d60bc96f1d
Verifies 16 DockerHub images, assigns target nodes per locked policy, defines 3-phase deployment order (Infra → Media → Polish), and captures open questions for Bobby. Services: Traefik, Technitium DNS, AdGuard Home, Prometheus, Grafana, Beszel, Dozzle, Portainer, Homepage, Authelia, Vaultwarden, Jellyfin, Sonarr, Radarr, Prowlarr, Nextcloud Domain: *.ai.home No public internet exposure.
1.5 KiB
1.5 KiB
Iron Legion Homelab Services Stack — Success Criteria
Done When
- ✅ Every service in the catalog has a verified DockerHub image with a non-stale last-update date (≤ 90 days old at time of cataloging)
- ✅ Every service has an assigned target node that respects the Node Assignments Locked policy
- ✅ Every service has a deployment phase (1, 2, or 3) agreed by Bobby
- ✅ Network ingress/egress flow is documented at the service level (who talks to whom, via what port/protocol)
- ✅ A single
docker-compose.ymlskeleton exists per phase, ready for population - ✅ Bobby has read and approved this PRD; any objections are captured as blockers below
Verification Methods
- DockerHub API freshness check:
last_updatedfield within 90 days - Node lock compliance: cross-reference against
fleet-ops.mdnode assignments - Compose skeleton existence:
ls ~/.ansible-repo/new-build/phase-*.yml
Failure Modes
| Failure | Mitigation |
|---|---|
| DockerHub image stale or abandoned | Flag for alternative image research |
| Node assignment conflicts with locked policy | Escalate to Bobby immediately |
| Service dependency on another Phase 2+ service | Note in Open Questions, defer deployment |
Known Blockers
- Authelia requires a domain + valid TLS cert. If Bobby does not want to expose to public internet, Traefik + internal Tailscale cert or self-signed CA required.
- Technitium DNS upstream forwarding policy not yet specified (DoH, DoT, plain UDP?).