jarvis
fea42f892b
All services reassigned to MK7 (Swarm Manager) or swarm-distributed. Per Bobby: Mark5, Bones, Neo, Mark44 are NOT part of this homelab services stack. Phase 1 infra (Traefik, DNS, AdGuard, Portainer, Prometheus, Beszel, Dozzle, Authelia, Homepage) → MK7 Phase 2 media (Jellyfin, Sonarr, Radarr, Prowlarr) → Swarm distributed Phase 3 dashboards (Grafana, Homepage) → Swarm distributed Also updates: - Backup target: MK7 secondary storage (was Bones) - Network/DNS/Security model: all refs to Bones/Neo/Mark5/Mark44 corrected
3.0 KiB
3.0 KiB
Iron Legion Homelab Services Stack — Deployment Phases
Phase 1: Infrastructure (Critical Path)
Goal: Get DNS, proxy, and basic monitoring alive. Everything else depends on this.
| Order | Service | Target Node | Why First | Dependencies |
|---|---|---|---|---|
| 1 | Technitium DNS | MK7 | Name resolution for internal services | None |
| 2 | Pi-hole | MK7 | Recursive DNS + ad-block | Technitium (via conditional forwarding) |
| 3 | Traefik | MK7 | Edge router for all HTTP ingress | DNS (needs *.labs.internal to resolve) |
| 4 | Authelia | MK7 | Auth layer before exposing any mgmt UI | Traefik (depends on ForwardAuth middleware) |
| 5 | Portainer | MK7 | Container management UI | Traefik + Authelia (for secured access) |
| 6 | Prometheus | MK7 | Metrics collection baseline | None (scrape targets added in Phase 2) |
| 7 | Beszel | MK7 | Fleet resource overview | None (agents installed per-node) |
| 8 | Dozzle | MK7 | Real-time log viewing | None |
Phase 1 milestone: All nodes report healthy in Beszel. Portainer accessible via auth portal. DNS resolves.
Phase 2: Media & File Collaboration
Goal: Self-hosted media acquisition and file sync.
| Order | Service | Target Node | Why Now | Dependencies |
|---|---|---|---|---|
| 9 | Jellyfin | MK7 | Media playback (GPU transcode if MK7 has dGPU) | None (file ingest later) |
| 10 | Sonarr | MK7 | TV management | Jellyfin (pushes organized files) |
| 11 | Radarr | MK7 | Movie management | Jellyfin (pushes organized files) |
| 12 | Prowlarr | MK7 | Indexer aggregation | Sonarr + Radarr (feeds them) |
| 13 | Nextcloud | MK7 | File sync/collaboration | PostgreSQL (on MK7) |
| 14 | Vaultwarden | MK7 | Password management | None (standalone) |
Phase 2 milestone: Media acquisition pipeline works end-to-end. Nextcloud syncs. Vaultwarden stores secrets.
Phase 3: Polish & Expansion
Goal: Dashboards, advanced monitoring, nice-to-haves.
| Order | Service | Target Node | Why Deferred | Dependencies |
|---|---|---|---|---|
| 15 | Grafana | MK7 | Dashboards need metrics to be interesting | Prometheus (needs data history) |
| 16 | Homepage | MK7 | Custom dashboard for everything | All Phase 1+2 services (needs endpoints) |
| – | Promtail + Loki | TBD | Centralized logging | Only if Dozzle is insufficient |
| – | Uptime-Kuma | TBD | External uptime monitoring | Only if Beszel alerting is insufficient |
Phase 3 milestone: Single-pane dashboard (Homepage) shows all services. Alerts route to Discord or email.
Deployment Cadence
- One service per session. No mass deployments. Validate each before proceeding.
- Rollback plan:
docker compose down+mv /opt/iron-legion/service{,-failed-$(date +%s)}. Snapshot taken before each compose up. - Bobby approval required before Phase 2 begins. Phase 1 success must be demonstrated.