"vault backup: 2026-03-08 13:41:28 from Flow"

21-Server Reference/README.md

@@ -1,50 +1,88 @@
-# Homelab Server Documentation
+# Server Reference
 
-Living documentation for the `homelab` server. Goal: a new admin with zero prior context should be able to read this and understand everything about the server.
+Documentation for the home infrastructure — two servers working together.
 
-## Quick Reference
+## Servers
 
-| Property | Value |
+| Server                    | Role                                                       | Docs               |
+| ------------------------- | ---------------------------------------------------------- | ------------------ |
+| **Homelab**               | Primary server. Runs most services.                        | [[homelab/README]] |
+| **Pihole / Raspberry Pi** | Secondary server. DNS, Home Assistant, Tailscale bridging. | [[pihole/README]]  |
+
+---
+
+## Tailscale Sidecar Setup
+
+The standard pattern for exposing a service via Tailscale. Used across nearly every stack.
+
+1. Create your service container and a Tailscale sidecar container
+2. On the sidecar, set:
+   ```yaml
+   network_mode: "service:[service-name]"
+   ```
+3. Connect to the sidecar via SSH or the Tailscale admin console and run:
+   ```
+   tailscale funnel --bg [port]
+   ```
+
+The sidecar shares the main container's network namespace, so Tailscale sees the service's ports as its own.
+
+---
+
+## Credentials & Tokens
+
+> These are stored here for admin reference. Do not share.
+
+### Mealie
+| Key | Value |
 |---|---|
-| Hostname | `homelab` |
-| LAN IP | `192.168.2.114` |
-| Tailscale IP | `100.72.0.62` |
-| OS | Ubuntu 25.10 (Questing Quokka) |
-| Kernel | 6.17.0-14-generic |
-| Docker Files | `/home/artanis/DockerFiles/` |
-| Docker Manager | [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net) |
+| Auth Token | `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb25nX3Rva2VuIjp0cnVlLCJpZCI6IjNkZjZkZmM0LTkyZDgtNDIyNy1iMjBjLTA4ZjA2Njc2MGcă0IsIm5hbWUiOiJMTE0gIiwiaW50ZWdyYXRpb25faWQiOiJnZW5lcmljIiwiZXhwIjoxOTE5OTEwNDUwfQ.Ts5XbrF6Nr-0gvhKkt_01OPeAEoWQe_ndn0hGTtPOQc` |
 
-## Documentation Index
+### Discord Bots
+| Bot | Token |
+|---|---|
+| Isomer | `NjY0MjMyOTYxMjM4ODkyNTc0.XhUFJg.ivnkBPtnEPGGcAwaXP50rOIPZsI` |
+| Star-15 | `ODQ2MTUxMDMxMjA1MDAzMjc0.GYFbRW.JeFITOZbBH_lqCuF-bS7edC0P30H6uqFKwz7is` |
 
-- [[hardware]] — CPU, RAM, storage
-- [[network]] — Interfaces, Tailscale, ports in use
-- [[environments]] — Dockhand-managed environments (Homelab + Pihole)
-- [[stacks/README]] — Overview of all Docker stacks
+### AI
+| Service | Key |
+|---|---|
+| Gemini API | `AIzaSyD0uj33T_SH4Fvw2sWWW9akXF6ej9sqhlI` |
 
-### Stacks
-| Stack | Purpose | Access |
-|---|---|---|
-| [[stacks/dockhand]] | Docker management UI | [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net) |
-| [[stacks/minecraft]] | Minecraft server (TerraFirmaGreg) | `:25565` |
-| [[stacks/mealie]] | Recipe manager | [mealie.bunny-wyvern.ts.net](https://mealie.bunny-wyvern.ts.net) |
-| [[stacks/linkwarden]] | Bookmark manager | [linkwarden.bunny-wyvern.ts.net](https://linkwarden.bunny-wyvern.ts.net) |
-| [[stacks/gitea]] | Self-hosted Git | [gitea.bunny-wyvern.ts.net](https://gitea.bunny-wyvern.ts.net) |
-| [[stacks/matrix]] | Matrix homeserver + bridges | [matrix.bunny-wyvern.ts.net](https://matrix.bunny-wyvern.ts.net) |
-| [[stacks/homepage]] | Dashboard | [homepage.bunny-wyvern.ts.net](https://homepage.bunny-wyvern.ts.net) |
-| [[stacks/n8n]] | Workflow automation | [n8n.bunny-wyvern.ts.net](https://n8n.bunny-wyvern.ts.net) |
-| [[stacks/calibre]] | E-book library (STOPPED) | [calibre.bunny-wyvern.ts.net](https://calibre.bunny-wyvern.ts.net) |
-| [[stacks/gluetun]] | VPN gateway (Mullvad) | `:8001` (control) |
-| [[stacks/openproject]] | Project management | [openproject.bunny-wyvern.ts.net](https://openproject.bunny-wyvern.ts.net) |
-| [[stacks/melodix]] | Discord music bot | Internal only |
+### Server Passwords
+Shared password used across most Docker services (DB passwords, NextAuth secrets, etc.): see compose files at `/home/artanis/DockerFiles/` on the homelab.
 
-## Key Architectural Patterns
+---
 
-### Tailscale Sidecar
-Nearly every service uses a **Tailscale sidecar** pattern for remote access:
-- A `tailscale/tailscale` container runs alongside the main service container
-- It uses `network_mode: "service:[main]"` to share the main container's network namespace
-- This registers the main service as a Tailscale node (e.g. `mealie.bunny-wyvern.ts.net`)
-- Services are **not exposed to the public internet** — only accessible via Tailscale VPN
+## File Index
 
-### Credentials
-Credentials (DB passwords, API keys, Tailscale auth keys) live in the compose files on disk at `/home/artanis/DockerFiles/`. They are redacted in this documentation. See individual stack files for variable names and the actual compose files for values.
+```
+21-Server Reference/
+├── README.md               ← You are here
+├── Server Info.md          ← Legacy notes (superseded by this file)
+├── homelab/
+│   ├── README.md           — Homelab overview & stack index
+│   ├── hardware.md         — CPU, RAM, storage
+│   ├── network.md          — IPs, ports, Tailscale nodes, Docker networks
+│   ├── environments.md     — Dockhand environments (Homelab + Pihole)
+│   └── stacks/
+│       ├── README.md       — All stacks at a glance
+│       ├── dockhand.md
+│       ├── minecraft.md
+│       ├── mealie.md
+│       ├── linkwarden.md
+│       ├── gitea.md
+│       ├── matrix.md
+│       ├── homepage.md
+│       ├── n8n.md
+│       ├── calibre.md
+│       ├── gluetun.md
+│       ├── openproject.md
+│       └── melodix.md
+└── pihole/
+    ├── README.md           — Pi overview
+    └── stacks/
+        ├── home_assistant.md
+        ├── ts_kh_bridge.md
+        └── portainer_agent.md
+```