mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
docs: remove decommissioned Miniflux refs; fix status-page + minor drift
Miniflux was decommissioned (#127) but lingered in docs and, more importantly, in the status-page service map — which was probing a dead port (london-b:8181) and reporting Miniflux as permanently down. Drop it from update-status.sh and from every doc that still listed it. Also: - Annotate Nextcloud AIO as manually managed via its AIO mastercontainer (it's never been in this repo — clarifies why there's no service dir). - Add the apps.pez.sh dashboard row to services.md so it's no longer referenced in the Auth Summary without a table entry. - Make the secrets.md .enc.env examples generic placeholders instead of pointing at a service path that doesn't exist.
This commit is contained in:
parent
9d56a22c30
commit
a4e1e4175a
7 changed files with 6 additions and 12 deletions
|
|
@ -29,7 +29,6 @@ There is **no** per-host subdirectory — services are named by what they are, a
|
||||||
| navidrome | Docker | london-b | Music streaming |
|
| navidrome | Docker | london-b | Music streaming |
|
||||||
| bookshelf | Docker | london-b | Ebook/audiobook manager (Readarr revival) |
|
| bookshelf | Docker | london-b | Ebook/audiobook manager (Readarr revival) |
|
||||||
| slskd | Docker | london-b | Soulseek client |
|
| slskd | Docker | london-b | Soulseek client |
|
||||||
| miniflux | Docker | london-b | RSS reader (with postgres) |
|
|
||||||
| smartctl-exporter | Docker | london-b, copenhagen-a | SMART metrics |
|
| smartctl-exporter | Docker | london-b, copenhagen-a | SMART metrics |
|
||||||
| plex-exporter | Docker | london-b | Plex metrics |
|
| plex-exporter | Docker | london-b | Plex metrics |
|
||||||
| octopus-exporter | Docker | london-c | Octopus Energy metrics |
|
| octopus-exporter | Docker | london-c | Octopus Energy metrics |
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,6 @@ forward_auth localhost:9091 {
|
||||||
| Radarr, Sonarr, Lidarr, Bookshelf | Authelia | Media management |
|
| Radarr, Sonarr, Lidarr, Bookshelf | Authelia | Media management |
|
||||||
| Prowlarr, Transmission (download) | Authelia | Download tools |
|
| Prowlarr, Transmission (download) | Authelia | Download tools |
|
||||||
| slskd (Soulseek) | Authelia | P2P client |
|
| slskd (Soulseek) | Authelia | P2P client |
|
||||||
| Miniflux (RSS) | Authelia | RSS reader |
|
|
||||||
| Apps dashboard | Authelia | Internal apps page |
|
| Apps dashboard | Authelia | Internal apps page |
|
||||||
| Jellyfin, Plex | Own auth | Have built-in user management |
|
| Jellyfin, Plex | Own auth | Have built-in user management |
|
||||||
| Overseerr, Jellyseerr | Own auth | Have built-in user management |
|
| Overseerr, Jellyseerr | Own auth | Have built-in user management |
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,6 @@ SERVICE_MAP["100.84.65.101:8989"]="Sonarr"
|
||||||
SERVICE_MAP["100.84.65.101:9091"]="Transmission"
|
SERVICE_MAP["100.84.65.101:9091"]="Transmission"
|
||||||
SERVICE_MAP["100.84.65.101:9696"]="Prowlarr"
|
SERVICE_MAP["100.84.65.101:9696"]="Prowlarr"
|
||||||
SERVICE_MAP["localhost:9091"]="Authelia"
|
SERVICE_MAP["localhost:9091"]="Authelia"
|
||||||
SERVICE_MAP["100.84.65.101:8181"]="Miniflux"
|
|
||||||
SERVICE_MAP["localhost:3000"]="Forgejo"
|
SERVICE_MAP["localhost:3000"]="Forgejo"
|
||||||
|
|
||||||
# Desired display order
|
# Desired display order
|
||||||
|
|
@ -46,7 +45,6 @@ DISPLAY_ORDER=(
|
||||||
"100.84.65.101:8787"
|
"100.84.65.101:8787"
|
||||||
"100.84.65.101:9696"
|
"100.84.65.101:9696"
|
||||||
"100.84.65.101:9091"
|
"100.84.65.101:9091"
|
||||||
"100.84.65.101:8181"
|
|
||||||
"localhost:3000"
|
"localhost:3000"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,6 @@ RAIDZ1 tolerates one drive failure per vdev. With this many drives and this much
|
||||||
| Service | Port | URL |
|
| Service | Port | URL |
|
||||||
|---------|------|-----|
|
|---------|------|-----|
|
||||||
| Nextcloud AIO | 11000 | cloud.pez.sh (internal) |
|
| Nextcloud AIO | 11000 | cloud.pez.sh (internal) |
|
||||||
| Miniflux | 8181 | rss.pez.sh |
|
|
||||||
| slskd (Soulseek) | 5030 | soulseek.pez.sh |
|
| slskd (Soulseek) | 5030 | soulseek.pez.sh |
|
||||||
| Syncthing (`syncthing@pez`) | 8384 | (LAN / Tailscale) |
|
| Syncthing (`syncthing@pez`) | 8384 | (LAN / Tailscale) |
|
||||||
| Ollama | 11434 | (Tailscale) |
|
| Ollama | 11434 | (Tailscale) |
|
||||||
|
|
@ -96,7 +95,7 @@ The media automation suite and several supporting services run as native systemd
|
||||||
| node_exporter | prometheus-node-exporter | apt-managed |
|
| node_exporter | prometheus-node-exporter | apt-managed |
|
||||||
| Alloy | alloy | Grafana Alloy, fleet-managed config |
|
| Alloy | alloy | Grafana Alloy, fleet-managed config |
|
||||||
|
|
||||||
Docker services: Nextcloud AIO, Jellyseerr, Navidrome, slskd, Miniflux (with postgres sidecar), smartctl-exporter, plex-exporter.
|
Docker services: Nextcloud AIO (manually managed via AIO mastercontainer, not in this repo), Jellyseerr, Navidrome, slskd, smartctl-exporter, plex-exporter.
|
||||||
|
|
||||||
Snap: Overseerr (`latest/beta` channel).
|
Snap: Overseerr (`latest/beta` channel).
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -98,7 +98,6 @@ All subdomains are Cloudflare-proxied and terminate at helsinki-a. Hosts marked
|
||||||
| jellyfin.pez.sh / .solutions | london-b:8096 | Own auth |
|
| jellyfin.pez.sh / .solutions | london-b:8096 | Own auth |
|
||||||
| plex.pez.sh / .solutions | london-b:32400 | Own auth |
|
| plex.pez.sh / .solutions | london-b:32400 | Own auth |
|
||||||
| music.pez.sh | london-b:4533 (Navidrome) | Own auth |
|
| music.pez.sh | london-b:4533 (Navidrome) | Own auth |
|
||||||
| rss.pez.sh | london-b:8181 (Miniflux) | Authelia |
|
|
||||||
| request.pez.sh / .solutions | london-b:5055 (Jellyseerr) | Own auth |
|
| request.pez.sh / .solutions | london-b:5055 (Jellyseerr) | Own auth |
|
||||||
| jellyfin-requests.pez.sh / .solutions | london-b:5056 (Overseerr) | Own auth |
|
| jellyfin-requests.pez.sh / .solutions | london-b:5056 (Overseerr) | Own auth |
|
||||||
| radarr.pez.sh / .solutions | london-b:7878 | Authelia |
|
| radarr.pez.sh / .solutions | london-b:7878 | Authelia |
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ Encrypted files use `.enc.` in their extension:
|
||||||
|
|
||||||
```
|
```
|
||||||
services/authelia/config.enc.yml # encrypted YAML
|
services/authelia/config.enc.yml # encrypted YAML
|
||||||
services/miniflux/miniflux.enc.env # encrypted env file
|
services/<service>/<file>.enc.env # encrypted env file (convention)
|
||||||
terraform/secrets.enc.yaml # encrypted Terraform vars
|
terraform/secrets.enc.yaml # encrypted Terraform vars
|
||||||
ansible/group_vars/all/secrets.enc.yml
|
ansible/group_vars/all/secrets.enc.yml
|
||||||
```
|
```
|
||||||
|
|
@ -80,7 +80,7 @@ sops -d services/authelia/config.enc.yml
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# If you have a plaintext file you want to encrypt in-place:
|
# If you have a plaintext file you want to encrypt in-place:
|
||||||
sops -e -i services/miniflux/miniflux.enc.env
|
sops -e -i services/<service>/<file>.enc.env
|
||||||
```
|
```
|
||||||
|
|
||||||
### Add a new recipient
|
### Add a new recipient
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ Complete map of every service in the fleet — what it does, where it runs, how
|
||||||
| Bitwarden (Vaultwarden) | 8443, 8080 | Docker | Own auth | bitwarden.pez.sh |
|
| Bitwarden (Vaultwarden) | 8443, 8080 | Docker | Own auth | bitwarden.pez.sh |
|
||||||
| Bitwarden MariaDB | 3306 (internal) | Docker | — | (Vaultwarden backing DB) |
|
| Bitwarden MariaDB | 3306 (internal) | Docker | — | (Vaultwarden backing DB) |
|
||||||
| Forgejo | 3000 (HTTP), 2222 (SSH) | Docker | Own auth | git.pez.sh |
|
| Forgejo | 3000 (HTTP), 2222 (SSH) | Docker | Own auth | git.pez.sh |
|
||||||
|
| Apps dashboard | — | Static (`/srv/apps`, Caddy) | Authelia | apps.pez.sh |
|
||||||
|
|
||||||
Caddy is the single entry point for all public traffic and runs as a native apt-managed systemd service so it can bind 80/443 directly. Everything else on this host runs in Docker.
|
Caddy is the single entry point for all public traffic and runs as a native apt-managed systemd service so it can bind 80/443 directly. Everything else on this host runs in Docker.
|
||||||
|
|
||||||
|
|
@ -52,8 +53,7 @@ The arr stack pipeline: Jellyseerr/Overseerr accept requests → Radarr/Sonarr/L
|
||||||
|
|
||||||
| Service | Port | Deployment | Auth | URL |
|
| Service | Port | Deployment | Auth | URL |
|
||||||
|---------|------|-----------|------|-----|
|
|---------|------|-----------|------|-----|
|
||||||
| Nextcloud AIO | 11000 | Docker | Own auth | cloud.pez.sh (internal/Tailscale) |
|
| Nextcloud AIO | 11000 | Docker (manually managed via AIO mastercontainer — not in this repo) | Own auth | cloud.pez.sh (internal/Tailscale) |
|
||||||
| Miniflux | 8181 | Docker (with postgres sidecar) | Authelia | rss.pez.sh |
|
|
||||||
| slskd (Soulseek) | 5030 | Docker | Authelia | soulseek.pez.sh |
|
| slskd (Soulseek) | 5030 | Docker | Authelia | soulseek.pez.sh |
|
||||||
| Syncthing (`syncthing@pez`) | 8384 | Native (apt) | Own auth | (LAN/Tailscale only) |
|
| Syncthing (`syncthing@pez`) | 8384 | Native (apt) | Own auth | (LAN/Tailscale only) |
|
||||||
| Samba (`smbd`) | 445 | Native (apt) | Local users | (LAN/Tailscale only) |
|
| Samba (`smbd`) | 445 | Native (apt) | Local users | (LAN/Tailscale only) |
|
||||||
|
|
@ -129,7 +129,7 @@ Plus host-specific exporters (smartctl, plex, octopus) called out above. See [mo
|
||||||
Services fall into two categories:
|
Services fall into two categories:
|
||||||
|
|
||||||
**Behind Authelia** (SSO via Caddy `forward_auth`):
|
**Behind Authelia** (SSO via Caddy `forward_auth`):
|
||||||
- Radarr, Sonarr, Lidarr, Bookshelf, Prowlarr, Transmission, Soulseek, Miniflux, apps.pez.sh
|
- Radarr, Sonarr, Lidarr, Bookshelf, Prowlarr, Transmission, Soulseek, apps.pez.sh
|
||||||
|
|
||||||
**Own auth** (handle login themselves):
|
**Own auth** (handle login themselves):
|
||||||
- Bitwarden, Forgejo, Plex, Jellyfin, Navidrome, Jellyseerr, Overseerr, Proxmox, poste.io
|
- Bitwarden, Forgejo, Plex, Jellyfin, Navidrome, Jellyseerr, Overseerr, Proxmox, poste.io
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue