Iron-Legion/documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b873e981c7134cc3b0802af58d500a8036da2a9c
documentation/06-data-and-persistence.md
jarvis fea42f892b Remove Mark5/Bones/Neo/Mark44 — G9 Swarm Cluster is the ONLY deployment target 
All services reassigned to MK7 (Swarm Manager) or swarm-distributed.
Per Bobby: Mark5, Bones, Neo, Mark44 are NOT part of this homelab services stack.

Phase 1 infra (Traefik, DNS, AdGuard, Portainer, Prometheus, Beszel, Dozzle, Authelia, Homepage) → MK7
Phase 2 media (Jellyfin, Sonarr, Radarr, Prowlarr) → Swarm distributed
Phase 3 dashboards (Grafana, Homepage) → Swarm distributed

Also updates:
- Backup target: MK7 secondary storage (was Bones)
- Network/DNS/Security model: all refs to Bones/Neo/Mark5/Mark44 corrected
2026-05-25 18:24:22 -04:00

2.7 KiB
Raw Blame History

Iron Legion Homelab Services Stack — Data & Persistence

Volume Strategy

Every service with persistent state uses bind mounts to on-node directories. No named volumes, no NFS, no distributed storage.

Directory Convention

/opt/iron-legion/
├── service-name/
│   ├── data/           # Application data (databases, config, state)
│   ├── config/         # Static config files mounted read-only where possible
│   └── logs/           # Log output (optional, if not sent to stdout)

Per-Service Persistence

Service Data Path Backup Target Size Estimate
Traefik /opt/iron-legion/traefik/config/ /opt/iron-legion/traefik/certs/ MK7 (daily rsync) < 50 MB
Technitium DNS /opt/iron-legion/technitium/config/ MK7 < 10 MB
Pi-hole /opt/iron-legion/pihole/etc-pihole/ /opt/iron-legion/pihole/etc-dnsmasq.d/ MK7 < 500 MB
Prometheus /opt/iron-legion/prometheus/data/ MK7 (retention: 15d local, 90d backup) 520 GB
Grafana /opt/iron-legion/grafana/data/ MK7 < 500 MB
Beszel /opt/iron-legion/beszel/data/ MK7 < 1 GB
Portainer /opt/iron-legion/portainer/data/ MK7 < 100 MB
Homepage /opt/iron-legion/homepage/config/ MK7 < 10 MB
Vaultwarden /opt/iron-legion/vaultwarden/data/ MK7 (encrypted) < 500 MB
Authelia /opt/iron-legion/authelia/config/ MK7 < 10 MB
Jellyfin /opt/iron-legion/jellyfin/config/ /opt/iron-legion/jellyfin/media/ None (media too large) < 1 GB config; media drive separate
Sonarr /opt/iron-legion/sonarr/config/ MK7 < 1 GB
Radarr /opt/iron-legion/radarr/config/ MK7 < 1 GB
Prowlarr /opt/iron-legion/prowlarr/config/ MK7 < 100 MB
Nextcloud /opt/iron-legion/nextcloud/data/ MK7 (snapshots) 1050 GB

Media Storage Exception

  • Jellyfin media lives on a separate mount (likely external USB/NVMe on MK7). Not backed up via rsync.
  • Sonarr/Radarr download staging to a shared /downloads bind mount, then hardlink/copy to Jellyfin media library.

Backup Tooling

  • Primary: rsync -a --delete to MK7 secondary storage daily at 03:00 local.
  • Vaultwarden: rsqlite3 dump + rsync (encrypted at rest on MK7).
  • Prometheus: snapshot API → rsync (not raw WAL files).

Secret Management

  • .env files live in /opt/iron-legion/service-name/.env, mode 0600.
  • Compose files use ${VAR_NAME} syntax, never literal strings.
  • Vaultwarden stores shared secrets (DB passwords, API keys). Artemis holds no secrets in memory.
Reference in New Issue View Git Blame Copy Permalink