Erich Blume
ce1f696bd8
Phase 2 of documentation restructuring. Creates docs/reference/ with: Services (16): - alloy, argocd, borgmatic, 1password, forgejo, grafana - jellyfin, kiwix, loki, miniflux, navidrome, postgresql - prometheus, teslamate, transmission, zot Infrastructure (3): - hosts - Device inventory - tailscale - ACLs, groups, tags - routing - DNS domains and port mappings Kubernetes (2): - cluster - Minikube specs - apps - ArgoCD application registry Storage (2): - sifaka - Synology NAS configuration - backups - Backup policy All cards use wiki-links for cross-referencing and include YAML frontmatter with title and tags for Quartz. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3 KiB
3 KiB
| title | tags | ||
|---|---|---|---|
| Service Routing |
|
Service Routing
Services are accessible via two DNS domains with different reachability.
DNS Domains
| Domain | Proxy | Reachable From |
|---|---|---|
*.ops.eblu.me |
Caddy on indri | k8s pods, docker containers, tailnet clients |
*.tail8d86e.ts.net |
Tailscale MagicDNS | Tailnet clients only |
Use *.ops.eblu.me for services that need pod-to-service communication.
Caddy Services (*.ops.eblu.me)
DNS points to indri's Tailscale IP (100.98.163.89). TLS via Let's Encrypt (ACME DNS-01 with Gandi).
| Service | URL | Description |
|---|---|---|
| Homepage | https://go.ops.eblu.me | Service dashboard |
| services/forgejo | https://forge.ops.eblu.me | Git hosting (SSH: 2222) |
| services/zot | https://registry.ops.eblu.me | Container registry |
| services/grafana | https://grafana.ops.eblu.me | Dashboards |
| services/argocd | https://argocd.ops.eblu.me | GitOps CD |
| services/prometheus | https://prometheus.ops.eblu.me | Metrics |
| services/loki | https://loki.ops.eblu.me | Logs |
| services/miniflux | https://feed.ops.eblu.me | RSS reader |
| services/kiwix | https://kiwix.ops.eblu.me | Offline Wikipedia |
| services/transmission | https://torrent.ops.eblu.me | BitTorrent |
| services/teslamate | https://tesla.ops.eblu.me | Tesla logger |
| services/navidrome | https://dj.ops.eblu.me | Music streaming |
| services/jellyfin | https://jellyfin.ops.eblu.me | Media server |
| services/postgresql | pg.ops.eblu.me:5432 | Database |
| storage/sifaka | https://nas.ops.eblu.me | NAS dashboard |
Tailscale-Only Services
| Service | URL | Description |
|---|---|---|
| Kubernetes | https://k8s.tail8d86e.ts.net | Minikube API |
Port Map (Indri)
| Port | Service | Protocol | Binding | Notes |
|---|---|---|---|---|
| 443 | Caddy | HTTPS | 0.0.0.0 | Reverse proxy |
| 2222 | Caddy L4 | TCP | 0.0.0.0 | SSH proxy to Forgejo |
| 5432 | Caddy L4 | TCP | 0.0.0.0 | PostgreSQL proxy |
| 2200 | Forgejo SSH | TCP | localhost | Built-in SSH server |
| 3001 | Forgejo | HTTP | localhost | Web UI |
| 5050 | Zot | HTTP | localhost | Registry API |
| 8096 | Jellyfin | HTTP | localhost | Media server |
| 44491 | K8s API | HTTPS | 0.0.0.0 | Minikube API server |
Adding New Services
Indri Services (via Caddy)
- Host service on localhost
- Add to
ansible/roles/caddy/defaults/main.yml - Run
mise run provision-indri -- --tags caddy
K8s Services (via Tailscale Ingress)
- Create manifests in
argocd/manifests/<service>/ - Add ArgoCD Application in
argocd/apps/ - Add Tailscale Ingress annotation
- Add Caddy proxy entry
- Sync via ArgoCD
Related
- infrastructure/tailscale - ACL configuration
- infrastructure/hosts - Where services run