From ec242f10528261db8d6e5257ae6f61ec87e95497 Mon Sep 17 00:00:00 2001 From: Spencer Grimes Date: Sun, 8 Mar 2026 13:41:28 -0500 Subject: [PATCH] "vault backup: 2026-03-08 13:41:28 from Flow" --- 21-Server Reference/README.md | 118 ++++++++++++------ 21-Server Reference/homelab/README.md | 50 ++++++++ .../{ => homelab}/environments.md | 0 21-Server Reference/{ => homelab}/hardware.md | 0 21-Server Reference/{ => homelab}/network.md | 0 .../{ => homelab}/stacks/README.md | 0 .../{ => homelab}/stacks/calibre.md | 0 .../{ => homelab}/stacks/dockhand.md | 0 .../{ => homelab}/stacks/gitea.md | 0 .../{ => homelab}/stacks/gluetun.md | 0 .../{ => homelab}/stacks/homepage.md | 0 .../{ => homelab}/stacks/linkwarden.md | 0 .../{ => homelab}/stacks/matrix.md | 0 .../{ => homelab}/stacks/mealie.md | 0 .../{ => homelab}/stacks/melodix.md | 0 .../{ => homelab}/stacks/minecraft.md | 0 .../{ => homelab}/stacks/n8n.md | 0 .../{ => homelab}/stacks/openproject.md | 0 21-Server Reference/pihole/README.md | 35 ++++++ .../pihole/stacks/home_assistant.md | 85 +++++++++++++ .../pihole/stacks/portainer_agent.md | 26 ++++ .../pihole/stacks/ts_kh_bridge.md | 39 ++++++ 22 files changed, 313 insertions(+), 40 deletions(-) create mode 100644 21-Server Reference/homelab/README.md rename 21-Server Reference/{ => homelab}/environments.md (100%) rename 21-Server Reference/{ => homelab}/hardware.md (100%) rename 21-Server Reference/{ => homelab}/network.md (100%) rename 21-Server Reference/{ => homelab}/stacks/README.md (100%) rename 21-Server Reference/{ => homelab}/stacks/calibre.md (100%) rename 21-Server Reference/{ => homelab}/stacks/dockhand.md (100%) rename 21-Server Reference/{ => homelab}/stacks/gitea.md (100%) rename 21-Server Reference/{ => homelab}/stacks/gluetun.md (100%) rename 21-Server Reference/{ => homelab}/stacks/homepage.md (100%) rename 21-Server Reference/{ => homelab}/stacks/linkwarden.md (100%) rename 21-Server Reference/{ => homelab}/stacks/matrix.md (100%) rename 21-Server Reference/{ => homelab}/stacks/mealie.md (100%) rename 21-Server Reference/{ => homelab}/stacks/melodix.md (100%) rename 21-Server Reference/{ => homelab}/stacks/minecraft.md (100%) rename 21-Server Reference/{ => homelab}/stacks/n8n.md (100%) rename 21-Server Reference/{ => homelab}/stacks/openproject.md (100%) create mode 100644 21-Server Reference/pihole/README.md create mode 100644 21-Server Reference/pihole/stacks/home_assistant.md create mode 100644 21-Server Reference/pihole/stacks/portainer_agent.md create mode 100644 21-Server Reference/pihole/stacks/ts_kh_bridge.md diff --git a/21-Server Reference/README.md b/21-Server Reference/README.md index a2e4503..e42402a 100644 --- a/21-Server Reference/README.md +++ b/21-Server Reference/README.md @@ -1,50 +1,88 @@ -# Homelab Server Documentation +# Server Reference -Living documentation for the `homelab` server. Goal: a new admin with zero prior context should be able to read this and understand everything about the server. +Documentation for the home infrastructure — two servers working together. -## Quick Reference +## Servers -| Property | Value | +| Server | Role | Docs | +| ------------------------- | ---------------------------------------------------------- | ------------------ | +| **Homelab** | Primary server. Runs most services. | [[homelab/README]] | +| **Pihole / Raspberry Pi** | Secondary server. DNS, Home Assistant, Tailscale bridging. | [[pihole/README]] | + +--- + +## Tailscale Sidecar Setup + +The standard pattern for exposing a service via Tailscale. Used across nearly every stack. + +1. Create your service container and a Tailscale sidecar container +2. On the sidecar, set: + ```yaml + network_mode: "service:[service-name]" + ``` +3. Connect to the sidecar via SSH or the Tailscale admin console and run: + ``` + tailscale funnel --bg [port] + ``` + +The sidecar shares the main container's network namespace, so Tailscale sees the service's ports as its own. + +--- + +## Credentials & Tokens + +> These are stored here for admin reference. Do not share. + +### Mealie +| Key | Value | |---|---| -| Hostname | `homelab` | -| LAN IP | `192.168.2.114` | -| Tailscale IP | `100.72.0.62` | -| OS | Ubuntu 25.10 (Questing Quokka) | -| Kernel | 6.17.0-14-generic | -| Docker Files | `/home/artanis/DockerFiles/` | -| Docker Manager | [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net) | +| Auth Token | `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb25nX3Rva2VuIjp0cnVlLCJpZCI6IjNkZjZkZmM0LTkyZDgtNDIyNy1iMjBjLTA4ZjA2Njc2MGcă0IsIm5hbWUiOiJMTE0gIiwiaW50ZWdyYXRpb25faWQiOiJnZW5lcmljIiwiZXhwIjoxOTE5OTEwNDUwfQ.Ts5XbrF6Nr-0gvhKkt_01OPeAEoWQe_ndn0hGTtPOQc` | -## Documentation Index +### Discord Bots +| Bot | Token | +|---|---| +| Isomer | `NjY0MjMyOTYxMjM4ODkyNTc0.XhUFJg.ivnkBPtnEPGGcAwaXP50rOIPZsI` | +| Star-15 | `ODQ2MTUxMDMxMjA1MDAzMjc0.GYFbRW.JeFITOZbBH_lqCuF-bS7edC0P30H6uqFKwz7is` | -- [[hardware]] — CPU, RAM, storage -- [[network]] — Interfaces, Tailscale, ports in use -- [[environments]] — Dockhand-managed environments (Homelab + Pihole) -- [[stacks/README]] — Overview of all Docker stacks +### AI +| Service | Key | +|---|---| +| Gemini API | `AIzaSyD0uj33T_SH4Fvw2sWWW9akXF6ej9sqhlI` | -### Stacks -| Stack | Purpose | Access | -|---|---|---| -| [[stacks/dockhand]] | Docker management UI | [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net) | -| [[stacks/minecraft]] | Minecraft server (TerraFirmaGreg) | `:25565` | -| [[stacks/mealie]] | Recipe manager | [mealie.bunny-wyvern.ts.net](https://mealie.bunny-wyvern.ts.net) | -| [[stacks/linkwarden]] | Bookmark manager | [linkwarden.bunny-wyvern.ts.net](https://linkwarden.bunny-wyvern.ts.net) | -| [[stacks/gitea]] | Self-hosted Git | [gitea.bunny-wyvern.ts.net](https://gitea.bunny-wyvern.ts.net) | -| [[stacks/matrix]] | Matrix homeserver + bridges | [matrix.bunny-wyvern.ts.net](https://matrix.bunny-wyvern.ts.net) | -| [[stacks/homepage]] | Dashboard | [homepage.bunny-wyvern.ts.net](https://homepage.bunny-wyvern.ts.net) | -| [[stacks/n8n]] | Workflow automation | [n8n.bunny-wyvern.ts.net](https://n8n.bunny-wyvern.ts.net) | -| [[stacks/calibre]] | E-book library (STOPPED) | [calibre.bunny-wyvern.ts.net](https://calibre.bunny-wyvern.ts.net) | -| [[stacks/gluetun]] | VPN gateway (Mullvad) | `:8001` (control) | -| [[stacks/openproject]] | Project management | [openproject.bunny-wyvern.ts.net](https://openproject.bunny-wyvern.ts.net) | -| [[stacks/melodix]] | Discord music bot | Internal only | +### Server Passwords +Shared password used across most Docker services (DB passwords, NextAuth secrets, etc.): see compose files at `/home/artanis/DockerFiles/` on the homelab. -## Key Architectural Patterns +--- -### Tailscale Sidecar -Nearly every service uses a **Tailscale sidecar** pattern for remote access: -- A `tailscale/tailscale` container runs alongside the main service container -- It uses `network_mode: "service:[main]"` to share the main container's network namespace -- This registers the main service as a Tailscale node (e.g. `mealie.bunny-wyvern.ts.net`) -- Services are **not exposed to the public internet** — only accessible via Tailscale VPN +## File Index -### Credentials -Credentials (DB passwords, API keys, Tailscale auth keys) live in the compose files on disk at `/home/artanis/DockerFiles/`. They are redacted in this documentation. See individual stack files for variable names and the actual compose files for values. +``` +21-Server Reference/ +├── README.md ← You are here +├── Server Info.md ← Legacy notes (superseded by this file) +├── homelab/ +│ ├── README.md — Homelab overview & stack index +│ ├── hardware.md — CPU, RAM, storage +│ ├── network.md — IPs, ports, Tailscale nodes, Docker networks +│ ├── environments.md — Dockhand environments (Homelab + Pihole) +│ └── stacks/ +│ ├── README.md — All stacks at a glance +│ ├── dockhand.md +│ ├── minecraft.md +│ ├── mealie.md +│ ├── linkwarden.md +│ ├── gitea.md +│ ├── matrix.md +│ ├── homepage.md +│ ├── n8n.md +│ ├── calibre.md +│ ├── gluetun.md +│ ├── openproject.md +│ └── melodix.md +└── pihole/ + ├── README.md — Pi overview + └── stacks/ + ├── home_assistant.md + ├── ts_kh_bridge.md + └── portainer_agent.md +``` diff --git a/21-Server Reference/homelab/README.md b/21-Server Reference/homelab/README.md new file mode 100644 index 0000000..a2e4503 --- /dev/null +++ b/21-Server Reference/homelab/README.md @@ -0,0 +1,50 @@ +# Homelab Server Documentation + +Living documentation for the `homelab` server. Goal: a new admin with zero prior context should be able to read this and understand everything about the server. + +## Quick Reference + +| Property | Value | +|---|---| +| Hostname | `homelab` | +| LAN IP | `192.168.2.114` | +| Tailscale IP | `100.72.0.62` | +| OS | Ubuntu 25.10 (Questing Quokka) | +| Kernel | 6.17.0-14-generic | +| Docker Files | `/home/artanis/DockerFiles/` | +| Docker Manager | [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net) | + +## Documentation Index + +- [[hardware]] — CPU, RAM, storage +- [[network]] — Interfaces, Tailscale, ports in use +- [[environments]] — Dockhand-managed environments (Homelab + Pihole) +- [[stacks/README]] — Overview of all Docker stacks + +### Stacks +| Stack | Purpose | Access | +|---|---|---| +| [[stacks/dockhand]] | Docker management UI | [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net) | +| [[stacks/minecraft]] | Minecraft server (TerraFirmaGreg) | `:25565` | +| [[stacks/mealie]] | Recipe manager | [mealie.bunny-wyvern.ts.net](https://mealie.bunny-wyvern.ts.net) | +| [[stacks/linkwarden]] | Bookmark manager | [linkwarden.bunny-wyvern.ts.net](https://linkwarden.bunny-wyvern.ts.net) | +| [[stacks/gitea]] | Self-hosted Git | [gitea.bunny-wyvern.ts.net](https://gitea.bunny-wyvern.ts.net) | +| [[stacks/matrix]] | Matrix homeserver + bridges | [matrix.bunny-wyvern.ts.net](https://matrix.bunny-wyvern.ts.net) | +| [[stacks/homepage]] | Dashboard | [homepage.bunny-wyvern.ts.net](https://homepage.bunny-wyvern.ts.net) | +| [[stacks/n8n]] | Workflow automation | [n8n.bunny-wyvern.ts.net](https://n8n.bunny-wyvern.ts.net) | +| [[stacks/calibre]] | E-book library (STOPPED) | [calibre.bunny-wyvern.ts.net](https://calibre.bunny-wyvern.ts.net) | +| [[stacks/gluetun]] | VPN gateway (Mullvad) | `:8001` (control) | +| [[stacks/openproject]] | Project management | [openproject.bunny-wyvern.ts.net](https://openproject.bunny-wyvern.ts.net) | +| [[stacks/melodix]] | Discord music bot | Internal only | + +## Key Architectural Patterns + +### Tailscale Sidecar +Nearly every service uses a **Tailscale sidecar** pattern for remote access: +- A `tailscale/tailscale` container runs alongside the main service container +- It uses `network_mode: "service:[main]"` to share the main container's network namespace +- This registers the main service as a Tailscale node (e.g. `mealie.bunny-wyvern.ts.net`) +- Services are **not exposed to the public internet** — only accessible via Tailscale VPN + +### Credentials +Credentials (DB passwords, API keys, Tailscale auth keys) live in the compose files on disk at `/home/artanis/DockerFiles/`. They are redacted in this documentation. See individual stack files for variable names and the actual compose files for values. diff --git a/21-Server Reference/environments.md b/21-Server Reference/homelab/environments.md similarity index 100% rename from 21-Server Reference/environments.md rename to 21-Server Reference/homelab/environments.md diff --git a/21-Server Reference/hardware.md b/21-Server Reference/homelab/hardware.md similarity index 100% rename from 21-Server Reference/hardware.md rename to 21-Server Reference/homelab/hardware.md diff --git a/21-Server Reference/network.md b/21-Server Reference/homelab/network.md similarity index 100% rename from 21-Server Reference/network.md rename to 21-Server Reference/homelab/network.md diff --git a/21-Server Reference/stacks/README.md b/21-Server Reference/homelab/stacks/README.md similarity index 100% rename from 21-Server Reference/stacks/README.md rename to 21-Server Reference/homelab/stacks/README.md diff --git a/21-Server Reference/stacks/calibre.md b/21-Server Reference/homelab/stacks/calibre.md similarity index 100% rename from 21-Server Reference/stacks/calibre.md rename to 21-Server Reference/homelab/stacks/calibre.md diff --git a/21-Server Reference/stacks/dockhand.md b/21-Server Reference/homelab/stacks/dockhand.md similarity index 100% rename from 21-Server Reference/stacks/dockhand.md rename to 21-Server Reference/homelab/stacks/dockhand.md diff --git a/21-Server Reference/stacks/gitea.md b/21-Server Reference/homelab/stacks/gitea.md similarity index 100% rename from 21-Server Reference/stacks/gitea.md rename to 21-Server Reference/homelab/stacks/gitea.md diff --git a/21-Server Reference/stacks/gluetun.md b/21-Server Reference/homelab/stacks/gluetun.md similarity index 100% rename from 21-Server Reference/stacks/gluetun.md rename to 21-Server Reference/homelab/stacks/gluetun.md diff --git a/21-Server Reference/stacks/homepage.md b/21-Server Reference/homelab/stacks/homepage.md similarity index 100% rename from 21-Server Reference/stacks/homepage.md rename to 21-Server Reference/homelab/stacks/homepage.md diff --git a/21-Server Reference/stacks/linkwarden.md b/21-Server Reference/homelab/stacks/linkwarden.md similarity index 100% rename from 21-Server Reference/stacks/linkwarden.md rename to 21-Server Reference/homelab/stacks/linkwarden.md diff --git a/21-Server Reference/stacks/matrix.md b/21-Server Reference/homelab/stacks/matrix.md similarity index 100% rename from 21-Server Reference/stacks/matrix.md rename to 21-Server Reference/homelab/stacks/matrix.md diff --git a/21-Server Reference/stacks/mealie.md b/21-Server Reference/homelab/stacks/mealie.md similarity index 100% rename from 21-Server Reference/stacks/mealie.md rename to 21-Server Reference/homelab/stacks/mealie.md diff --git a/21-Server Reference/stacks/melodix.md b/21-Server Reference/homelab/stacks/melodix.md similarity index 100% rename from 21-Server Reference/stacks/melodix.md rename to 21-Server Reference/homelab/stacks/melodix.md diff --git a/21-Server Reference/stacks/minecraft.md b/21-Server Reference/homelab/stacks/minecraft.md similarity index 100% rename from 21-Server Reference/stacks/minecraft.md rename to 21-Server Reference/homelab/stacks/minecraft.md diff --git a/21-Server Reference/stacks/n8n.md b/21-Server Reference/homelab/stacks/n8n.md similarity index 100% rename from 21-Server Reference/stacks/n8n.md rename to 21-Server Reference/homelab/stacks/n8n.md diff --git a/21-Server Reference/stacks/openproject.md b/21-Server Reference/homelab/stacks/openproject.md similarity index 100% rename from 21-Server Reference/stacks/openproject.md rename to 21-Server Reference/homelab/stacks/openproject.md diff --git a/21-Server Reference/pihole/README.md b/21-Server Reference/pihole/README.md new file mode 100644 index 0000000..8132d15 --- /dev/null +++ b/21-Server Reference/pihole/README.md @@ -0,0 +1,35 @@ +# Pihole / Raspberry Pi Documentation + +Secondary server — a Raspberry Pi that supports the main [[../homelab/README|homelab]] in various ways. + +## Quick Reference + +| Property | Value | +|---|---| +| Tailscale IP | `100.89.172.56` | +| Tailscale Hostname | (on `bunny-wyvern.ts.net`) | +| Connection to Dockhand | Hawser agent (env=2) | +| Docker Files | `/home/artanis/` (Desktop + TS_KH_Bridge dirs) | + +> Hardware details (CPU, RAM, model) are not yet documented. To be filled in. + +## Stacks + +| Stack | Status | Purpose | +|---|---|---| +| [[stacks/home_assistant]] | Running | Home automation | +| [[stacks/ts_kh_bridge]] | Stopped | Tailscale inter-tailnet bridge | +| [[stacks/portainer_agent]] | Running | Portainer remote agent | + +## How It Supports the Homelab + +- **Home Assistant** — Home automation hub; runs on the Pi for low-power always-on operation and USB device access (Zigbee/Z-Wave stick on `/dev/ttyUSB0`) +- **Tailscale Bridge** — Bridges two separate Tailnets together (`Home` ↔ `KH`) — currently stopped +- **Portainer Agent** — Allows a Portainer instance (elsewhere) to manage this Pi's Docker remotely + +## Key Differences from Homelab + +- No centralized `DockerFiles` directory — compose files are scattered across `~/Desktop/` and `~/TS_KH_Bridge/` +- Home Assistant uses `network_mode: host` (full host network) for mDNS/Bluetooth/Zigbee discovery +- Much lighter workload — only 3 stacks, 5 containers total +- Pihole (DNS/ad-blocking) likely runs natively on the Pi OS, not in Docker — no container found for it diff --git a/21-Server Reference/pihole/stacks/home_assistant.md b/21-Server Reference/pihole/stacks/home_assistant.md new file mode 100644 index 0000000..5d2f04f --- /dev/null +++ b/21-Server Reference/pihole/stacks/home_assistant.md @@ -0,0 +1,85 @@ +# Home Assistant + +Self-hosted home automation platform. The primary reason this Pi exists. + +## Access +- **Tailscale:** [homeassistant.bunny-wyvern.ts.net](https://homeassistant.bunny-wyvern.ts.net) +- **LAN:** `http://[pi-ip]:8123` (port exposed but access via Tailscale preferred) + +## Containers + +| Container | Image | Role | +|---|---|---| +| `homeassistant` | `lscr.io/linuxserver/homeassistant:latest` | Home automation hub | +| `homeassistant-tailscale-sidecar` | `tailscale/tailscale:latest` | Tailscale node | + +## Compose File +**Path:** `/home/artanis/Desktop/HomeAssistant/docker-compose.yaml` (on the Pi) + +> Note: Dockhand reports the stack dir as `/DockerFiles/home_assistant/` — this is the path as seen from inside the Hawser agent context. The actual host path is via `~/Desktop/HomeAssistant/`. + +```yaml +services: + homeassistant: + image: lscr.io/linuxserver/homeassistant:latest + container_name: homeassistant + network_mode: host + environment: + - PUID=1000 + - PGID=1000 + - TZ: America/Chicago + cap_add: + - NET_ADMIN + - NET_RAW + volumes: + - /home/artanis/Desktop/HomeAssistant/config:/config + - /run/dbus:/run/dbus:ro + - /home/artanis/Desktop/HomeAssistant/media:/media + ports: + - 8123:8123 + devices: + - /dev/ttyUSB0:/dev/ttyUSB0 + restart: unless-stopped + + homeassistant-tailscale-sidecar: + image: tailscale/tailscale:latest + container_name: homeassistant-tailscale-sidecar + restart: unless-stopped + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun + volumes: + - homeassistant_tailscale_state:/var/lib/tailscale + environment: + - TS_AUTHKEY= + - TS_HOSTNAME=homeassistant + - TS_STATE_DIR=/var/lib/tailscale + network_mode: "service:homeassistant" + +volumes: + homeassistant_tailscale_state: + +# matter-server is defined but commented out +``` + +## Data Layout + +| Path | Contents | +|---|---| +| `/home/artanis/Desktop/HomeAssistant/config` | HA configuration, automations, integrations | +| `/home/artanis/Desktop/HomeAssistant/media` | Media files for HA | +| `/run/dbus` | Host D-Bus socket (read-only, for Bluetooth) | + +## Hardware Devices + +| Device | Purpose | +|---|---| +| `/dev/ttyUSB0` | USB serial device — likely a Zigbee or Z-Wave stick | + +## Notes +- `network_mode: host` — Home Assistant runs on the Pi's full host network. This is required for mDNS/Bonjour device discovery, Bluetooth, and multicast protocols that don't work through Docker's bridge NAT +- `cap_add: NET_ADMIN, NET_RAW` — required for network-level features (e.g. ping, ARP for device tracking) +- `/run/dbus` is mounted read-only for Bluetooth integration via D-Bus +- **Matter server** is fully defined in the compose file but commented out — can be enabled when needed +- There is an orphaned volume `homeassistant_homeassistant_tailscale_state` from an earlier stack iteration (project was named `homeassistant` instead of `home_assistant`) diff --git a/21-Server Reference/pihole/stacks/portainer_agent.md b/21-Server Reference/pihole/stacks/portainer_agent.md new file mode 100644 index 0000000..a108d32 --- /dev/null +++ b/21-Server Reference/pihole/stacks/portainer_agent.md @@ -0,0 +1,26 @@ +# Portainer Agent + +Lightweight Portainer remote agent that allows a Portainer server instance to manage this Pi's Docker remotely. + +## Access +- **Port:** `9001` (TCP) — Portainer server connects to this + +## Containers + +| Container | Image | Role | +|---|---|---| +| `portainer_agent` | `portainer/agent:latest` | Remote Docker management agent | + +## Compose File +**Path:** `/home/artanis/Desktop/Portainer_Agent/docker-compose.yml` (on the Pi) + +> Dockhand reports the compose location as unknown (`needsFileLocation: true`). Path inferred from container labels. + +Compose content not available via API. Key details from container labels and mounts: +- Mounts `/var/lib/docker/volumes` and `/var/run/docker.sock` into the agent container +- Exposes port `9001` on all interfaces + +## Notes +- No Portainer server is currently running in Docker on either the homelab or this Pi (the `portainer` stack on the homelab has no containers and is in `created` state) +- This agent is likely a leftover from a previous setup, or is intended to connect to a Portainer server instance not yet deployed +- The agent has full access to the Pi's Docker socket and volumes — it should only be reachable by a trusted Portainer server diff --git a/21-Server Reference/pihole/stacks/ts_kh_bridge.md b/21-Server Reference/pihole/stacks/ts_kh_bridge.md new file mode 100644 index 0000000..8de286d --- /dev/null +++ b/21-Server Reference/pihole/stacks/ts_kh_bridge.md @@ -0,0 +1,39 @@ +# Tailscale KH Bridge + +A Tailscale inter-tailnet bridge — connects two separate Tailscale networks together so devices on each tailnet can reach each other. + +**Status: STOPPED** — Both containers exited cleanly (exit code 0) approximately 14 hours before this was documented. + +## Containers + +| Container | Image | Role | +|---|---|---| +| `Home_Bridge` | `tailscale/tailscale:latest` | Node on the "Home" tailnet | +| `KH_Bridge` | `tailscale/tailscale:latest` | Node on the "KH" tailnet | + +Both containers are on a shared bridge network (`ts_kh_bridge_tailnet-interlink`, `172.20.0.0/24`) so they can route traffic between each other. + +## Compose File +**Path:** `/home/artanis/TS_KH_Bridge/docker-compose.yaml` (on the Pi) + +> Dockhand reports this stack's compose location as unknown (`needsFileLocation: true`) — the path was inferred from container labels. + +Compose content not available via API. Key details from container labels: + +| Property | Home_Bridge | KH_Bridge | +|---|---|---| +| Service name | `home-bridge` | `kh-bridge` | +| Tailscale state | `/home/artanis/TS_KH_Bridge/home_state` (bind mount) | `/home/artanis/TS_KH_Bridge/kh_state` (bind mount) | +| `/dev/net/tun` | Bind-mounted | Bind-mounted | + +## How It Works + +Tailscale supports bridging two separate tailnets by running two Tailscale nodes on the same machine — one registered to each tailnet — and routing traffic between them. The two containers share a Docker bridge network (`tailnet-interlink`) which acts as the routing path between the two tailnet nodes. + +- `Home_Bridge` — authenticated to the primary (`bunny-wyvern.ts.net`) tailnet +- `KH_Bridge` — authenticated to a second tailnet ("KH") + +## Notes +- Both containers use **bind-mounted** Tailscale state directories (not named volumes), so state survives container recreation as long as the host paths exist +- The stack exited cleanly (code 0), suggesting it was intentionally stopped rather than crashed +- To restart: `docker compose up -d` in `/home/artanis/TS_KH_Bridge/`