflux) | Authelia |
| request.pez.sh / .solutions | london-b:5055 (Jellyseerr) | Own auth | | request.pez.sh / .solutions | london-b:5055 (Jellyseerr) | Own auth |
| jellyfin-requests.pez.sh / .solutions | london-b:5056 (Overseerr) | Own auth | | jellyfin-requests.pez.sh / .solutions | london-b:5056 (Overseerr) | Own auth |
| radarr.pez.sh / .solutions | london-b:7878 | Authelia | | radarr.pez.sh / .solutions | london-b:7878 | Authelia |

View file

@ -14,7 +14,7 @@ Encrypted files use `.enc.` in their extension:
``` ```
services/authelia/config.enc.yml # encrypted YAML services/authelia/config.enc.yml # encrypted YAML
services/miniflux/miniflux.enc.env # encrypted env file services/<service>/<file>.enc.env # encrypted env file (convention)
terraform/secrets.enc.yaml # encrypted Terraform vars terraform/secrets.enc.yaml # encrypted Terraform vars
ansible/group_vars/all/secrets.enc.yml ansible/group_vars/all/secrets.enc.yml
``` ```
@ -80,7 +80,7 @@ sops -d services/authelia/config.enc.yml
```bash ```bash
# If you have a plaintext file you want to encrypt in-place: # If you have a plaintext file you want to encrypt in-place:
sops -e -i services/miniflux/miniflux.enc.env sops -e -i services/<service>/<file>.enc.env
``` ```
### Add a new recipient ### Add a new recipient

View file

@ -13,6 +13,7 @@ Complete map of every service in the fleet — what it does, where it runs, how
| Bitwarden (Vaultwarden) | 8443, 8080 | Docker | Own auth | bitwarden.pez.sh | | Bitwarden (Vaultwarden) | 8443, 8080 | Docker | Own auth | bitwarden.pez.sh |
| Bitwarden MariaDB | 3306 (internal) | Docker | — | (Vaultwarden backing DB) | | Bitwarden MariaDB | 3306 (internal) | Docker | — | (Vaultwarden backing DB) |
| Forgejo | 3000 (HTTP), 2222 (SSH) | Docker | Own auth | git.pez.sh | | Forgejo | 3000 (HTTP), 2222 (SSH) | Docker | Own auth | git.pez.sh |
| Apps dashboard | — | Static (`/srv/apps`, Caddy) | Authelia | apps.pez.sh |
Caddy is the single entry point for all public traffic and runs as a native apt-managed systemd service so it can bind 80/443 directly. Everything else on this host runs in Docker. Caddy is the single entry point for all public traffic and runs as a native apt-managed systemd service so it can bind 80/443 directly. Everything else on this host runs in Docker.
@ -52,8 +53,7 @@ The arr stack pipeline: Jellyseerr/Overseerr accept requests → Radarr/Sonarr/L
| Service | Port | Deployment | Auth | URL | | Service | Port | Deployment | Auth | URL |
|---------|------|-----------|------|-----| |---------|------|-----------|------|-----|
| Nextcloud AIO | 11000 | Docker | Own auth | cloud.pez.sh (internal/Tailscale) | | Nextcloud AIO | 11000 | Docker (manually managed via AIO mastercontainer — not in this repo) | Own auth | cloud.pez.sh (internal/Tailscale) |
| Miniflux | 8181 | Docker (with postgres sidecar) | Authelia | rss.pez.sh |
| slskd (Soulseek) | 5030 | Docker | Authelia | soulseek.pez.sh | | slskd (Soulseek) | 5030 | Docker | Authelia | soulseek.pez.sh |
| Syncthing (`syncthing@pez`) | 8384 | Native (apt) | Own auth | (LAN/Tailscale only) | | Syncthing (`syncthing@pez`) | 8384 | Native (apt) | Own auth | (LAN/Tailscale only) |
| Samba (`smbd`) | 445 | Native (apt) | Local users | (LAN/Tailscale only) | | Samba (`smbd`) | 445 | Native (apt) | Local users | (LAN/Tailscale only) |
@ -129,7 +129,7 @@ Plus host-specific exporters (smartctl, plex, octopus) called out above. See [mo
Services fall into two categories: Services fall into two categories:
**Behind Authelia** (SSO via Caddy `forward_auth`): **Behind Authelia** (SSO via Caddy `forward_auth`):
- Radarr, Sonarr, Lidarr, Bookshelf, Prowlarr, Transmission, Soulseek, Miniflux, apps.pez.sh - Radarr, Sonarr, Lidarr, Bookshelf, Prowlarr, Transmission, Soulseek, apps.pez.sh
**Own auth** (handle login themselves): **Own auth** (handle login themselves):
- Bitwarden, Forgejo, Plex, Jellyfin, Navidrome, Jellyseerr, Overseerr, Proxmox, poste.io - Bitwarden, Forgejo, Plex, Jellyfin, Navidrome, Jellyseerr, Overseerr, Proxmox, poste.io