Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
268df30a13e7aa946954bde9f5f7faaed4ed4984
homelab-infra/ops/hermes-agent/services.json
T

481 lines
18 KiB
JSON
Raw Blame History

{
"meta": {
"dump_base": "/mnt/user/backups/borg/dumps/latest",
"appdata_base": "/mnt/user/appdata",
"secrets_path": "/mnt/user/appdata/secrets"
},
"services": {
"traefik": {
"description": "Zentraler Reverse Proxy, TLS, Docker-Label-Routing",
"tier": 1,
"category": "core",
"container_name": "traefik",
"dependencies": [],
"url": "https://traefik.kaleschke.info",
"dump_file": null,
"data_paths": ["/mnt/user/appdata/traefik/dynamic", "/mnt/user/appdata/traefik/letsencrypt"],
"first_check": "Host-Ports 80/443 erreichbar? dynamic/ korrekt auf Host synchronisiert?",
"notes": "dynamic configs werden NICHT automatisch von Komodo deployed — manueller Host-Sync noetig"
},
"adguard": {
"description": "DNS-Server / LAN DNS",
"tier": 1,
"category": "core",
"container_name": "adguard",
"dependencies": ["unbound"],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/adguard/conf", "/mnt/user/appdata/adguard/work"],
"first_check": "Port 53 erreichbar? Unbound healthy? dns_net Konnektivitaet?",
"notes": "Ports 53 und 8082 dokumentierte Host-Port-Ausnahmen"
},
"unbound": {
"description": "Upstream DNS Resolver fuer AdGuard",
"tier": 1,
"category": "core",
"container_name": "unbound",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/unbound/config"],
"first_check": "dns_net Konnektivitaet pruefen; Container-Logs auf Fehler pruefen",
"notes": "rebuildbar; isoliert in dns_net"
},
"tailscale": {
"description": "VPN / Remote-Zugang",
"tier": 1,
"category": "core",
"container_name": "tailscale",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/tailscale"],
"first_check": "Tailscale Status auf Host pruefen; State-Datei fuer Key-Renewal vorhanden?",
"notes": "network_mode: host; NET_ADMIN, NET_RAW, /dev/net/tun — dokumentierte VPN-Ausnahmen"
},
"gitea": {
"description": "Git-Server — operative Quelle der Wahrheit fuer GitOps",
"tier": 1,
"category": "core",
"container_name": "gitea",
"dependencies": ["traefik"],
"url": "https://git.kaleschke.info",
"dump_file": null,
"data_paths": ["/mnt/user/services/gitea/data"],
"first_check": "HTTPS erreichbar? SQLite in /data intakt? SSH-Port 222 erreichbar?",
"notes": "SQLite in /data — kein separater Dump; ohne externen Mirror im DR kritisch"
},
"authelia": {
"description": "ForwardAuth — zentrale Authentifizierung fuer Admin-UIs",
"tier": 1,
"category": "security",
"container_name": "authelia",
"dependencies": ["postgresql17", "traefik"],
"url": "https://auth.kaleschke.info",
"dump_file": "postgresql17-authelia.dump",
"data_paths": ["/mnt/user/appdata/authelia/config"],
"first_check": "PostgreSQL healthy? SMTP via GMX erreichbar? Host-Config aktuell (Repo-Baseline != Host)?",
"notes": "kein Redis-Session-Backend; SMTP-Notifier GMX; Repo-Baseline muss manuell in Host-Config gemerged werden"
},
"vaultwarden": {
"description": "Passwort-Tresor",
"tier": 1,
"category": "security",
"container_name": "vaultwarden",
"dependencies": ["traefik"],
"url": "https://vault.kaleschke.info",
"dump_file": null,
"data_paths": ["/mnt/user/appdata/vaultwarden"],
"first_check": "HTTPS erreichbar? Appdata-Volume intakt?",
"notes": "ADMIN_TOKEN_FILE; keine direkten Host-Ports"
},
"postgresql17": {
"description": "Shared PostgreSQL 18 Cluster (historischer Containername)",
"tier": 1,
"category": "infra",
"container_name": "postgresql17",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/postgresql18"],
"first_check": "backend_net Konnektivitaet? Disk-Space auf /mnt/user/appdata? pg_isready im Container?",
"notes": "Dumps per Dienst unter dumps/latest; raw DB nicht primaerer Restore-Weg; alter PG17-Pfad bleibt nur Rollback-Altstand"
},
"komodo-core": {
"description": "GitOps UI / API / Stack-Manager",
"tier": 1,
"category": "ops",
"container_name": "komodo-core",
"dependencies": ["komodo-mongo", "gitea", "traefik"],
"url": "https://komodo.kaleschke.info",
"dump_file": "komodo-mongo.archive.gz",
"data_paths": ["/mnt/user/appdata/komodo/core"],
"first_check": "MongoDB healthy? Gitea erreichbar? komodo_net Konnektivitaet?",
"notes": "keine pauschale Authelia-ForwardAuth; Gitea DNS override konfiguriert"
},
"komodo-mongo": {
"description": "Komodo Datenbank (MongoDB)",
"tier": 1,
"category": "infra",
"container_name": "komodo-mongo",
"dependencies": [],
"url": null,
"dump_file": "komodo-mongo.archive.gz",
"data_paths": ["/mnt/user/appdata/komodo/mongo"],
"first_check": "komodo_net Konnektivitaet? Disk-Space? mongosh ping?",
"notes": "Dump-Integritaet nach Major-Upgrades pruefen"
},
"komodo-periphery": {
"description": "Komodo Host-Agent (Stack-Deployments)",
"tier": 1,
"category": "ops",
"container_name": "komodo-periphery",
"dependencies": ["komodo-core"],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/komodo/periphery"],
"first_check": "Docker-Socket lesbar? /mnt/user/services gemountet? komodo_net Verbindung zu Core?",
"notes": "Docker-Socket-Ausnahme dokumentiert; /mnt/user/services Mount fuer Stack-Workspaces"
},
"redis": {
"description": "Shared Redis Cache",
"tier": 2,
"category": "infra",
"container_name": "redis",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/redis"],
"first_check": "backend_net Konnektivitaet? redis-cli ping erreichbar?",
"notes": "transiente Daten; bewusst nicht Backup-kritisch"
},
"paperless-ngx": {
"description": "Dokumentenmanagement",
"tier": 2,
"category": "app",
"container_name": "paperless-ngx",
"dependencies": ["postgresql17", "redis", "traefik"],
"url": "https://paperless.kaleschke.info",
"dump_file": "postgresql17-paperless.dump",
"data_paths": [
"/mnt/user/appdata/paperless-ngx/data",
"/mnt/user/documents/paperless",
"/mnt/user/documents/scans_inbox"
],
"first_check": "Redis healthy? PostgreSQL healthy? backend_net Konnektivitaet?",
"notes": "DB/Redis Secrets als Stack ENV (keine _FILE Variante)"
},
"paperless-gpt": {
"description": "KI-Ergaenzung fuer Paperless",
"tier": 2,
"category": "app",
"container_name": "paperless-gpt",
"dependencies": ["paperless-ngx", "traefik"],
"url": "https://paperless-gpt.kaleschke.info",
"dump_file": null,
"data_paths": [
"/mnt/user/appdata/paperless-gpt/data",
"/mnt/user/appdata/paperless-gpt/prompts"
],
"first_check": "Paperless API erreichbar? LLM/Ollama erreichbar? API Token gesetzt?",
"notes": "API Token als Stack ENV; abhaengig von laufendem Paperless"
},
"immich_server": {
"description": "Foto-/Video-App",
"tier": 2,
"category": "app",
"container_name": "immich_server",
"dependencies": ["immich_postgres", "immich_redis", "immich_machine_learning", "traefik"],
"url": "https://immich.kaleschke.info",
"dump_file": "immich.dump",
"data_paths": ["/mnt/user/photos/immich", "/mnt/user/photos/family_archive"],
"first_check": "immich_postgres healthy? immich_redis healthy? ML healthy? immich_default Netz?",
"notes": "native App-Auth; externes Fotoarchiv gemountet"
},
"immich_postgres": {
"description": "Immich-Datenbank",
"tier": 2,
"category": "infra",
"container_name": "immich_postgres",
"dependencies": [],
"url": null,
"dump_file": "immich.dump",
"data_paths": ["/mnt/user/appdata/immich_postgres_vectorchord"],
"first_check": "immich_default Netz? Disk-Space? pg_isready?",
"notes": "PG14 mit VectorChord/pgvector; nie ins frontend_net; immich_default Netz isoliert; alter immich_postgres-Pfad bleibt nur Rollback-Altstand"
},
"immich_redis": {
"description": "Immich Cache",
"tier": 2,
"category": "infra",
"container_name": "immich_redis",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": [],
"first_check": "immich_default Netz? redis-cli ping?",
"notes": "rebuildbar; anonymes Volume — named volume als offenes TODO"
},
"immich_machine_learning": {
"description": "Immich ML (Gesichtserkennung, Suche)",
"tier": 2,
"category": "infra",
"container_name": "immich_machine_learning",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": [],
"first_check": "immich_default Netz? model-cache Volume vorhanden?",
"notes": "rebuildbar; intern-only"
},
"mealie": {
"description": "Rezeptverwaltung",
"tier": 2,
"category": "app",
"container_name": "mealie",
"dependencies": ["mealie-postgres", "traefik"],
"url": "https://mealie.kaleschke.info",
"dump_file": "mealie.dump",
"data_paths": ["/mnt/user/appdata/mealie/data"],
"first_check": "mealie-postgres healthy? mealie_internal Netz erreichbar?",
"notes": "App + DB in internem Netz getrennt (mealie_internal)"
},
"mealie-postgres": {
"description": "Mealie-Datenbank",
"tier": 2,
"category": "infra",
"container_name": "mealie-postgres",
"dependencies": [],
"url": null,
"dump_file": "mealie.dump",
"data_paths": ["/mnt/user/appdata/mealie/postgres18"],
"first_check": "mealie_internal Netz? Disk-Space?",
"notes": "interne DB; mealie_internal Netz"
},
"mail-archiver": {
"description": "Mail-Archivierung (IMAP)",
"tier": 2,
"category": "app",
"container_name": "mail-archiver",
"dependencies": ["postgresql17", "authelia", "traefik"],
"url": "https://mail.kaleschke.info",
"dump_file": "postgresql17-mailarchiver.dump",
"data_paths": ["/mnt/user/appdata/mailarchiver/data-protection-keys"],
"first_check": "PostgreSQL healthy? Internet-/IMAP-Zugang? Authelia healthy?",
"notes": "Hybrid: frontend_net fuer IMAP/Internet, backend_net fuer DB"
},
"nextcloud": {
"description": "Datei-/Cloud-Dienst",
"tier": 2,
"category": "app",
"container_name": "nextcloud",
"dependencies": ["nextcloud-postgres", "nextcloud-redis", "traefik"],
"url": "https://cloud.kaleschke.info",
"dump_file": null,
"data_paths": [
"/mnt/user/appdata/nextcloud/html",
"/mnt/user/documents/nextcloud-data"
],
"first_check": "nextcloud-postgres healthy? nextcloud-redis healthy? nextcloud_internal Netz?",
"notes": "native App-Auth (kein zentrales ForwardAuth); WebDAV/CardDAV beachten"
},
"nextcloud-postgres": {
"description": "Nextcloud-Datenbank",
"tier": 2,
"category": "infra",
"container_name": "nextcloud-postgres",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/nextcloud/postgres18"],
"first_check": "nextcloud_internal Netz? Disk-Space?",
"notes": "interne DB"
},
"nextcloud-redis": {
"description": "Nextcloud Cache / Locking",
"tier": 2,
"category": "infra",
"container_name": "nextcloud-redis",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/nextcloud/redis"],
"first_check": "nextcloud_internal Netz? redis-cli ping?",
"notes": "rebuildbar"
},
"ntfy": {
"description": "Push-Benachrichtigungen (Alert-Backbone)",
"tier": 2,
"category": "app",
"container_name": "ntfy",
"dependencies": ["traefik"],
"url": "https://ntfy.kaleschke.info",
"dump_file": null,
"data_paths": ["/mnt/user/appdata/ntfy"],
"first_check": "HTTPS erreichbar? NTFY_BEHIND_PROXY=true gesetzt? Traefik healthy?",
"notes": "KRITISCH: Ausfall bedeutet keine anderen Alerts ankommen"
},
"glance": {
"description": "Homelab-Dashboard",
"tier": 3,
"category": "ops",
"container_name": "glance",
"dependencies": ["traefik"],
"url": "https://glance.kaleschke.info",
"dump_file": null,
"data_paths": [],
"first_check": "Traefik erreichbar? Docker-Socket-Proxy intern erreichbar? API-Tokens fuer Widgets gueltig?",
"notes": "aktives Homelab-Dashboard; Homepage wurde entfernt"
},
"monitoring-grafana": {
"description": "Zentrale Observability-UI",
"tier": 3,
"category": "ops",
"container_name": "monitoring-grafana",
"dependencies": [
"monitoring-prometheus",
"monitoring-loki",
"monitoring-influxdb3-core",
"traefik"
],
"url": "https://monitoring.kaleschke.info",
"dump_file": null,
"data_paths": ["grafana_data"],
"first_check": "Authelia-Redirect? Datasources Prometheus, Loki und InfluxDB 3 Core gruen?",
"notes": "ersetzt alten Grafana-Altstand und Uptime-Kuma-Views"
},
"monitoring-influxdb3-core": {
"description": "Zeitreihen- / Metrikdaten fuer Monitoring und Home Assistant",
"tier": 3,
"category": "ops",
"container_name": "monitoring-influxdb3-core",
"dependencies": ["monitoring-grafana"],
"url": null,
"dump_file": null,
"data_paths": [
"/mnt/user/appdata/influxdb3/data",
"/mnt/user/appdata/influxdb3/plugins"
],
"first_check": "LAN-Port 8181 erreichbar? 401 ohne Token = OK (erwartet). Disk-Space?",
"notes": "LAN-only Host-Port 8181; kein frontend_net; laeuft als user 0"
},
"scrutiny": {
"description": "Laufwerks- / SMART-Monitoring",
"tier": 3,
"category": "ops",
"container_name": "scrutiny",
"dependencies": ["traefik"],
"url": "https://scrutiny.kaleschke.info",
"dump_file": null,
"data_paths": [
"/mnt/user/appdata/scrutiny/config",
"/mnt/user/appdata/scrutiny/influxdb"
],
"first_check": "Device-Mounts vorhanden? privileged=true gesetzt? Traefik erreichbar?",
"notes": "privileged: true dokumentierte Ausnahme"
},
"glances": {
"description": "System- / Container-Monitoring",
"tier": 3,
"category": "ops",
"container_name": "glances",
"dependencies": ["traefik"],
"url": "https://glances.kaleschke.info",
"dump_file": null,
"data_paths": [],
"first_check": "Docker-Socket lesbar? rootfs gemountet? Traefik erreichbar?",
"notes": "rebuildbar; Docker-Socket und rootfs Mounts"
},
"borg-ui": {
"description": "Borg Backup- / Restore UI",
"tier": 3,
"category": "ops",
"container_name": "borg-ui",
"dependencies": ["traefik"],
"url": "https://borg.kaleschke.info",
"dump_file": null,
"data_paths": [
"/mnt/user/appdata/borg-ui/data",
"/mnt/user/backups/borg/dumps"
],
"first_check": "Borg-Repo-Credentials vorhanden? Backup-Mounts erreichbar? Traefik healthy?",
"notes": "breite Mounts bewusst dokumentiert; /local/secrets im DR-Scope"
},
"hermes-gateway": {
"description": "Hermes Agent Gateway / AI Ops Assistant",
"tier": 3,
"category": "ops",
"container_name": "hermes-gateway",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/hermes-agent/data"],
"first_check": "hermes_net:8642/health erreichbar? SSH-Key gemountet? LLM-Provider erreichbar?",
"notes": "kein Docker-Socket; SSH terminal backend; echte .env auf Host-Appdata"
},
"ddns-updater": {
"description": "Cloudflare / DDNS Aktualisierung",
"tier": 3,
"category": "infra",
"container_name": "ddns-updater",
"dependencies": [],
"url": null,
"dump_file": null,
"data_paths": ["/mnt/user/appdata/ddns-updater"],
"first_check": "Internetzugang? Cloudflare API erreichbar? Config vorhanden?",
"notes": "bewusst in frontend_net weil backend_net internal ist"
},
"code-server": {
"description": "Web-Editor / Operations Workspace",
"tier": 3,
"category": "ops",
"container_name": "code-server",
"dependencies": ["traefik"],
"url": "https://code.kaleschke.info",
"dump_file": null,
"data_paths": [
"/mnt/user/appdata/code-server",
"/mnt/user/services/dev"
],
"first_check": "Traefik erreichbar? PASSWORD_FILE lesbar?",
"notes": "PASSWORD_FILE; Workspaces bei Restore beachten"
},
"filebrowser": {
"description": "Datei-Browser fuer Appdata",
"tier": 3,
"category": "ops",
"container_name": "filebrowser",
"dependencies": ["traefik"],
"url": "https://files.kaleschke.info",
"dump_file": null,
"data_paths": ["/mnt/user/appdata/filebrowser"],
"first_check": "Appdata-Mounts erreichbar? Traefik healthy?",
"notes": "breiter /mnt/user/appdata Mount; Einschraenkung langfristig als TODO"
},
"speedtest-tracker": {
"description": "Speedtest-Monitoring",
"tier": 3,
"category": "ops",
"container_name": "speedtest-tracker",
"dependencies": ["traefik"],
"url": "https://speedtest.kaleschke.info",
"dump_file": null,
"data_paths": ["/mnt/user/appdata/speedtest-tracker/config"],
"first_check": "APP_KEY gesetzt? Internetzugang fuer Speedtest vorhanden?",
"notes": "APP_KEY, ADMIN_PASSWORD als Stack ENV"
},
"bentopdf": {
"description": "PDF-Tooling",
"tier": 3,
"category": "app",
"container_name": "bentopdf",
"dependencies": ["traefik"],
"url": "https://pdf.kaleschke.info",
"dump_file": null,
"data_paths": [],
"first_check": "COOP/COEP Middleware gesetzt? Traefik healthy?",
"notes": "rebuildbar; keine kritische Persistenz"
}
}
}
Reference in New Issue View Git Blame Copy Permalink