jarvis
fea42f892b
All services reassigned to MK7 (Swarm Manager) or swarm-distributed. Per Bobby: Mark5, Bones, Neo, Mark44 are NOT part of this homelab services stack. Phase 1 infra (Traefik, DNS, AdGuard, Portainer, Prometheus, Beszel, Dozzle, Authelia, Homepage) → MK7 Phase 2 media (Jellyfin, Sonarr, Radarr, Prowlarr) → Swarm distributed Phase 3 dashboards (Grafana, Homepage) → Swarm distributed Also updates: - Backup target: MK7 secondary storage (was Bones) - Network/DNS/Security model: all refs to Bones/Neo/Mark5/Mark44 corrected
53 lines
3.0 KiB
Markdown
53 lines
3.0 KiB
Markdown
# Iron Legion Homelab Services Stack — Deployment Phases
|
||
|
||
## Phase 1: Infrastructure (Critical Path)
|
||
**Goal:** Get DNS, proxy, and basic monitoring alive. Everything else depends on this.
|
||
|
||
| Order | Service | Target Node | Why First | Dependencies |
|
||
|-------|---------|-------------|-----------|--------------|
|
||
| 1 | **Technitium DNS** | MK7 | Name resolution for internal services | None |
|
||
| 2 | **Pi-hole** | MK7 | Recursive DNS + ad-block | Technitium (via conditional forwarding) |
|
||
| 3 | **Traefik** | MK7 | Edge router for all HTTP ingress | DNS (needs `*.labs.internal` to resolve) |
|
||
| 4 | **Authelia** | MK7 | Auth layer before exposing any mgmt UI | Traefik (depends on ForwardAuth middleware) |
|
||
| 5 | **Portainer** | MK7 | Container management UI | Traefik + Authelia (for secured access) |
|
||
| 6 | **Prometheus** | MK7 | Metrics collection baseline | None (scrape targets added in Phase 2) |
|
||
| 7 | **Beszel** | MK7 | Fleet resource overview | None (agents installed per-node) |
|
||
| 8 | **Dozzle** | MK7 | Real-time log viewing | None |
|
||
|
||
**Phase 1 milestone:** All nodes report healthy in Beszel. Portainer accessible via auth portal. DNS resolves.
|
||
|
||
---
|
||
|
||
## Phase 2: Media & File Collaboration
|
||
**Goal:** Self-hosted media acquisition and file sync.
|
||
|
||
| Order | Service | Target Node | Why Now | Dependencies |
|
||
|-------|---------|-------------|---------|--------------|
|
||
| 9 | **Jellyfin** | MK7 | Media playback (GPU transcode if MK7 has dGPU) | None (file ingest later) |
|
||
| 10 | **Sonarr** | MK7 | TV management | Jellyfin (pushes organized files) |
|
||
| 11 | **Radarr** | MK7 | Movie management | Jellyfin (pushes organized files) |
|
||
| 12 | **Prowlarr** | MK7 | Indexer aggregation | Sonarr + Radarr (feeds them) |
|
||
| 13 | **Nextcloud** | MK7 | File sync/collaboration | PostgreSQL (on MK7) |
|
||
| 14 | **Vaultwarden** | MK7 | Password management | None (standalone) |
|
||
|
||
**Phase 2 milestone:** Media acquisition pipeline works end-to-end. Nextcloud syncs. Vaultwarden stores secrets.
|
||
|
||
---
|
||
|
||
## Phase 3: Polish & Expansion
|
||
**Goal:** Dashboards, advanced monitoring, nice-to-haves.
|
||
|
||
| Order | Service | Target Node | Why Deferred | Dependencies |
|
||
|-------|---------|-------------|--------------|--------------|
|
||
| 15 | **Grafana** | MK7 | Dashboards need metrics to be interesting | Prometheus (needs data history) |
|
||
| 16 | **Homepage** | MK7 | Custom dashboard for everything | All Phase 1+2 services (needs endpoints) |
|
||
| – | **Promtail + Loki** | TBD | Centralized logging | Only if Dozzle is insufficient |
|
||
| – | **Uptime-Kuma** | TBD | External uptime monitoring | Only if Beszel alerting is insufficient |
|
||
|
||
**Phase 3 milestone:** Single-pane dashboard (Homepage) shows all services. Alerts route to Discord or email.
|
||
|
||
## Deployment Cadence
|
||
- **One service per session.** No mass deployments. Validate each before proceeding.
|
||
- **Rollback plan:** `docker compose down` + `mv /opt/iron-legion/service{,-failed-$(date +%s)}`. Snapshot taken before each compose up.
|
||
- **Bobby approval required before Phase 2 begins.** Phase 1 success must be demonstrated.
|