mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
Bookshelf (PR #122) is a Readarr revival and now owns port 8787 on london-b, so the old custom Readarr systemd unit is removed: - drop readarr from the media_stack role's unit-deploy and enable loops, and add an idempotent decommission task (stop, disable, remove unit) so the host tears it down via Ansible rather than ad-hoc SSH - delete services/readarr/readarr.service - update docs (services, london-b host, service inventory) to describe bookshelf as a Docker service instead of a custom systemd unit The public readarr.pez.sh hostname is kept and now reverse-proxies to bookshelf on :8787 — DNS, Caddy and Authelia (pez_readarr_users group) are unchanged.
54 lines
2.9 KiB
Markdown
54 lines
2.9 KiB
Markdown
# Services
|
|
|
|
Version-controlled service definitions across the fleet. Each subdirectory is a single deployable unit — either a Docker Compose stack, a systemd unit, or a static config file set — that the Ansible roles in `ansible/roles/` pick up and deploy.
|
|
|
|
## Layout
|
|
|
|
```
|
|
services/
|
|
├── <service-name>/
|
|
│ ├── docker-compose.yml # Docker services
|
|
│ ├── <service>.service # Native systemd unit (when applicable)
|
|
│ ├── config/ # Mounted/copied config files
|
|
│ ├── *.enc.{yml,yaml,env} # SOPS-encrypted secrets
|
|
│ └── README.md # Service-specific notes (where relevant)
|
|
```
|
|
|
|
There is **no** per-host subdirectory — services are named by what they are, and the host they land on is decided by `docker_services` / `systemd_services` lists in `ansible/inventory/host_vars/<host>.yml`.
|
|
|
|
## Service inventory
|
|
|
|
| Service | Type | Host(s) | Notes |
|
|
|---|---|---|---|
|
|
| caddy | Native (apt) | helsinki-a | Reverse proxy. Caddyfile lives here. |
|
|
| authelia | Docker | helsinki-a | SSO, plus MariaDB and LLDAP sidecars |
|
|
| bitwarden | Docker | helsinki-a | Vaultwarden + MariaDB |
|
|
| forgejo | Docker | helsinki-a | Git forge |
|
|
| poste-io | Docker | nuremberg-a | Mail |
|
|
| jellyseerr | Docker | london-b | Plex request manager |
|
|
| navidrome | Docker | london-b | Music streaming |
|
|
| bookshelf | Docker | london-b | Ebook/audiobook manager (Readarr revival) |
|
|
| slskd | Docker | london-b | Soulseek client |
|
|
| miniflux | Docker | london-b | RSS reader (with postgres) |
|
|
| smartctl-exporter | Docker | london-b, copenhagen-a | SMART metrics |
|
|
| plex-exporter | Docker | london-b | Plex metrics |
|
|
| octopus-exporter | Docker | london-c | Octopus Energy metrics |
|
|
| minecraft | Docker | copenhagen-a | PaperMC server |
|
|
| radarr / sonarr / lidarr / prowlarr / whisparr | systemd | london-b | *Arr stack (systemd unit files here) |
|
|
| transmission | systemd | london-b | Config files (the daemon itself is apt) |
|
|
| samba / vsftpd | systemd | london-b | File-sharing config |
|
|
| ollama | systemd | london-b | Custom unit + binary install |
|
|
| mangos-realmd / mangos-world / mangos-zero | systemd | copenhagen-a | MaNGOS WoW server |
|
|
| promtail | systemd | (currently unused; historical) | Log shipper, replaced by Alloy |
|
|
| status-page | Cron script | helsinki-a | `update-status.sh` writes `/srv/status` |
|
|
| rc.d | FreeBSD rc.conf | (historical) | Snapshot of london-a's old FreeBSD setup |
|
|
|
|
## Conventions
|
|
|
|
- **Compose stacks** live at `<service>/docker-compose.yml` and are deployed to `/opt/docker/<service>/` on the target host.
|
|
- **Systemd units** are copied to `/etc/systemd/system/<service>.service` by the `media_stack` or `systemd_services` role.
|
|
- **Secrets** are SOPS-encrypted (`*.enc.yml`) and decrypted into place at deploy time.
|
|
|
|
## Adding a new service
|
|
|
|
See [docs/getting-started.md](../../docs/getting-started.md#adding-a-new-service) for the end-to-end flow (compose → host_vars → Caddy → DNS → docs).
|