"vault backup: 2026-03-08 13:31:23 from Flow"

2026-03-08 13:31:23 -05:00
parent 5d6995903a
commit b8686e57ef
7 changed files with 364 additions and 0 deletions
--- a/Reference/stacks/README.md
+++ b/Reference/stacks/README.md
@@ -0,0 +1,39 @@
+# Docker Stacks Overview
+
+All stacks run on [[../environments#Environment 1 — Homelab]]. Compose files live at `/home/artanis/DockerFiles/` unless noted otherwise.
+
+## Status Summary
+
+| Stack | Status | Containers | Tailscale Node |
+|---|---|---|---|
+| [[dockhand]] | Running | 2 | `dockhand.bunny-wyvern.ts.net` |
+| [[minecraft]] | Running | 1 | None (LAN exposed) |
+| [[mealie]] | Running | 2 | `mealie.bunny-wyvern.ts.net` |
+| [[linkwarden]] | Running | 3 | `linkwarden.bunny-wyvern.ts.net` |
+| [[gitea]] | Running | 3 | `gitea.bunny-wyvern.ts.net` |
+| [[matrix]] | Running | 8 | `matrix.bunny-wyvern.ts.net` |
+| [[homepage]] | Running | 2 | `homepage.bunny-wyvern.ts.net` |
+| [[n8n]] | Running | 2 | `n8n.bunny-wyvern.ts.net` |
+| [[calibre]] | **Stopped** | 2 | `calibre.bunny-wyvern.ts.net` |
+| [[gluetun]] | Running | 1 | None |
+| [[openproject]] | Running | 2 | `openproject.bunny-wyvern.ts.net` |
+| [[melodix]] | Running | 1 | None |
+
+## Common Patterns
+
+### Tailscale Sidecar
+Most stacks include a `tailscale/tailscale` sidecar that joins the Tailnet and makes the service accessible at `[name].bunny-wyvern.ts.net`. All sidecars share a single Tailscale auth key stored in the compose files.
+
+### Bind Mounts vs Named Volumes
+- **Config/data that needs to be easily accessible** uses bind mounts into `/home/artanis/DockerFiles/[stack]/`
+- **Tailscale state** always uses named volumes (e.g. `stack_tailscale_state`) so node registration persists across restarts
+- **Dockhand vulnerability scanner caches** use named volumes (`dockhand-grype-db`, `dockhand-trivy-db`)
+
+### Orphaned Volumes
+The following named volumes exist but are not attached to any running container — likely leftovers from deleted stacks:
+- `moltis_moltis-data`
+- `moltis_moltis-config`
+- `moltis_moltis-tailscale-state`
+- `portainer_data`
+- `open-project_open_project_tailscale_state`
+- `openproject_openproject_tailscale_state` (from an older `openproject` stack iteration)
--- a/Reference/stacks/dockhand.md
+++ b/Reference/stacks/dockhand.md
@@ -0,0 +1,59 @@
+# Dockhand
+
+Docker management UI. Used to manage all containers on the server. Also the tool used to generate this documentation.
+
+## Access
+- **Tailscale:** [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net)
+- **LAN:** `http://192.168.2.114:5555`
+
+## Containers
+
+| Container | Image | Role |
+|---|---|---|
+| `dockhand` | `fnsys/dockhand:latest` | Main web UI |
+| `dockhand-tailscale-sidecar` | `tailscale/tailscale:latest` | Tailscale node |
+
+## Compose File
+**Path:** `/home/artanis/DockerFiles/Dockhand/docker-compose.yaml`
+
+```yaml
+services:
+  dockhand:
+    image: fnsys/dockhand:latest
+    container_name: dockhand
+    restart: unless-stopped
+    ports:
+      - 5555:3000
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/artanis/DockerFiles:/DockerFiles
+      - /Minecraft_Server/docker-compose.yaml:/DockerFiles/Minecraft_Server/docker-compose.yaml
+      - dockhand_data:/app/data
+
+  dockhand-tailscale-sidecar:
+    image: tailscale/tailscale:latest
+    container_name: dockhand-tailscale-sidecar
+    restart: always
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun
+    volumes:
+      - dockhand_tailscale_state:/var/lib/tailscale
+      - /home/artanis/DockerFiles:/DockerFiles
+    environment:
+      - TS_AUTHKEY=<redacted>
+      - TS_HOSTNAME=dockhand
+      - TS_STATE_DIR=/var/lib/tailscale
+    network_mode: "service:dockhand"
+
+volumes:
+  dockhand_data:
+  dockhand_tailscale_state:
+```
+
+## Notes
+- The entire `/home/artanis/DockerFiles` directory is mounted into the container at `/DockerFiles`, giving Dockhand read/write access to all compose files
+- The Minecraft compose file lives outside `DockerFiles` (`/Minecraft_Server/`) so it is explicitly bind-mounted in
+- `dockhand_data` is the named volume for Dockhand's internal state (environments, settings, user accounts)
+- Dockhand also manages vulnerability scanning with two cached databases: `dockhand-grype-db` and `dockhand-trivy-db`
--- a/Reference/stacks/minecraft.md
+++ b/Reference/stacks/minecraft.md
@@ -0,0 +1,69 @@
+# Minecraft Server
+
+Self-hosted Minecraft server running the **TerraFirmaGreg: Modern** modpack.
+
+## Access
+- **Host:** `192.168.2.114:25565` (LAN / Tailscale)
+- **Voice Chat:** `192.168.2.114:24454/udp`
+
+No Tailscale sidecar — ports are exposed directly on the host.
+
+## Containers
+
+| Container | Image | Role |
+|---|---|---|
+| `minecraft` | `itzg/minecraft-server:latest` | Game server |
+
+## Compose File
+**Path:** `/Minecraft_Server/docker-compose.yaml`
+
+> Note: This file lives outside the main `DockerFiles` directory. It is explicitly mounted into the Dockhand container so it can manage it.
+
+```yaml
+services:
+  mc:
+    image: itzg/minecraft-server:latest
+    container_name: minecraft
+    mem_limit: 12g
+    tty: true
+    stdin_open: true
+    ports:
+      - 25565:25565
+      - 24454:24454/udp  # Voice Chat
+    volumes:
+      - /Minecraft_Server/Minecraft_Server/data:/data
+      - /Minecraft_Server/Minecraft_Server/modpacks:/modpacks:ro
+      - /Minecraft_Server/Minecraft_Server/downloads:/downloads
+    environment:
+      EULA: TRUE
+      TYPE: AUTO_CURSEFORGE
+      VERSION: 1.20.1
+      CF_API_KEY: <redacted>
+      CF_PAGE_URL: "https://www.curseforge.com/minecraft/modpacks/terrafirmagreg-modern/files/7665541"
+      CF_BASE_DIR: /data
+      INIT_MEMORY: 8G
+      MAX_MEMORY: 12G
+      ENABLE_AUTOPAUSE: true
+      MAX_TICK_TIME: -1
+      AUTOPAUSE_TIMEOUT_INIT: 600    # 10 min before pausing on empty server (init)
+      AUTOPAUSE_TIMEOUT_EST: 1800    # 30 min before pausing (established)
+      ENABLE_ROLLING_LOGS: true
+      LOG_TIMESTAMP: true
+      MOTD: "Why does Pingle sound like Pringle. Does Sam own Pringles?"
+    restart: unless-stopped
+```
+
+## Data Layout
+
+| Path | Contents |
+|---|---|
+| `/Minecraft_Server/Minecraft_Server/data` | World saves, server config, plugins |
+| `/Minecraft_Server/Minecraft_Server/modpacks` | Modpack files (read-only) |
+| `/Minecraft_Server/Minecraft_Server/downloads` | CurseForge download cache |
+
+## Notes
+- Uses `itzg/minecraft-server` with `AUTO_CURSEFORGE` type — it auto-downloads the modpack from CurseForge on startup if not already present
+- Modpack: **TerraFirmaGreg: Modern** (MC 1.20.1), pinned to a specific file ID (`7665541`)
+- Memory: 8 GB initial, 12 GB max (hard limit via `mem_limit: 12g`)
+- **Auto-pause** is enabled — server pauses after 30 minutes with no players, resumes on connection
+- `MAX_TICK_TIME: -1` disables the watchdog timer (prevents server shutdown if a tick takes too long, common with heavy modpacks)