pez-infra/ansible/services/README.md
Rasmus Wejlgaard a4e1e4175a docs: remove decommissioned Miniflux refs; fix status-page + minor drift
Miniflux was decommissioned (#127) but lingered in docs and, more
importantly, in the status-page service map — which was probing a dead
port (london-b:8181) and reporting Miniflux as permanently down. Drop it
from update-status.sh and from every doc that still listed it.

Also:
- Annotate Nextcloud AIO as manually managed via its AIO mastercontainer
  (it's never been in this repo — clarifies why there's no service dir).
- Add the apps.pez.sh dashboard row to services.md so it's no longer
  referenced in the Auth Summary without a table entry.
- Make the secrets.md .enc.env examples generic placeholders instead of
  pointing at a service path that doesn't exist.
2026-06-09 19:44:58 +01:00

2.9 KiB

Services

Version-controlled service definitions across the fleet. Each subdirectory is a single deployable unit — either a Docker Compose stack, a systemd unit, or a static config file set — that the Ansible roles in ansible/roles/ pick up and deploy.

Layout

services/
├── <service-name>/
│   ├── docker-compose.yml      # Docker services
│   ├── <service>.service       # Native systemd unit (when applicable)
│   ├── config/                 # Mounted/copied config files
│   ├── *.enc.{yml,yaml,env}    # SOPS-encrypted secrets
│   └── README.md               # Service-specific notes (where relevant)

There is no per-host subdirectory — services are named by what they are, and the host they land on is decided by docker_services / systemd_services lists in ansible/inventory/host_vars/<host>.yml.

Service inventory

Service Type Host(s) Notes
caddy Native (apt) helsinki-a Reverse proxy. Caddyfile lives here.
authelia Docker helsinki-a SSO, plus MariaDB and LLDAP sidecars
bitwarden Docker helsinki-a Vaultwarden + MariaDB
forgejo Docker helsinki-a Git forge
poste-io Docker nuremberg-a Mail
jellyseerr Docker london-b Plex request manager
navidrome Docker london-b Music streaming
bookshelf Docker london-b Ebook/audiobook manager (Readarr revival)
slskd Docker london-b Soulseek client
smartctl-exporter Docker london-b, copenhagen-a SMART metrics
plex-exporter Docker london-b Plex metrics
octopus-exporter Docker london-c Octopus Energy metrics
minecraft Docker copenhagen-a PaperMC server
radarr / sonarr / lidarr / prowlarr / whisparr systemd london-b *Arr stack (systemd unit files here)
transmission systemd london-b Config files (the daemon itself is apt)
samba / vsftpd systemd london-b File-sharing config
ollama systemd london-b Custom unit + binary install
mangos-realmd / mangos-world / mangos-zero systemd copenhagen-a MaNGOS WoW server
promtail systemd (currently unused; historical) Log shipper, replaced by Alloy
status-page Cron script helsinki-a update-status.sh writes /srv/status
rc.d FreeBSD rc.conf (historical) Snapshot of london-a's old FreeBSD setup

Conventions

  • Compose stacks live at <service>/docker-compose.yml and are deployed to /opt/docker/<service>/ on the target host.
  • Systemd units are copied to /etc/systemd/system/<service>.service by the media_stack or systemd_services role.
  • Secrets are SOPS-encrypted (*.enc.yml) and decrypted into place at deploy time.

Adding a new service

See docs/getting-started.md for the end-to-end flow (compose → host_vars → Caddy → DNS → docs).