# Iron Legion Docker Swarm — Fleet Reference ## Cluster Topology | Node | Hostname | Role | Tailscale | LAN IP | |------|----------|------|-----------|--------| | MK7 | `mark-vii.ai.home` | **Manager (Leader)** | `100.66.70.51` | `192.168.7.7` | | MK33 | `mk-33` | Worker | — | `192.168.0.190` | | MK34 | `mk-34` | Worker | — | `192.168.0.123` | | MK39 | `mk-39` | Worker | — | `192.168.0.106` | | MK42 | `mk-42` | Worker | — | `192.168.0.196` | **Worker join token:** ``` SWMTKN-1-01759qgxz7d4x0bl32shlyjed540fgqjhggx0nyrw04d3zt017-blujv5tley9ukl8ke60dvz0ec ``` ## Service Catalog All services deployed on MK7 manager via `docker stack deploy`. | Stack | Service | Mode | Replicas | Published Ports | Traefik Host | |-------|---------|------|----------|-----------------|--------------| | `traefik` | Traefik v3 | global | 1/1 | `80`, `8080` (dashboard) | — | | `node-exporter` | Node Exporter | **global** | 5/5 | — | — | | `beszel` | Beszel Hub | replicated | 1/1 | — | `beszel.ai.home` | | `homepage` | Homepage Dashboard | replicated | 1/1 | — | `dashboard.ai.home` | | `dozzle` | Dozzle Logs | replicated | 1/1 | — | `dozzle.ai.home` | | `portainer` | Portainer CE | replicated | 1/1 | `9000` | `portainer.ai.home` | | `prometheus` | Prometheus | replicated | 1/1 | `9090` | `prom.ai.home` | | `technitium` | Technitium DNS | replicated | 1/1 | `53/tcp`, `53/udp`, `5380` | `dns.ai.home` | | `adguard` | AdGuard Home | replicated | 1/1 | `3000`, `30053` | `adguard.ai.home` | | ~~authelia~~ | ~~Authelia~~ | ~~deferred~~ | — | — | ~~`auth.ai.home`~~ | > **Note:** Authelia deferred until local TLS is available (requires `https://auth.ai.home`). ## Network Architecture | Network | Driver | Scope | Attachable | Note | |---------|--------|-------|------------|------| | `traefik-public` | overlay | swarm | ✅ | Attachable overlay for all web-facing services | | `ingress` | overlay | swarm | — | Built-in swarm ingress | | `node-exporter_default` | overlay | swarm | — | Created by node-exporter stack deploy | ## Directory Structure (MK7) ``` /opt/iron-legion/docker-swarm/ ├── deploy.sh # Master deployment script ├── traefik/compose.yml ├── node-exporter/compose.yml ├── technitium/compose.yml ├── technitium/prometheus.yml # Prometheus scrape targets ├── adguard/compose.yml ├── prometheus/compose.yml ├── beszel/compose.yml ├── portainer/compose.yml ├── dozzle/compose.yml ├── homepage/compose.yml ├── homepage/config/settings.yaml └── authelia/ ├── compose.yml # Deferred — needs TLS ├── config/ │ ├── configuration.yml │ └── users_database.yml ``` Synced to all workers (`/opt/iron-legion/docker-swarm`) for failover redundancy. Workers do not execute `docker stack deploy` — only MK7 manager orchestrates services. ## Deploy / Re-Deploy On MK7: ```bash cd /opt/iron-legion/docker-swarm ./deploy.sh ``` Or single stack: ```bash cd /opt/iron-legion/docker-swarm docker stack deploy -c traefik/compose.yml traefik ``` ## Worker Join (if node rebuilt) ```bash # On worker node docker swarm join --token SWMTKN-1-01759qgxz7d4x0bl32shlyjed540fgqjhggx0nyrw04d3zt017-blujv5tley9ukl8ke60dvz0ec 192.168.7.7:2377 ``` Ensure worker has `/opt/iron-legion/docker-swarm/` synced for config parity. ## Known Issues / Decisions | Item | Status | Detail | |------|--------|--------| | `systemd-resolved` | **Disabled** on MK7 | Port 53 freed for Technitium | | Standalone Portainer | **Removed** | Data backed up to `/tmp/portainer-data-backup-20260526-000125.tar.gz` on MK7 | | Authelia | **Deferred** | Requires TLS (https://auth.ai.home) | | Beszel Agents | **Pending** | Global agent stack to be added across all workers | | DNS resolution | **Pending** | `*.ai.home` requires Technitium configured as LAN resolver | ## External Services (NOT in Swarm) | Service | Node | URL | Note | |---------|------|-----|------| | Nextcloud AIO | Neo (`100.99.123.16`) | `https://nextcloud.ai.home` | Production, unmanaged | | Vaultwarden | Neo (`100.99.123.16`) | `https://vault.ai.home` | Production, unmanaged | --- *Last updated: 2026-05-26* *Gitea repo: `Iron-Legion/documentation` — push this file there*