jgitta
/
claude-projects
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
claude-projects/Homelab Infrastructure/siklos-docker-services.md

91 lines
4.7 KiB
Markdown
Raw Blame History

# Siklos Docker Services — Project Knowledge
## Host
- **VM112 / siklos / docker-server**
- IP: `192.168.88.27`
- Specs: 4c/12GB RAM (reduced from 16GB after photo services migrated to VM113)
- SSH: `jgitta@192.168.88.27` (via Proxmox host jump)
- Docker compose files: `/srv/docker/<service>/docker-compose.yml`
- Note: `vm.swappiness=10` set in `/etc/sysctl.conf` (April 2026)
## Running Containers (as of April 2026)
| Container | Image | Port(s) | Compose Path |
|---|---|---|---|
| pihole | pihole/pihole:latest | 53, 8080 | /srv/docker/pihole/ |
| onlyoffice | onlyoffice/documentserver | 8880 | /srv/docker/media/ |
| homarr | homarr:latest | 7575 | /srv/docker/homarr/ |
| uptime-kuma | uptime-kuma:2 | 3001 | /srv/docker/uptime-kuma/ |
| grafana | grafana:latest | 3020 | /srv/docker/monitoring/ |
| prometheus | prom/prometheus:latest | 9090 | /srv/docker/monitoring/ |
| node-exporter | prom/node-exporter:latest | 9100 | /srv/docker/monitoring/ |
| cadvisor | cadvisor:latest | 8090 | /srv/docker/monitoring/ |
| graphite-exporter | prom/graphite-exporter:latest | 9108-9109 | /srv/docker/monitoring/ |
| glances | nicolargo/glances:latest | 61208 | /srv/docker/glances/ |
| meshcentral | typhonragewind/meshcentral:latest | 444 | /srv/docker/meshcentral/ |
| guacamole | jwetzell/guacamole | 8383 | /srv/docker/guacamole/ |
| karakeep-web-1 | karakeep:release | 3010 | /srv/docker/karakeep/ |
| karakeep-meilisearch-1 | meilisearch:v1.13.3 | 7700 (internal) | /srv/docker/karakeep/ |
| karakeep-chrome-1 | alpine-chrome:124 | — | /srv/docker/karakeep/ |
| linkwarden-linkwarden-1 | linkwarden:latest | 3015 | /srv/docker/linkwarden/ |
| linkwarden-postgres-1 | postgres:16-alpine | 5432 | /srv/docker/linkwarden/ |
| wordpress | wordpress:php8.3-apache | 8095 | /srv/docker/wordpress/ |
| wordpress-db | mariadb:10.11 | 3306 (internal) | /srv/docker/wordpress/ |
| dashy | lissy93/dashy:latest | 8081 | /srv/docker/dashy/ |
| dashboard | dashboard-dashboard | 8096 | /srv/docker/dashboard/ |
| grav | linuxserver/grav:latest | 8585 | /srv/docker/grav/ |
| watchtower | containrrr/watchtower | — | /srv/docker/watchtower/ |
## Migrated Services
- **PhotoPrism** and **Immich** were migrated to VM113 (photos, 192.168.88.32) in April 2026
- See `/home/jgitta/Documents/Claude/Projects/Photos/photos.md` for current details
## Pi-hole
- Port: 53 (DNS), 8080 (web UI)
- URL: `https://pihole.jgitta.com`
- Docker network: `pihole_default`
- Docker IP: `172.28.0.2` (used by Uptime Kuma DNS monitor)
- Config: `listeningMode = "ALL"` in pihole.toml (required for Docker)
- FTL DB: `/etc/pihole/pihole-FTL.db`
- Rate limit: 300 concurrent queries
- Excluded from Watchtower auto-updates
- Pi-hole v6
## Monitoring Stack
- Compose: `/srv/docker/monitoring/`
- Grafana: port 3020 (`grafana.jgitta.com`), datasource UID: `cffiqslf48feod`
- Prometheus: port 9090
- Node Exporter on: siklos (.27), proxmox (.25), nextcloud (.62), jellyfin (.10), pbs (.60), caddy (.110), thinkstation (.41) — all port 9100
- Grafana alert folder "Homelab Alerts":
- High RAM >90% for 5min
- Swap >50% for 5min
- CPU >90% for 10min
- Disk >85% for 5min
- Node Down 2min
- Alert annotations: `{{ $labels.instance }}` and `{{ $values.B }}%`
- Alerts use three-step reduce+threshold pipeline (not classic conditions)
- Telegram: bot token `8758434542:AAEW6omM7twyInsb2INuy6mD1w2EWXHqmzE`, chat `8260387200`, repeat every 4h
- Uptime Kuma: port 3001 (`status.jgitta.com`), joined to `pihole_default` network
## OnlyOffice
- URL: `https://office.jgitta.com`
- Port: 8880 (all interfaces)
- Compose: `/srv/docker/media/docker-compose.yml`
- Replaces Collabora (`richdocuments` app is disabled in Nextcloud; `onlyoffice` app is enabled)
- JWT secret (must match Nextcloud config): `4f2b0c719af2de99befacfec9ca5e8373cbdeb76`
- Nextcloud `occ` settings (set on VM103/next):
- `DocumentServerUrl` = `https://office.jgitta.com/`
- `DocumentServerInternalUrl` = `http://192.168.88.27:8880/`
- `StorageUrl` = `https://next.jgitta.com/`
- `jwt_secret` = (matches container `local.json` above)
- `jwt_header` = `Authorization`
- To reconfigure after container recreation: re-run `occ config:app:set onlyoffice jwt_secret --value="<secret from local.json>"`
- Container JWT secret location: `/etc/onlyoffice/documentserver/local.json``.services.CoAuthoring.secret.inbox.string`
## Key Notes
- Watchtower excludes Pi-hole from auto-updates
- NFS mount `/mnt/photos` was removed from Siklos `/etc/fstab` after PhotoPrism/Immich migration
- OnlyOffice replaced Collabora (lighter RAM usage)
- RAM reduced from 16GB → 12GB (April 2026, live via Proxmox balloon driver, no reboot)
- `vm.swappiness=10` set to reduce swap pressure after photo services migrated out
Reference in New Issue View Git Blame Copy Permalink