"vault backup: 2026-03-08 13:41:28 from Flow"

2026-03-08 13:41:28 -05:00
parent 3eccd6deee
commit ec242f1052
22 changed files with 313 additions and 40 deletions
--- a/Reference/pihole/stacks/home_assistant.md
+++ b/Reference/pihole/stacks/home_assistant.md
@@ -0,0 +1,85 @@
+# Home Assistant
+
+Self-hosted home automation platform. The primary reason this Pi exists.
+
+## Access
+- **Tailscale:** [homeassistant.bunny-wyvern.ts.net](https://homeassistant.bunny-wyvern.ts.net)
+- **LAN:** `http://[pi-ip]:8123` (port exposed but access via Tailscale preferred)
+
+## Containers
+
+| Container | Image | Role |
+|---|---|---|
+| `homeassistant` | `lscr.io/linuxserver/homeassistant:latest` | Home automation hub |
+| `homeassistant-tailscale-sidecar` | `tailscale/tailscale:latest` | Tailscale node |
+
+## Compose File
+**Path:** `/home/artanis/Desktop/HomeAssistant/docker-compose.yaml` (on the Pi)
+
+> Note: Dockhand reports the stack dir as `/DockerFiles/home_assistant/` — this is the path as seen from inside the Hawser agent context. The actual host path is via `~/Desktop/HomeAssistant/`.
+
+```yaml
+services:
+  homeassistant:
+    image: lscr.io/linuxserver/homeassistant:latest
+    container_name: homeassistant
+    network_mode: host
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ: America/Chicago
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    volumes:
+      - /home/artanis/Desktop/HomeAssistant/config:/config
+      - /run/dbus:/run/dbus:ro
+      - /home/artanis/Desktop/HomeAssistant/media:/media
+    ports:
+      - 8123:8123
+    devices:
+      - /dev/ttyUSB0:/dev/ttyUSB0
+    restart: unless-stopped
+
+  homeassistant-tailscale-sidecar:
+    image: tailscale/tailscale:latest
+    container_name: homeassistant-tailscale-sidecar
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun
+    volumes:
+      - homeassistant_tailscale_state:/var/lib/tailscale
+    environment:
+      - TS_AUTHKEY=<redacted>
+      - TS_HOSTNAME=homeassistant
+      - TS_STATE_DIR=/var/lib/tailscale
+    network_mode: "service:homeassistant"
+
+volumes:
+  homeassistant_tailscale_state:
+
+# matter-server is defined but commented out
+```
+
+## Data Layout
+
+| Path | Contents |
+|---|---|
+| `/home/artanis/Desktop/HomeAssistant/config` | HA configuration, automations, integrations |
+| `/home/artanis/Desktop/HomeAssistant/media` | Media files for HA |
+| `/run/dbus` | Host D-Bus socket (read-only, for Bluetooth) |
+
+## Hardware Devices
+
+| Device | Purpose |
+|---|---|
+| `/dev/ttyUSB0` | USB serial device — likely a Zigbee or Z-Wave stick |
+
+## Notes
+- `network_mode: host` — Home Assistant runs on the Pi's full host network. This is required for mDNS/Bonjour device discovery, Bluetooth, and multicast protocols that don't work through Docker's bridge NAT
+- `cap_add: NET_ADMIN, NET_RAW` — required for network-level features (e.g. ping, ARP for device tracking)
+- `/run/dbus` is mounted read-only for Bluetooth integration via D-Bus
+- **Matter server** is fully defined in the compose file but commented out — can be enabled when needed
+- There is an orphaned volume `homeassistant_homeassistant_tailscale_state` from an earlier stack iteration (project was named `homeassistant` instead of `home_assistant`)
--- a/Reference/pihole/stacks/portainer_agent.md
+++ b/Reference/pihole/stacks/portainer_agent.md
@@ -0,0 +1,26 @@
+# Portainer Agent
+
+Lightweight Portainer remote agent that allows a Portainer server instance to manage this Pi's Docker remotely.
+
+## Access
+- **Port:** `9001` (TCP) — Portainer server connects to this
+
+## Containers
+
+| Container | Image | Role |
+|---|---|---|
+| `portainer_agent` | `portainer/agent:latest` | Remote Docker management agent |
+
+## Compose File
+**Path:** `/home/artanis/Desktop/Portainer_Agent/docker-compose.yml` (on the Pi)
+
+> Dockhand reports the compose location as unknown (`needsFileLocation: true`). Path inferred from container labels.
+
+Compose content not available via API. Key details from container labels and mounts:
+- Mounts `/var/lib/docker/volumes` and `/var/run/docker.sock` into the agent container
+- Exposes port `9001` on all interfaces
+
+## Notes
+- No Portainer server is currently running in Docker on either the homelab or this Pi (the `portainer` stack on the homelab has no containers and is in `created` state)
+- This agent is likely a leftover from a previous setup, or is intended to connect to a Portainer server instance not yet deployed
+- The agent has full access to the Pi's Docker socket and volumes — it should only be reachable by a trusted Portainer server
--- a/Reference/pihole/stacks/ts_kh_bridge.md
+++ b/Reference/pihole/stacks/ts_kh_bridge.md
@@ -0,0 +1,39 @@
+# Tailscale KH Bridge
+
+A Tailscale inter-tailnet bridge — connects two separate Tailscale networks together so devices on each tailnet can reach each other.
+
+**Status: STOPPED** — Both containers exited cleanly (exit code 0) approximately 14 hours before this was documented.
+
+## Containers
+
+| Container | Image | Role |
+|---|---|---|
+| `Home_Bridge` | `tailscale/tailscale:latest` | Node on the "Home" tailnet |
+| `KH_Bridge` | `tailscale/tailscale:latest` | Node on the "KH" tailnet |
+
+Both containers are on a shared bridge network (`ts_kh_bridge_tailnet-interlink`, `172.20.0.0/24`) so they can route traffic between each other.
+
+## Compose File
+**Path:** `/home/artanis/TS_KH_Bridge/docker-compose.yaml` (on the Pi)
+
+> Dockhand reports this stack's compose location as unknown (`needsFileLocation: true`) — the path was inferred from container labels.
+
+Compose content not available via API. Key details from container labels:
+
+| Property | Home_Bridge | KH_Bridge |
+|---|---|---|
+| Service name | `home-bridge` | `kh-bridge` |
+| Tailscale state | `/home/artanis/TS_KH_Bridge/home_state` (bind mount) | `/home/artanis/TS_KH_Bridge/kh_state` (bind mount) |
+| `/dev/net/tun` | Bind-mounted | Bind-mounted |
+
+## How It Works
+
+Tailscale supports bridging two separate tailnets by running two Tailscale nodes on the same machine — one registered to each tailnet — and routing traffic between them. The two containers share a Docker bridge network (`tailnet-interlink`) which acts as the routing path between the two tailnet nodes.
+
+- `Home_Bridge` — authenticated to the primary (`bunny-wyvern.ts.net`) tailnet
+- `KH_Bridge` — authenticated to a second tailnet ("KH")
+
+## Notes
+- Both containers use **bind-mounted** Tailscale state directories (not named volumes), so state survives container recreation as long as the host paths exist
+- The stack exited cleanly (code 0), suggesting it was intentionally stopped rather than crashed
+- To restart: `docker compose up -d` in `/home/artanis/TS_KH_Bridge/`