documentation/04-service-catalog.md

Iron Legion Homelab Services Stack — Service Catalog

Verified DockerHub Metadata (as of 2026-05-25)

Swarm Placement Legend

Placement	Swarm Behavior
Global	One replica on EVERY node (including manager)
Replicated (N)	N replicas distributed across workers by scheduler
Manager Constraint	Only on manager node(s)
Label Constraint	Only on nodes with matching node.label

Placement Rules for 5-Node Swarm (1 manager + 4 workers)

• MK7 = Manager (can run global services + manager-constrained services)
• MK33, MK34, MK39, MK42 = Workers (run global services + replicated services)
• No node labels yet — will label storage nodes (e.g., media storage) as Phase 3

---

Network Layer

Service	Image	Pulls	Stars	Updated	Placement	Notes
Traefik	traefik	3.49B	3,634	2026-05-13	Global	Every node receives ingress routing + Docker socket read-only
Technitium DNS	technitium/dns-server	8.99M	156	2026-05-09	Manager Constraint	Authoritative .ai.home + recursive with DoT to Cloudflare, ad blocking — port 53 on MK7 only
AdGuard Home	adguard/adguardhome	170.7M	1,408	2026-05-25	Removed	Technitium built-in ad blocking replaces AdGuard

Monitoring / Observability

Service	Image	Pulls	Stars	Updated	Placement	Notes
Prometheus	prom/prometheus	1.97B	2,064	2026-05-25	Manager Constraint	Central scraping server on MK7
Prometheus Node Exporter	prom/node-exporter	—	—	—	Global	Runs on every node — scrapes CPU/mem/disk
Grafana	grafana/grafana	5.22B	3,540	2026-05-16	Replicated (1)	Any worker (Phase 3, needs data history first)
Beszel Hub	henrygd/beszel	12.58M	32	2026-04-30	Manager Constraint	Central hub on MK7 collects metrics from agents
Beszel Agent	henrygd/beszel-agent	—	—	—	Pending	Planned global — reports to hub. Not yet deployed.
Dozzle	amir20/dozzle	309.6M	144	2026-05-25	Replicated (1)	Any worker — read-only Docker socket

Management / Dashboard

Service	Image	Pulls	Stars	Updated	Placement	Notes
Portainer CE	portainer/portainer-ce	1.46B	2,665	2026-05-20	Replicated (1)	MK7 — agentless mode, no portainer-agent needed
Homepage	gethomepage/homepage	1.31M	40	2026-05-25	Replicated (1)	Any worker — all endpoints via env vars

Security / Identity

Service	Image	Pulls	Stars	Updated	Placement	Notes
Authelia	authelia/authelia	75.2M	208	2026-05-25	Replicated (1)	Any worker — Traefik ForwardAuth middleware

Existing External Services (NOT in Swarm)

Service	Location	Status	Notes
Vaultwarden	Neo (Nebuchadnezzar)	✅ Production	Already deployed via Docker. Managed separately.
Nextcloud	Neo (Nebuchadnezzar)	✅ Production	Nextcloud AIO. NOT part of G9 Swarm stack.

These services live outside the G9 Swarm cluster. No migration planned unless Bobby explicitly requests it.

Media Stack (*arr + Jellyfin)

Service	Image	Pulls	Stars	Updated	Placement	Notes
Jellyfin	jellyfin/jellyfin	370.4M	1,535	2026-05-25	Label Constraint	Nodes with node.label.storage=media (Phase 3)
Sonarr	linuxserver/sonarr	2.34B	2,118	2026-05-23	Replicated (1)	Any worker — needs shared /downloads mount
Radarr	linuxserver/radarr	2.36B	1,791	2026-05-25	Replicated (1)	Any worker — needs shared /downloads mount
Prowlarr	linuxserver/prowlarr	35.9M	403	2026-05-25	Replicated (1)	Any worker — feeds Sonarr/Radarr via network

Total Services: 16 (catalog) + 3 (existing external) = 19 total fleet services

Swarm Services: 15 active + 1 pending (Beszel Agent) + 4 Phase 2/3 planned = 16 catalog entries

Total DockerHub Pulls (aggregate): ~16.0B

All images updated within 90 days