Files

jarvis fea42f892b Remove Mark5/Bones/Neo/Mark44 — G9 Swarm Cluster is the ONLY deployment target

All services reassigned to MK7 (Swarm Manager) or swarm-distributed.
Per Bobby: Mark5, Bones, Neo, Mark44 are NOT part of this homelab services stack.

Phase 1 infra (Traefik, DNS, AdGuard, Portainer, Prometheus, Beszel, Dozzle, Authelia, Homepage) → MK7
Phase 2 media (Jellyfin, Sonarr, Radarr, Prowlarr) → Swarm distributed
Phase 3 dashboards (Grafana, Homepage) → Swarm distributed

Also updates:
- Backup target: MK7 secondary storage (was Bones)
- Network/DNS/Security model: all refs to Bones/Neo/Mark5/Mark44 corrected

2026-05-25 18:24:22 -04:00

2.7 KiB

Raw Blame History

Iron Legion Homelab Services Stack — Data & Persistence

Volume Strategy

Every service with persistent state uses bind mounts to on-node directories. No named volumes, no NFS, no distributed storage.

Directory Convention

/opt/iron-legion/
├── service-name/
│   ├── data/           # Application data (databases, config, state)
│   ├── config/         # Static config files mounted read-only where possible
│   └── logs/           # Log output (optional, if not sent to stdout)

Per-Service Persistence

Service	Data Path	Backup Target	Size Estimate
Traefik	`/opt/iron-legion/traefik/config/` `/opt/iron-legion/traefik/certs/`	MK7 (daily rsync)	< 50 MB
Technitium DNS	`/opt/iron-legion/technitium/config/`	MK7	< 10 MB
Pi-hole	`/opt/iron-legion/pihole/etc-pihole/` `/opt/iron-legion/pihole/etc-dnsmasq.d/`	MK7	< 500 MB
Prometheus	`/opt/iron-legion/prometheus/data/`	MK7 (retention: 15d local, 90d backup)	5–20 GB
Grafana	`/opt/iron-legion/grafana/data/`	MK7	< 500 MB
Beszel	`/opt/iron-legion/beszel/data/`	MK7	< 1 GB
Portainer	`/opt/iron-legion/portainer/data/`	MK7	< 100 MB
Homepage	`/opt/iron-legion/homepage/config/`	MK7	< 10 MB
Vaultwarden	`/opt/iron-legion/vaultwarden/data/`	MK7 (encrypted)	< 500 MB
Authelia	`/opt/iron-legion/authelia/config/`	MK7	< 10 MB
Jellyfin	`/opt/iron-legion/jellyfin/config/` `/opt/iron-legion/jellyfin/media/`	None (media too large)	< 1 GB config; media drive separate
Sonarr	`/opt/iron-legion/sonarr/config/`	MK7	< 1 GB
Radarr	`/opt/iron-legion/radarr/config/`	MK7	< 1 GB
Prowlarr	`/opt/iron-legion/prowlarr/config/`	MK7	< 100 MB
Nextcloud	`/opt/iron-legion/nextcloud/data/`	MK7 (snapshots)	10–50 GB

Media Storage Exception

Jellyfin media lives on a separate mount (likely external USB/NVMe on MK7). Not backed up via rsync.
Sonarr/Radarr download staging to a shared /downloads bind mount, then hardlink/copy to Jellyfin media library.

Backup Tooling

Primary: rsync -a --delete to MK7 secondary storage daily at 03:00 local.
Vaultwarden: rsqlite3 dump + rsync (encrypted at rest on MK7).
Prometheus: snapshot API → rsync (not raw WAL files).

Secret Management

.env files live in /opt/iron-legion/service-name/.env, mode 0600.
Compose files use ${VAR_NAME} syntax, never literal strings.
Vaultwarden stores shared secrets (DB passwords, API keys). Artemis holds no secrets in memory.

2.7 KiB Raw Blame History Unescape Escape

Iron Legion Homelab Services Stack — Data & Persistence

Volume Strategy

Directory Convention

Per-Service Persistence

Media Storage Exception

Backup Tooling

Secret Management

2.7 KiB

Raw Blame History