jarvis
484b2e6272
- Remove AdGuard Home from all service catalogs, deployment phases, persistence tables, and network architecture docs - Update Technitium notes: authoritative .ai.home zone, recursive resolver, DoT forwarder to Cloudflare (tls://1.1.1.1), built-in ad blocking - Resolve open questions #2 (Technitium upstream) and #3 (AdGuard layout) - Add dns-topology.md: complete DNS architecture diagram, zone details, client assignments, Tailscale integration, troubleshooting table, migration history (AdGuard deployed → paused → removed)
2.7 KiB
2.7 KiB
Iron Legion Homelab Services Stack — Data & Persistence
Volume Strategy
Every service with persistent state uses bind mounts to on-node directories. No named volumes, no NFS, no distributed storage.
Directory Convention
/opt/iron-legion/
├── service-name/
│ ├── data/ # Application data (databases, config, state)
│ ├── config/ # Static config files mounted read-only where possible
│ └── logs/ # Log output (optional, if not sent to stdout)
Per-Service Persistence
| Service | Data Path | Backup Target | Size Estimate |
|---|---|---|---|
| Traefik | /opt/iron-legion/traefik/config/ /opt/iron-legion/traefik/certs/ |
MK7 (daily rsync) | < 50 MB |
| Technitium DNS | /opt/iron-legion/technitium/config/ |
MK7 | < 10 MB |
/opt/iron-legion/adguard/work//opt/iron-legion/adguard/conf/ |
|||
| Prometheus | /opt/iron-legion/prometheus/data/ |
MK7 (retention: 15d local, 90d backup) | 5–20 GB |
| Grafana | /opt/iron-legion/grafana/data/ |
MK7 | < 500 MB |
| Beszel | /opt/iron-legion/beszel/data/ |
MK7 | < 1 GB |
| Portainer | /opt/iron-legion/portainer/data/ |
MK7 | < 100 MB |
| Homepage | /opt/iron-legion/homepage/config/ |
MK7 | < 10 MB |
| Vaultwarden | /opt/iron-legion/vaultwarden/data/ |
MK7 (encrypted) | < 500 MB |
| Authelia | /opt/iron-legion/authelia/config/ |
MK7 | < 10 MB |
| Jellyfin | /opt/iron-legion/jellyfin/config/ /opt/iron-legion/jellyfin/media/ |
None (media too large) | < 1 GB config; media drive separate |
| Sonarr | /opt/iron-legion/sonarr/config/ |
MK7 | < 1 GB |
| Radarr | /opt/iron-legion/radarr/config/ |
MK7 | < 1 GB |
| Prowlarr | /opt/iron-legion/prowlarr/config/ |
MK7 | < 100 MB |
| Nextcloud | /opt/iron-legion/nextcloud/data/ |
MK7 (snapshots) | 10–50 GB |
Media Storage Exception
- Jellyfin media lives on a separate mount (likely external USB/NVMe on MK7). Not backed up via rsync.
- Sonarr/Radarr download staging to a shared
/downloadsbind mount, then hardlink/copy to Jellyfin media library.
Backup Tooling
- Primary:
rsync -a --deleteto MK7 secondary storage daily at 03:00 local. - Vaultwarden:
rsqlite3dump +rsync(encrypted at rest on MK7). - Prometheus:
snapshot API→ rsync (not raw WAL files).
Secret Management
.envfiles live in/opt/iron-legion/service-name/.env, mode0600.- Compose files use
${VAR_NAME}syntax, never literal strings. - Vaultwarden stores shared secrets (DB passwords, API keys). Artemis holds no secrets in memory.