Remove Mark5/Bones/Neo/Mark44 — G9 Swarm Cluster is the ONLY deployment target

All services reassigned to MK7 (Swarm Manager) or swarm-distributed. Per Bobby: Mark5, Bones, Neo, Mark44 are NOT part of this homelab services stack. Phase 1 infra (Traefik, DNS, AdGuard, Portainer, Prometheus, Beszel, Dozzle, Authelia, Homepage) → MK7 Phase 2 media (Jellyfin, Sonarr, Radarr, Prowlarr) → Swarm distributed Phase 3 dashboards (Grafana, Homepage) → Swarm distributed Also updates: - Backup target: MK7 secondary storage (was Bones) - Network/DNS/Security model: all refs to Bones/Neo/Mark5/Mark44 corrected
2026-05-25 18:24:22 -04:00
parent 4cff1b5e48
commit fea42f892b
8 changed files with 155 additions and 151 deletions
--- a/06-data-and-persistence.md
+++ b/06-data-and-persistence.md
@@ -15,29 +15,29 @@ Every service with persistent state uses **bind mounts to on-node directories**.
 ## Per-Service Persistence
 | Service | Data Path | Backup Target | Size Estimate |
 |---------|-----------|---------------|---------------|
-| **Traefik** | `/opt/iron-legion/traefik/config/` `/opt/iron-legion/traefik/certs/` | Bones (daily rsync) | < 50 MB |
-| **Technitium DNS** | `/opt/iron-legion/technitium/config/` | Bones | < 10 MB |
-| **Pi-hole** | `/opt/iron-legion/pihole/etc-pihole/` `/opt/iron-legion/pihole/etc-dnsmasq.d/` | Bones | < 500 MB |
-| **Prometheus** | `/opt/iron-legion/prometheus/data/` | Bones (retention: 15d local, 90d backup) | 5–20 GB |
-| **Grafana** | `/opt/iron-legion/grafana/data/` | Bones | < 500 MB |
-| **Beszel** | `/opt/iron-legion/beszel/data/` | Bones | < 1 GB |
-| **Portainer** | `/opt/iron-legion/portainer/data/` | Bones | < 100 MB |
-| **Homepage** | `/opt/iron-legion/homepage/config/` | Bones | < 10 MB |
-| **Vaultwarden** | `/opt/iron-legion/vaultwarden/data/` | Bones (encrypted) | < 500 MB |
-| **Authelia** | `/opt/iron-legion/authelia/config/` | Bones | < 10 MB |
+| **Traefik** | `/opt/iron-legion/traefik/config/` `/opt/iron-legion/traefik/certs/` | MK7 (daily rsync) | < 50 MB |
+| **Technitium DNS** | `/opt/iron-legion/technitium/config/` | MK7 | < 10 MB |
+| **Pi-hole** | `/opt/iron-legion/pihole/etc-pihole/` `/opt/iron-legion/pihole/etc-dnsmasq.d/` | MK7 | < 500 MB |
+| **Prometheus** | `/opt/iron-legion/prometheus/data/` | MK7 (retention: 15d local, 90d backup) | 5–20 GB |
+| **Grafana** | `/opt/iron-legion/grafana/data/` | MK7 | < 500 MB |
+| **Beszel** | `/opt/iron-legion/beszel/data/` | MK7 | < 1 GB |
+| **Portainer** | `/opt/iron-legion/portainer/data/` | MK7 | < 100 MB |
+| **Homepage** | `/opt/iron-legion/homepage/config/` | MK7 | < 10 MB |
+| **Vaultwarden** | `/opt/iron-legion/vaultwarden/data/` | MK7 (encrypted) | < 500 MB |
+| **Authelia** | `/opt/iron-legion/authelia/config/` | MK7 | < 10 MB |
 | **Jellyfin** | `/opt/iron-legion/jellyfin/config/` `/opt/iron-legion/jellyfin/media/` | **None** (media too large) | < 1 GB config; media drive separate |
-| **Sonarr** | `/opt/iron-legion/sonarr/config/` | Bones | < 1 GB |
-| **Radarr** | `/opt/iron-legion/radarr/config/` | Bones | < 1 GB |
-| **Prowlarr** | `/opt/iron-legion/prowlarr/config/` | Bones | < 100 MB |
-| **Nextcloud** | `/opt/iron-legion/nextcloud/data/` | Bones (snapshots) | 10–50 GB |
+| **Sonarr** | `/opt/iron-legion/sonarr/config/` | MK7 | < 1 GB |
+| **Radarr** | `/opt/iron-legion/radarr/config/` | MK7 | < 1 GB |
+| **Prowlarr** | `/opt/iron-legion/prowlarr/config/` | MK7 | < 100 MB |
+| **Nextcloud** | `/opt/iron-legion/nextcloud/data/` | MK7 (snapshots) | 10–50 GB |

 ## Media Storage Exception
- **Jellyfin media** lives on a separate mount (likely external USB/NVMe on Mark44). Not backed up via rsync.
+- **Jellyfin media** lives on a separate mount (likely external USB/NVMe on MK7). Not backed up via rsync.
 - **Sonarr/Radarr** download staging to a shared `/downloads` bind mount, then hardlink/copy to Jellyfin media library.

 ## Backup Tooling
- **Primary:** `rsync -a --delete` to Bones secondary storage daily at 03:00 local.
- **Vaultwarden:** `rsqlite3` dump + `rsync` (encrypted at rest on Bones).
+- **Primary:** `rsync -a --delete` to MK7 secondary storage daily at 03:00 local.
+- **Vaultwarden:** `rsqlite3` dump + `rsync` (encrypted at rest on MK7).
 - **Prometheus:** `snapshot API` → rsync (not raw WAL files).

 ## Secret Management