From f636633c27d1bdde5bee85089f7c19d8cc688fe6 Mon Sep 17 00:00:00 2001 From: wompmacho Date: Sat, 30 May 2026 21:35:16 +0000 Subject: [PATCH] update services for infra --- projects/homelab/homelab_Infra.md | 104 ++++++++++++++++-------------- 1 file changed, 56 insertions(+), 48 deletions(-) diff --git a/projects/homelab/homelab_Infra.md b/projects/homelab/homelab_Infra.md index 1dd7990..d6ad7a6 100644 --- a/projects/homelab/homelab_Infra.md +++ b/projects/homelab/homelab_Infra.md @@ -3,7 +3,7 @@ title: Homelab Infrastructure description: This document outlines the internal infrastructure of the my homelab. author: wompmacho date: 2026-03-27 -lastmod: 2025-03-12 +lastmod: 2026-05-30 tags: - homelab - infrastructure @@ -122,62 +122,70 @@ The Proxmox virtualization host (`laptop-proxmox`) is an entirely separate physi | - | LXC | **pihole** | 10.0.0.11 | DNS Sinkhole / Local DNS | | - | VM | **docker** | 10.0.0.190 | Main Docker Host (Ubuntu 24.04) | | - | VM | **pterodactyl** | 10.0.0.110 | Game Server Panel (Debian) | +| - | LXC | **invidious** | 10.0.0.217 | Invidious Private YouTube Proxy Web Client | ## Docker services These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via Nginx Proxy Manager (SSL via Cloudflare). -| Container Name | Mapped Ports | Access | Description / Role | -| ----------------------- | ---------------------- | ------------ | ------------------------------------------------------------------------- | -| **nginx-proxy-manager** | 80, 81, 443 | Internal/VPN | Reverse proxy for all internal and external domains | -| **gluetun** | 8181, 6565, 6881, etc. | Internal/VPN | VPN Gateway for other containers (`http://torrent/`, `http://nicotine/`) | -| **portainer** | 8000, 9000, 9001, 9443 | Internal/VPN | Docker container management GUI | -| **cloudflare-ddns** | - | Internal/VPN | Automatically updates dynamic IP to Cloudflare DNS | -| **immich_server** | 2283 | Public | Photo/Video backup and gallery (`immich.wompmacho.com`) | -| **immich_postgres** | 5432 (Internal) | Internal/VPN | Database for Immich | -| **immich_redis** | 6379 (Internal) | Internal/VPN | Cache for Immich | -| **vaultwarden** | 9998, 9999 | Public | Self-hosted Bitwarden password manager (`vaultwarden.wompmacho.com`) | -| **gitea** | 222, 3001 | Public | Internal Git repository host (`git.wompmacho.com`) | -| **gitea-db-1** | 5432 (Internal) | Internal/VPN | PostgreSQL Database for Gitea | -| **gitea_runner** | - | Internal/VPN | CI/CD Action Runner for Gitea pipelines | -| **frigate** | 5000, 8554, 8555, 8971 | Public | AI NVR actively recording the Amcrest IP camera (`frigate.wompmacho.com`) | -| **homepage** | 7676 | Internal/VPN | Dashboard for navigation (`http://homepage/`) | -| **docs-public** | 9895 | Public | Nginx serving public Hugo documentation (`wiki.wompmacho.com`) | -| **docs-private** | 9897 | Internal/VPN | Nginx serving private Hugo documentation (`private`) | -| **paperless-ngx** | 3003 | Internal/VPN | Document management system (`http://paperless/`) | -| **sure** | 3006 | Internal/VPN | Self-hosted shared finance tracking application (`http://sure/`) | -| **audiobookshelf** | 13378 | Public | Audiobook and podcast server (`audiobookshelf.wompmacho.com`) | -| **open-webui** | 3007 | Internal/VPN | ChatGPT-like web interface connected to Ollama LLMs (`http://gemma/`) | -| **openai** | 3000 | Internal/VPN | OpenAI-compatible API gateway | -| **firefly** | 3002 | Internal/VPN | Firefly III personal finance manager | -| **stream** | 3005 | Public | Video streaming service (`stream.wompmacho.com`) | -| **reaper** | 3010 | Internal/VPN | Automated media management tool | -| **cabernet** | 6077 | Internal/VPN | IPTV/M3U proxy service | -| **dev** | 8443 | Public | Development environment (`dev.wompmacho.com`) | -| **coder** | 8445 | Internal/VPN | Coder / VS Code remote environment | -| **slopsmith** | 10101 | Internal/VPN | Custom internal application | -| **calibre** | 32015 | Internal/VPN | E-book management and server | -| **linkstack** | 80, 8190 | Public | Personal link landing page | -| **torrent** | (via Gluetun) | Internal/VPN | qBittorrent routed through VPN (`http://torrent/`) | -| **nicotine** | (via Gluetun) | Internal/VPN | Soulseek client routed through VPN (`http://nicotine/`) | -| **navidrome** | 4533 | Internal/VPN | Personal music streaming server (`http://music/`) | -| **picard** | 5800 | Internal/VPN | MusicBrainz Picard tagger GUI (`http://picard/`) | -| **dozzle** | 4343 | Internal/VPN | Real-time Docker log viewer (`http://dozzle/`) | +| Container Name | Mapped Ports | Access | Proxy Route / Domain | Description / Role | +|---|---|---|---|---| +| **nginx-proxy-manager** | 80, 81, 443 | Internal/VPN | `http://nginx/` | Reverse proxy manager dashboard (Port 81) and SSL termination | +| **gluetun** | 8181, 6565, 6881, etc. | Internal/VPN | - | VPN Gateway for other containers | +| **portainer** | 8000, 9000, 9001, 9443 | Internal/VPN | `http://portainer/` | Docker container management GUI | +| **cloudflare-ddns** | - | Internal/VPN | - | Automatically updates dynamic IP to Cloudflare DNS | +| **immich_server** | 2283 | Public | `immich.wompmacho.com` | Photo/Video backup and gallery server | +| **immich_postgres** | 5432 (Internal) | Internal/VPN | - | Database for Immich gallery | +| **immich_redis** | 6379 (Internal) | Internal/VPN | - | Redis cache for Immich gallery | +| **immich_machine_learning** | - (Internal) | Internal/VPN | - | AI Machine Learning inference backend for Immich | +| **vaultwarden** | 9998, 9999 | Public | `vaultwarden.wompmacho.com` | Self-hosted Bitwarden password manager | +| **gitea** | 222, 3001 | Public | `git.wompmacho.com` | Internal Git repository host | +| **gitea-db-1** | 5432 (Internal) | Internal/VPN | - | PostgreSQL Database for Gitea | +| **gitea_runner** | - | Internal/VPN | - | CI/CD Action Runner for Gitea pipelines | +| **frigate** | 5000, 8554, 8555, 8971 | Public | `frigate.wompmacho.com`, `http://frigate/` | AI NVR actively recording Amcrest IP camera | +| **homepage** | 7676 | Internal/VPN | `http://homepage/` | Navigation dashboard | +| **docs-public** | 9895 | Public | `wiki.wompmacho.com` | Nginx serving public Hugo documentation | +| **docs-private** | 9897 | Internal/VPN | `http://private/` | Nginx serving private Hugo documentation | +| **paperless-ngx** | 3003 | Internal/VPN | `http://paperless/` | Document management system web interface | +| **paperless-broker** | 6379 (Internal) | Internal/VPN | - | Redis message broker for Paperless-ngx task queue | +| **paperless-db** | 5432 (Internal) | Internal/VPN | - | PostgreSQL backend database for Paperless-ngx | +| **audiobookshelf** | 13378 | Public | `audiobookshelf.wompmacho.com` | Audiobook and podcast server | +| **openai** (formerly open-webui) | 3007 | Internal/VPN | `http://openai/`, `http://gemma/` | OpenAI-compatible API gateway and LLM web interface | +| **reaper** | 3010 | Internal/VPN | `http://reaper/` | Automated Reaper DAW interface in a web browser (currently in maintenance) | +| **dev** (code-server) | 8443 | Public | `dev.wompmacho.com` | VS Code remote development environment running directly on the host | +| **slopsmith-web** (formerly slopsmith) | 10101 | Internal/VPN | `http://slopsmith/` | Custom internal application | +| **linkstack** | 8190 | Public | `wompmacho.com`, `www.wompmacho.com` | Personal link landing page mapped to port `8190` | +| **torrent** (via Gluetun) | - | Internal/VPN | `http://torrent/` | qBittorrent client routed through VPN container | +| **nicotine** (via Gluetun) | - | Internal/VPN | `http://nicotine/` | Soulseek client routed through VPN container | +| **navidrome** | 4533 | Internal/VPN | `http://music/` | Personal music streaming server | +| **musicbrainz_picard** (formerly picard) | 5800 | Internal/VPN | `http://picard/` | MusicBrainz Picard tagger GUI | +| **dozzle** | 4343 | Internal/VPN | `http://dozzle/` | Real-time Docker log viewer | +| **guacamole** | 8080 | Public | `guac.wompmacho.com` | Apache Guacamole client for browser-based remote desktop | +| **guacd** | 4822 (Internal) | Internal/VPN | - | Guacamole proxy daemon for RDP/SSH/VNC protocol handling | +| **guac-postgresql** | 5432 (Internal) | Internal/VPN | - | PostgreSQL backend database for Guacamole | +| **neko** | 8282, 52000-52100 (UDP) | Public | `neko.wompmacho.com` | WebRTC streaming virtual browser room | +| **homelable-frontend** | 9444 | Internal/VPN | `http://homelable/` | Homelable interactive network visualizer frontend | +| **homelable-backend** | 9445 | Internal/VPN | - | Homelable API backend querying homelab network states | +| **homelable-mcp** | 8001 | Internal/VPN | - | Homelable MCP server exposing network state to LLMs | +| **discodrome** | - (Internal) | Internal/VPN | - | Music tagging and catalog indexing backend | +| **npm-sync** | - (Internal) | Internal/VPN | - | Sidecar daemon monitoring Docker socket to sync proxy records | +| **pihole-dns-shim** | - (Internal) | Internal/VPN | - | Sidecar daemon monitoring Docker socket to sync DNS records | -## Media stack +## Truenas Services These services are hosted on the TrueNAS node (`truenas`) and proxied via the Docker VM (`10.0.0.190`). -| Service | Upstream Port | Description | -| -------------- | ------------- | ------------------------------------------ | -| **Sonarr** | 30027 | TV Show Management | -| **Radarr** | 30025 | Movie Management | -| **Lidarr** | 30014 | Music Management | -| **Readarr** | 30045 | Book Management | -| **Prowlarr** | 30050 | Indexer Management | -| **Bazarr** | 30046 | Subtitle Management | -| **Jellyfin** | 30013 | Media Streaming Server | -| **Jellyseerr** | 30042 | Media Requests (`jellyseer.wompmacho.com`) | +| Container Name | Mapped Ports | Access | Proxy Route / Domain | Description / Role | +|---|---|---|---|---| +| **Sonarr** | 30027 | Internal/VPN | - | TV Show Management | +| **Radarr** | 30025 | Internal/VPN | - | Movie Management | +| **Lidarr** | 30014 | Internal/VPN | - | Music Management | +| **Readarr** | 30045 | Internal/VPN | - | Book Management | +| **Prowlarr** | 30050 | Internal/VPN | - | Indexer Management | +| **Bazarr** | 30046 | Internal/VPN | - | Subtitle Management | +| **Jellyfin** | 30013 | Internal/VPN | - | Media Streaming Server | +| **Jellyseerr** | 30042 | Public | `jellyseer.wompmacho.com` | Media Requests dashboard | +| **calibre** | 32015 | Internal/VPN | calibre | E-book management and calibre content server | ## Self-Hosted AI Infrastructure