Iron-Legion/documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(Chunk2): reconcile PRD with live fleet state

Browse Source 
- AdGuard Home: Replicated(2) → Replicated(1) (single instance on MK7)
- Portainer: Manager Constraint → Replicated(1) (deployed as replicated, not manager-only)
- Beszel Agent: Global → Pending (not yet deployed across workers)
- DNS Resolution: Added status table — Technitium deployed but *.ai.home zone not yet authoritative
- Swarm service count: 16 → 15 active + 1 pending

All changes mirrored to split files and master PRD.
This commit is contained in:
jarvis
2026-05-27 12:03:06 -04:00
parent 26c66590d1
commit a3fc718a34
3 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
04-service-catalog.md
View File

@@ -22,7 +22,7 @@
|---------|-------|-------|-------|---------|-----------|-------| |---------|-------|-------|-------|---------|-----------|-------|
| **Traefik** | `traefik` | 3.49B | 3,634 | 2026-05-13 | **Global** | Every node receives ingress routing + Docker socket read-only | | **Traefik** | `traefik` | 3.49B | 3,634 | 2026-05-13 | **Global** | Every node receives ingress routing + Docker socket read-only |
| **Technitium DNS** | `technitium/dns-server` | 8.99M | 156 | 2026-05-09 | **Manager Constraint** | Single authoritative DNS — port 53 on MK7 only | | **Technitium DNS** | `technitium/dns-server` | 8.99M | 156 | 2026-05-09 | **Manager Constraint** | Single authoritative DNS — port 53 on MK7 only |
| **AdGuard Home** | `adguard/adguardhome` | 170.7M | 1,408 | 2026-05-25 | **Replicated (2)** | 2 replicas across workers for redundancy — port 3000 | | **AdGuard Home** | `adguard/adguardhome` | 170.7M | 1,408 | 2026-05-25 | **Replicated (1)** | Single replica on MK7 — port 3000 |
### Monitoring / Observability ### Monitoring / Observability
| Service | Image | Pulls | Stars | Updated | Placement | Notes | | Service | Image | Pulls | Stars | Updated | Placement | Notes |
@@ -31,13 +31,13 @@
| **Prometheus Node Exporter** | `prom/node-exporter` | — | — | — | **Global** | Runs on every node — scrapes CPU/mem/disk | | **Prometheus Node Exporter** | `prom/node-exporter` | — | — | — | **Global** | Runs on every node — scrapes CPU/mem/disk |
| **Grafana** | `grafana/grafana` | 5.22B | 3,540 | 2026-05-16 | **Replicated (1)** | Any worker (Phase 3, needs data history first) | | **Grafana** | `grafana/grafana` | 5.22B | 3,540 | 2026-05-16 | **Replicated (1)** | Any worker (Phase 3, needs data history first) |
| **Beszel Hub** | `henrygd/beszel` | 12.58M | 32 | 2026-04-30 | **Manager Constraint** | Central hub on MK7 collects metrics from agents | | **Beszel Hub** | `henrygd/beszel` | 12.58M | 32 | 2026-04-30 | **Manager Constraint** | Central hub on MK7 collects metrics from agents |
| **Beszel Agent** | `henrygd/beszel-agent` | — | — | — | **Global** | Runs on every node — reports to hub | | **Beszel Agent** | `henrygd/beszel-agent` | — | — | — | **Pending** | Planned global — reports to hub. Not yet deployed. |
| **Dozzle** | `amir20/dozzle` | 309.6M | 144 | 2026-05-25 | **Replicated (1)** | Any worker — read-only Docker socket | | **Dozzle** | `amir20/dozzle` | 309.6M | 144 | 2026-05-25 | **Replicated (1)** | Any worker — read-only Docker socket |
### Management / Dashboard ### Management / Dashboard
| Service | Image | Pulls | Stars | Updated | Placement | Notes | | Service | Image | Pulls | Stars | Updated | Placement | Notes |
|---------|-------|-------|-------|---------|-----------|-------| |---------|-------|-------|-------|---------|-----------|-------|
| **Portainer CE** | `portainer/portainer-ce` | 1.46B | 2,665 | 2026-05-20 | **Manager Constraint** | MK7 only — agentless mode, no portainer-agent needed | | **Portainer CE** | `portainer/portainer-ce` | 1.46B | 2,665 | 2026-05-20 | **Replicated (1)** | MK7 — agentless mode, no portainer-agent needed |
| **Homepage** | `gethomepage/homepage` | 1.31M | 40 | 2026-05-25 | **Replicated (1)** | Any worker — all endpoints via env vars | | **Homepage** | `gethomepage/homepage` | 1.31M | 40 | 2026-05-25 | **Replicated (1)** | Any worker — all endpoints via env vars |
### Security / Identity ### Security / Identity
@@ -62,6 +62,6 @@
| **Prowlarr** | `linuxserver/prowlarr` | 35.9M | 403 | 2026-05-25 | **Replicated (1)** | Any worker — feeds Sonarr/Radarr via network | | **Prowlarr** | `linuxserver/prowlarr` | 35.9M | 403 | 2026-05-25 | **Replicated (1)** | Any worker — feeds Sonarr/Radarr via network |
## Total Services: 16 (catalog) + 3 (existing external) = 19 total fleet services ## Total Services: 16 (catalog) + 3 (existing external) = 19 total fleet services
## Swarm Services: 16 (includes global Beszel agent and node exporter) ## Swarm Services: 15 active + 1 pending (Beszel Agent) + 4 Phase 2/3 planned = 16 catalog entries
## Total DockerHub Pulls (aggregate): ~16.0B ## Total DockerHub Pulls (aggregate): ~16.0B
## All images updated within 90 days ## All images updated within 90 days

20
05-network-architecture.md
View File

@@ -22,11 +22,21 @@
| Nextcloud (MK7) | PostgreSQL (MK7) | TCP | 5432 | DB traffic over Tailscale | | Nextcloud (MK7) | PostgreSQL (MK7) | TCP | 5432 | DB traffic over Tailscale |
## DNS Resolution ## DNS Resolution
- **Technitium (MK7)** is the authoritative internal DNS for `*.ai.home`.
- **AdGuard Home (MK7)** handles recursive resolution with ad-block lists. Replaces Pi-hole. | Component | Status | Detail |
- **Chain:** Client → Technitium (local record?) → AdGuard Home (recursive + blocklist) → Upstream (Cloudflare/Quad9) |-----------|--------|--------|
- **Tailscale MagicDNS** remains enabled as fallback. If Technitium fails, clients fall back to `100.x.x.x` direct resolution. | **Technitium (MK7)** | ✅ Deployed | Container running, port 53/5380 open |
- **AdGuard Home admin UI** runs on port 3000 by default (separate from Grafana if co-located). | **`*.ai.home` zone** | ⏳ Pending | Not yet configured as authoritative — Tailscale MagicDNS currently handles name resolution |
| **AdGuard Home (MK7)** | ✅ Active | Recursive resolver + blocklists on port 3000. Replaces Pi-hole. |
**Planned Chain (not yet active):**
```
Client → Technitium (local record?) → AdGuard Home (recursive + blocklist) → Upstream (Cloudflare/Quad9)
```
**Current Fallback:** Tailscale MagicDNS provides `*.ai.home` resolution via Tailscale IP addresses. Technitium will assume authority once zone records are populated.
- **AdGuard Home admin UI** runs on port 3000.
## Port Allocation (Reserved) ## Port Allocation (Reserved)
| Port | Service | | Port | Service |

26
homelab-services-stack-prd.md
View File

@@ -117,7 +117,7 @@ This PRD is append-only for new services. Modifications to existing entries requ
|---------|-------|-------|-------|---------|-----------|-------| |---------|-------|-------|-------|---------|-----------|-------|
| **Traefik** | `traefik` | 3.49B | 3,634 | 2026-05-13 | **Global** | Every node receives ingress routing + Docker socket read-only | | **Traefik** | `traefik` | 3.49B | 3,634 | 2026-05-13 | **Global** | Every node receives ingress routing + Docker socket read-only |
| **Technitium DNS** | `technitium/dns-server` | 8.99M | 156 | 2026-05-09 | **Manager Constraint** | Single authoritative DNS — port 53 on MK7 only | | **Technitium DNS** | `technitium/dns-server` | 8.99M | 156 | 2026-05-09 | **Manager Constraint** | Single authoritative DNS — port 53 on MK7 only |
| **AdGuard Home** | `adguard/adguardhome` | 170.7M | 1,408 | 2026-05-25 | **Replicated (2)** | 2 replicas across workers for redundancy — port 3000 | | **AdGuard Home** | `adguard/adguardhome` | 170.7M | 1,408 | 2026-05-25 | **Replicated (1)** | Single replica on MK7 — port 3000 |
### Monitoring / Observability ### Monitoring / Observability
| Service | Image | Pulls | Stars | Updated | Placement | Notes | | Service | Image | Pulls | Stars | Updated | Placement | Notes |
@@ -126,13 +126,13 @@ This PRD is append-only for new services. Modifications to existing entries requ
| **Prometheus Node Exporter** | `prom/node-exporter` | — | — | — | **Global** | Runs on every node — scrapes CPU/mem/disk | | **Prometheus Node Exporter** | `prom/node-exporter` | — | — | — | **Global** | Runs on every node — scrapes CPU/mem/disk |
| **Grafana** | `grafana/grafana` | 5.22B | 3,540 | 2026-05-16 | **Replicated (1)** | Any worker (Phase 3, needs data history first) | | **Grafana** | `grafana/grafana` | 5.22B | 3,540 | 2026-05-16 | **Replicated (1)** | Any worker (Phase 3, needs data history first) |
| **Beszel Hub** | `henrygd/beszel` | 12.58M | 32 | 2026-04-30 | **Manager Constraint** | Central hub on MK7 collects metrics from agents | | **Beszel Hub** | `henrygd/beszel` | 12.58M | 32 | 2026-04-30 | **Manager Constraint** | Central hub on MK7 collects metrics from agents |
| **Beszel Agent** | `henrygd/beszel-agent` | — | — | — | **Global** | Runs on every node — reports to hub | | **Beszel Agent** | `henrygd/beszel-agent` | — | — | — | **Pending** | Planned global — reports to hub. Not yet deployed. |
| **Dozzle** | `amir20/dozzle` | 309.6M | 144 | 2026-05-25 | **Replicated (1)** | Any worker — read-only Docker socket | | **Dozzle** | `amir20/dozzle` | 309.6M | 144 | 2026-05-25 | **Replicated (1)** | Any worker — read-only Docker socket |
### Management / Dashboard ### Management / Dashboard
| Service | Image | Pulls | Stars | Updated | Placement | Notes | | Service | Image | Pulls | Stars | Updated | Placement | Notes |
|---------|-------|-------|-------|---------|-----------|-------| |---------|-------|-------|-------|---------|-----------|-------|
| **Portainer CE** | `portainer/portainer-ce` | 1.46B | 2,665 | 2026-05-20 | **Manager Constraint** | MK7 only — agentless mode, no portainer-agent needed | | **Portainer CE** | `portainer/portainer-ce` | 1.46B | 2,665 | 2026-05-20 | **Replicated (1)** | MK7 — agentless mode, no portainer-agent needed |
| **Homepage** | `gethomepage/homepage` | 1.31M | 40 | 2026-05-25 | **Replicated (1)** | Any worker — all endpoints via env vars | | **Homepage** | `gethomepage/homepage` | 1.31M | 40 | 2026-05-25 | **Replicated (1)** | Any worker — all endpoints via env vars |
### Security / Identity ### Security / Identity
@@ -187,11 +187,21 @@ This PRD is append-only for new services. Modifications to existing entries requ
| Nextcloud (MK7) | PostgreSQL (MK7) | TCP | 5432 | DB traffic over Tailscale | | Nextcloud (MK7) | PostgreSQL (MK7) | TCP | 5432 | DB traffic over Tailscale |
## DNS Resolution ## DNS Resolution
- **Technitium (MK7)** is the authoritative internal DNS for `*.ai.home`.
- **AdGuard Home (MK7)** handles recursive resolution with ad-block lists. Replaces Pi-hole. | Component | Status | Detail |
- **Chain:** Client → Technitium (local record?) → AdGuard Home (recursive + blocklist) → Upstream (Cloudflare/Quad9) |-----------|--------|--------|
- **Tailscale MagicDNS** remains enabled as fallback. If Technitium fails, clients fall back to `100.x.x.x` direct resolution. | **Technitium (MK7)** | ✅ Deployed | Container running, port 53/5380 open |
- **AdGuard Home admin UI** runs on port 3000 by default (separate from Grafana if co-located). | **`*.ai.home` zone** | ⏳ Pending | Not yet configured as authoritative — Tailscale MagicDNS currently handles name resolution |
| **AdGuard Home (MK7)** | ✅ Active | Recursive resolver + blocklists on port 3000. Replaces Pi-hole. |
**Planned Chain (not yet active):**
```
Client → Technitium (local record?) → AdGuard Home (recursive + blocklist) → Upstream (Cloudflare/Quad9)
```
**Current Fallback:** Tailscale MagicDNS provides `*.ai.home` resolution via Tailscale IP addresses. Technitium will assume authority once zone records are populated.
- **AdGuard Home admin UI** runs on port 3000.
## Port Allocation (Reserved) ## Port Allocation (Reserved)
| Port | Service | | Port | Service |