# Siklos Docker Services — Project Knowledge ## Host - **VM112 / siklos / docker-server** - IP: `192.168.88.27` - Specs: 4c/12GB RAM (reduced from 16GB after photo services migrated to VM113) - SSH: `jgitta@192.168.88.27` (via Proxmox host jump) - Docker compose files: `/srv/docker//docker-compose.yml` - Note: `vm.swappiness=10` set in `/etc/sysctl.conf` (April 2026) ## Running Containers (as of April 2026) | Container | Image | Port(s) | Compose Path | |---|---|---|---| | pihole | pihole/pihole:latest | 53, 8080 | /srv/docker/pihole/ | | onlyoffice | onlyoffice/documentserver | 8880 | /srv/docker/media/ | | homarr | homarr:latest | 7575 | /srv/docker/homarr/ | | uptime-kuma | uptime-kuma:2 | 3001 | /srv/docker/uptime-kuma/ | | grafana | grafana:latest | 3020 | /srv/docker/monitoring/ | | prometheus | prom/prometheus:latest | 9090 | /srv/docker/monitoring/ | | node-exporter | prom/node-exporter:latest | 9100 | /srv/docker/monitoring/ | | cadvisor | cadvisor:latest | 8090 | /srv/docker/monitoring/ | | graphite-exporter | prom/graphite-exporter:latest | 9108-9109 | /srv/docker/monitoring/ | | glances | nicolargo/glances:latest | 61208 | /srv/docker/glances/ | | meshcentral | typhonragewind/meshcentral:latest | 444 | /srv/docker/meshcentral/ | | guacamole | jwetzell/guacamole | 8383 | /srv/docker/guacamole/ | | karakeep-web-1 | karakeep:release | 3010 | /srv/docker/karakeep/ | | karakeep-meilisearch-1 | meilisearch:v1.13.3 | 7700 (internal) | /srv/docker/karakeep/ | | karakeep-chrome-1 | alpine-chrome:124 | — | /srv/docker/karakeep/ | | linkwarden-linkwarden-1 | linkwarden:latest | 3015 | /srv/docker/linkwarden/ | | linkwarden-postgres-1 | postgres:16-alpine | 5432 | /srv/docker/linkwarden/ | | wordpress | wordpress:php8.3-apache | 8095 | /srv/docker/wordpress/ | | wordpress-db | mariadb:10.11 | 3306 (internal) | /srv/docker/wordpress/ | | dashy | lissy93/dashy:latest | 8081 | /srv/docker/dashy/ | | dashboard | dashboard-dashboard | 8096 | /srv/docker/dashboard/ | | grav | linuxserver/grav:latest | 8585 | /srv/docker/grav/ | | watchtower | containrrr/watchtower | — | /srv/docker/watchtower/ | ## Migrated Services - **PhotoPrism** and **Immich** were migrated to VM113 (photos, 192.168.88.32) in April 2026 - See `/home/jgitta/Documents/Claude/Projects/Photos/photos.md` for current details ## Pi-hole - Port: 53 (DNS), 8080 (web UI) - URL: `https://pihole.jgitta.com` - Docker network: `pihole_default` - Docker IP: `172.28.0.2` (used by Uptime Kuma DNS monitor) - Config: `listeningMode = "ALL"` in pihole.toml (required for Docker) - FTL DB: `/etc/pihole/pihole-FTL.db` - Rate limit: 300 concurrent queries - Excluded from Watchtower auto-updates - Pi-hole v6 ## Monitoring Stack - Compose: `/srv/docker/monitoring/` - Grafana: port 3020 (`grafana.jgitta.com`), datasource UID: `cffiqslf48feod` - Prometheus: port 9090 - Node Exporter on: siklos (.27), proxmox (.25), nextcloud (.62), jellyfin (.10), pbs (.60), caddy (.110), thinkstation (.41) — all port 9100 - Grafana alert folder "Homelab Alerts": - High RAM >90% for 5min - Swap >50% for 5min - CPU >90% for 10min - Disk >85% for 5min - Node Down 2min - Alert annotations: `{{ $labels.instance }}` and `{{ $values.B }}%` - Alerts use three-step reduce+threshold pipeline (not classic conditions) - Telegram: bot token `8758434542:AAEW6omM7twyInsb2INuy6mD1w2EWXHqmzE`, chat `8260387200`, repeat every 4h - Uptime Kuma: port 3001 (`status.jgitta.com`), joined to `pihole_default` network ## OnlyOffice - URL: `https://office.jgitta.com` - Port: 8880 (all interfaces) - Compose: `/srv/docker/media/docker-compose.yml` - Replaces Collabora (`richdocuments` app is disabled in Nextcloud; `onlyoffice` app is enabled) - JWT secret (must match Nextcloud config): `4f2b0c719af2de99befacfec9ca5e8373cbdeb76` - Nextcloud `occ` settings (set on VM103/next): - `DocumentServerUrl` = `https://office.jgitta.com/` - `DocumentServerInternalUrl` = `http://192.168.88.27:8880/` - `StorageUrl` = `https://next.jgitta.com/` - `jwt_secret` = (matches container `local.json` above) - `jwt_header` = `Authorization` - To reconfigure after container recreation: re-run `occ config:app:set onlyoffice jwt_secret --value=""` - Container JWT secret location: `/etc/onlyoffice/documentserver/local.json` → `.services.CoAuthoring.secret.inbox.string` ## Key Notes - Watchtower excludes Pi-hole from auto-updates - NFS mount `/mnt/photos` was removed from Siklos `/etc/fstab` after PhotoPrism/Immich migration - OnlyOffice replaced Collabora (lighter RAM usage) - RAM reduced from 16GB → 12GB (April 2026, live via Proxmox balloon driver, no reboot) - `vm.swappiness=10` set to reduce swap pressure after photo services migrated out