d60bc96f1d
Verifies 16 DockerHub images, assigns target nodes per locked policy, defines 3-phase deployment order (Infra → Media → Polish), and captures open questions for Bobby. Services: Traefik, Technitium DNS, AdGuard Home, Prometheus, Grafana, Beszel, Dozzle, Portainer, Homepage, Authelia, Vaultwarden, Jellyfin, Sonarr, Radarr, Prowlarr, Nextcloud Domain: *.ai.home No public internet exposure.
26 lines
1.5 KiB
Markdown
26 lines
1.5 KiB
Markdown
# Iron Legion Homelab Services Stack — Success Criteria
|
|
|
|
## Done When
|
|
1. ✅ Every service in the catalog has a verified DockerHub image with a non-stale last-update date (≤ 90 days old at time of cataloging)
|
|
2. ✅ Every service has an assigned target node that respects the **Node Assignments Locked** policy
|
|
3. ✅ Every service has a deployment phase (1, 2, or 3) agreed by Bobby
|
|
4. ✅ Network ingress/egress flow is documented at the service level (who talks to whom, via what port/protocol)
|
|
5. ✅ A single `docker-compose.yml` skeleton exists per phase, ready for population
|
|
6. ✅ Bobby has read and approved this PRD; any objections are captured as blockers below
|
|
|
|
## Verification Methods
|
|
- DockerHub API freshness check: `last_updated` field within 90 days
|
|
- Node lock compliance: cross-reference against `fleet-ops.md` node assignments
|
|
- Compose skeleton existence: `ls ~/.ansible-repo/new-build/phase-*.yml`
|
|
|
|
## Failure Modes
|
|
| Failure | Mitigation |
|
|
|---------|------------|
|
|
| DockerHub image stale or abandoned | Flag for alternative image research |
|
|
| Node assignment conflicts with locked policy | Escalate to Bobby immediately |
|
|
| Service dependency on another Phase 2+ service | Note in Open Questions, defer deployment |
|
|
|
|
## Known Blockers
|
|
- **Authelia** requires a domain + valid TLS cert. If Bobby does not want to expose to public internet, Traefik + internal Tailscale cert or self-signed CA required.
|
|
- **Technitium DNS** upstream forwarding policy not yet specified (DoH, DoT, plain UDP?).
|