traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Netgrimoire/False Grimoire/Netgrimoire/service_Catalog.md
traveler 2aff30ab71 prep for new grimoire
2026-04-12 09:39:57 -05:00

356 lines
No EOL
24 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Netgrimoire Service Catalog
description: Done or soon to be
published: true
date: 2026-04-01T11:38:19.890Z
tags:
editor: markdown
dateCreated: 2026-03-29T16:05:26.168Z
---
# Netgrimoire Service Catalog
> **Living document** — tracks all deployed, configured, and planned services across the Netgrimoire homelab.
> Source of truth: Forgejo repo — `compose/` = Docker Compose per host | `swarm/` = Docker Swarm | `archive/` = not running
>
> Status: ✅ Deployed & Configured | 🔧 Deployed, Needs Config | 📋 Planned | 🔍 Evaluating | ❌ Abandoned/Archived
---
## 🏗️ Infrastructure Overview
| Host | Role | IP | Runtime |
|------|------|----|---------|
| znas | NAS / Primary Swarm node | 192.168.5.10 | Docker Compose + Swarm manager |
| docker2 | VPN gateway host | — | Docker Compose |
| docker3 | LibreNMS host | — | Docker Compose |
| docker4 (hermes) | Mail server host | 192.168.5.16 | Docker Compose |
| docker5 | Media host | 192.168.5.18 | Docker Compose |
| Pi4s / NUCs | Swarm worker nodes | various | Docker Swarm workers |
---
## 📡 Network & Reverse Proxy
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | OPNsense | Firewall appliance | — | Firewall / Dual-WAN / NAT | ATT igc1 primary; 5 static IPs allocated; legacy WAN retiring |
| 🔧 | Caddy (new) | znas / Swarm | — | Reverse proxy — CrowdSec edition | `serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy`; migration in progress; `caddy.yaml` |
| ✅ | Caddy (legacy) | znas / Swarm | — | Reverse proxy | `lucaslorentz/caddy-docker-proxy`; `caddy-1.yaml` |
| ✅ | Authentik | znas / Swarm | — | SSO / IdP | Protects `*.netgrimoire.com` services |
| ✅ | Authelia | znas / Swarm | — | SSO / IdP | Protects `*.wasted-bandwidth.net` services |
| ✅ | WireGuard | OPNsense | — | VPN | Peers: Obie (.2), pncfishandmore (.3), GLNet (.4/.6), PortaPotty (.5) — 192.168.32.0/24 |
| ✅ | OpenVPN | OPNsense | — | VPN | Configured alongside WireGuard |
| ✅ | Gluetun | docker2 / Compose | — | VPN gateway container | PIA VPN; Jackett + Transmission share `network_mode: container:gluetun` |
| ✅ | Internal DNS | 192.168.5.7 | dns.netgrimoire.com | Internal name resolution | Technitium DNS; behind Authentik |
| ✅ | LLDAP | znas / Swarm | ldap.netgrimoire.com | Lightweight LDAP directory | `lldap/lldap:stable` + postgres; user management backend |
| 📋 | dnscrypt-proxy | TBD | — | Encrypted upstream DNS | Pending install |
| 📋 | Suricata | OPNsense | — | IDS/IPS | Pending config |
| 📋 | Zenarmor | OPNsense | — | Deep packet inspection (free tier) | Pending install |
| 📋 | os-git-backup | OPNsense | — | OPNsense config backup to git | Pending install |
---
## 🔒 Security
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | CrowdSec | OPNsense + Swarm | — | Threat intelligence / IP blocking | OPNsense bouncer active; Caddy bouncer in progress |
| ✅ | Vaultwarden | znas / Swarm | pass.netgrimoire.com | Password manager | `vaultwarden/server` |
| 🔧 | CrowdSec Caddy Bouncer | znas / Swarm | — | HTTP-level blocking | Gradual rollout via `caddy.import=crowdsec` label per service |
| 🔧 | OPNsense Spamhaus + GeoIP | OPNsense | — | IP blocklist / geo-blocking | Currently DISABLED — needs fixing |
| 📋 | YubiKey PIV (SSH) | All hosts | — | Smartcard SSH authentication | Highest-impact pending integration |
| 📋 | YubiKey Challenge-Response | znas | — | LUKS / Kopia key derivation | Planned |
---
## 📧 Email
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | MailCow | docker4 / Compose | mail.netgrimoire.com + all domains | Self-hosted mail server | hermes.netgrimoire.com; MXRoute inbound filter + outbound relay for all 8 domains |
| ✅ | Roundcube | docker4 / Swarm | — | Webmail | SSL peer verify disabled for internal dovecot; SRS catch-all aliases configured |
| ✅ | MXRoute | External | — | Inbound filter + outbound relay | Two DKIM selectors: `mailcow` + `mxroute` |
| 📋 | Dedicated ATT_Mail IP | OPNsense | — | Separate static IP for mail traffic | Assignment still pending |
**Domains:** netgrimoire.com · pncharris.com · nucking-futz.com · wasted-bandwidth.net · florosafd.org · gnarlypandaproductions.com · pncfishandmore.com · pncharrisenterprises.com
---
## 🎬 Media — Video
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Jellyfin | docker5 / Compose | — | Media server | Port 8096; VAAPI via `/dev/dri`; dedicated static IP 107.133.34.147 |
| ✅ | Jellyfinx | docker5 / Compose | — | Green Door media server | Port 7096; separate instance; Green + AfterDark library mounts |
| ✅ | Sonarr | znas / Swarm | — | TV show downloader | `linuxserver/sonarr` |
| ✅ | Radarr | znas / Swarm | — | Movie downloader | `linuxserver/radarr` |
| ✅ | Bazarr | znas / Swarm | bazarr.netgrimoire.com | Subtitle management | `linuxserver/bazarr` |
| ✅ | Tunarr | znas / Swarm | — | IPTV channel creation | `chrisbenincasa/tunarr`; ErsatzTV replacement (ErsatzTV archived Feb 2026) |
| ✅ | JellySeerr | znas / Swarm | requests.netgrimoire.com | Media request management | `fallenbagel/jellyseerr` |
| ✅ | JellyStat | znas / Swarm | — | Jellyfin usage statistics | `cyfershepard/jellystat` + postgres |
| ✅ | TinyMediaManager | znas / Swarm | tmm.netgrimoire.com | Media metadata manager | `tinymediamanager/tinymediamanager` |
| ✅ | Pinchflat | znas / Swarm | pinchflat.netgrimoire.com | YouTube channel downloader | `kieraneglin/pinchflat` |
| 📋 | MeTube | TBD | — | YouTube downloader | Needed for Tunarr period-accurate filler sourcing workflow |
| 🔍 | Wizarr | TBD | — | Jellyfin user onboarding | Evaluating |
---
## 🎵 Media — Audio
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Lidarr | znas / Swarm | — | Music downloader | (Caddy label not found in yaml — likely static Caddyfile entry) |
| ✅ | Beets | znas / Swarm | beets.netgrimoire.com | Music library tagging | `linuxserver/beets` |
| 🔍 | Navidrome | TBD | — | Music streaming server | Lightweight Subsonic-compatible |
| 🔍 | Soularr | TBD | — | Soulseek integration for Lidarr | Strongly recommended; fills gaps Usenet/torrents miss |
| 🔍 | Tubifarry | TBD | — | Spotify playlists → YouTube → Lidarr | https://github.com/TypNull/Tubifarry |
---
## 📚 Media — Books & Comics
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Calibre | znas / Compose | calibre.netgrimoire.com | Ebook library management | `linuxserver/calibre`; port 7070; behind Authentik; requires `seccomp=unconfined` (Compose-only) |
| ✅ | Calibre-Web Automated | znas / Swarm | books.netgrimoire.com · books.pncharris.com | Web UI + auto-import | `crocodilestick/calibre-web-automated`; dual-domain Caddy label |
| ✅ | Calibre-Web (library) | znas / Swarm | — | Secondary Calibre-Web instance | `linuxserver/calibre-web`; hostname `calibre-netgrimoire`; `library.yaml` |
| ✅ | Readarr | znas / Swarm | — | Book downloader | Using `blampe/rreading-glasses` image |
| 📋 | Mylar | znas / Swarm | — | Comic book downloader | Not currently running; needs setup soon. Reference `archive/arr.yaml` for old config |
| ✅ | Kavita | znas / Swarm | kavita.netgrimoire.com | Ebook/comic reader | `jvmilazz0/kavita` |
| ✅ | Comixed | znas / Swarm | comics.netgrimoire.com | Comic library server | `comixed/comixed` |
| ✅ | FreshRSS | znas / Swarm | rss.netgrimoire.com | RSS aggregator | `linuxserver/freshrss` |
| 🔍 | Komga | TBD | — | Comic/manga server | Evaluating vs Kavita/Comixed |
| 🔍 | MyAnonaMouse | TBD | — | Private ebook tracker | Worth investigating |
---
## 📥 Download Stack
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | NZBGet | znas / Swarm | — | Usenet download manager | `linuxserver/nzbget` |
| ✅ | SABnzbd | znas / Swarm | — | Usenet download manager | `linuxserver/sabnzbd` |
| ✅ | NZBHydra | znas / Swarm | hydra.netgrimoire.com | Usenet indexer aggregator | `linuxserver/nzbhydra2:dev`; altHUB, NZBGeek, Drunken Slug, Usenet Crawler, DogNZB |
| ✅ | Jackett | docker2 / Compose | jackett.netgrimoire.com | Torrent indexer | Runs inside Gluetun network; behind Authentik |
| ✅ | Transmission | docker2 / Compose | — | Torrent client | `network_mode: container:gluetun`; shares Gluetun VPN |
| ✅ | Recyclarr | znas / Swarm | — | Sonarr/Radarr quality profile sync | `recyclarr/recyclarr` |
| ✅ | Profilarr | znas / Swarm | profilarr.netgrimoire.com | Quality profile management | `santiagosayshey/profilarr` |
| ✅ | Configarr | znas / Swarm | configarr.netgrimoire.com | Arr config management | `raydak-labs/configarr` |
| 📋 | Prowlarr | TBD | — | Unified indexer manager | Low priority — light torrent usage; NZBHydra covers current needs |
---
## 🤖 AI & Automation (Gremlin Stack)
> All pinned to `znas` node on Docker Swarm via `swarm/ollama.yaml`.
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Ollama | znas / Swarm | — | Local LLM inference | CPU-only (Ryzen); 3B14B models |
| ✅ | Open WebUI | znas / Swarm | — | Chat interface for Ollama | `ghcr.io/open-webui/open-webui` |
| ✅ | Qdrant | znas / Swarm | — | Vector database for RAG | Wiki.js / markdown doc search |
| ✅ | n8n | znas / Swarm | — | Workflow automation | Forgejo webhook → doc gen, compose validation, alert triage |
| 🔍 | Perplexica | TBD | — | Self-hosted AI search | https://github.com/ItzCrazyKns/Perplexica |
---
## ☁️ Files, Notes & Personal Apps
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Nextcloud AIO | znas / Compose | cloud.netgrimoire.com | File sync / cloud storage | `nextcloud/all-in-one`; data at `/srv/NextCloud-AIO`; Caddy → port 11000 |
| ✅ | Immich | znas / Compose | immich.netgrimoire.com | Photo management | Port 2283; Postgres dump + Kopia backup; external photo + Nextcloud mounts |
| ✅ | Joplin Server | znas / Swarm | joplin.netgrimoire.com | Note sync server | `joplin/server` + postgres; Homepage widget configured |
| ✅ | Vikunja | znas / Swarm | task.netgrimoire.com | Task management | `vikunja/vikunja` + MariaDB |
| ✅ | Linkding | znas / Swarm | link.netgrimoire.com | Bookmark manager | `sissbruecker/linkding:1.13.0` |
| ✅ | Mealie | znas / Swarm | recipe.netgrimoire.com | Recipe manager | `ghcr.io/mealie-recipes/mealie` |
| ✅ | Wallos | znas / Swarm | expense.netgrimoire.com | Subscription / expense tracker | `bellamy/wallos` |
| ✅ | DailyTxT | znas / Swarm | — | Encrypted diary | `phitux/dailytxt:2.x.x` |
| ✅ | Bigcapital | docker5 / Compose | accounts.netgrimoire.com | Accounting / invoicing | Static Caddyfile entry; `{{upstreams}}` doesn't work for Compose stacks |
| ✅ | Scanopy | znas / Swarm | scn.netgrimoire.com | Document scanner | `ghcr.io/scanopy/scanopy` (server + daemon) + postgres |
| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` |
| 📋 | Memos | TBD | — | Self-hosted journaling | Preferred journal addition (alongside Joplin for notes) |
| 🔍 | Wallabag | TBD | — | Read-it-later / article saving | |
| 🔍 | Fluid Calendar | TBD | — | Self-hosted calendar | https://github.com/dotnetfactory/fluid-calendar |
| 🔍 | Firefly III | TBD | — | Personal finance / budgeting | |
| 🔍 | Stirling-PDF | TBD | — | PDF editor / tools | |
| 🔍 | Excalidraw | TBD | — | Collaborative whiteboard | |
| 🔍 | Baikal | TBD | — | CalDAV / CardDAV sync | https://sabre.io/baikal/ |
---
## 📝 Documentation & Dev
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Wiki.js | znas / Swarm | wiki.netgrimoire.com | Documentation wiki | `requarks/wiki:2` + postgres; Grimoire theme; Forgejo git backend |
| ✅ | Draw.io | znas / Swarm | draw.netgrimoire.com | Diagramming | `jgraph/drawio`; co-deployed in `wiki.yaml` |
| ✅ | Forgejo | znas / Swarm | git.netgrimoire.com | Self-hosted Git | `codeberg.org/forgejo/forgejo:11`; source of truth for Wiki.js + Gremlin |
| ✅ | Forgejo Runner | znas / Swarm | — | CI/CD | `data.forgejo.org/forgejo/runner:4.0.0`; `gitrunner.yaml` |
| ✅ | VS Code Server | znas / Swarm | code.netgrimoire.com | Web-based IDE | `linuxserver/code-server` |
| ✅ | Webtop (ubuntu-kde) | znas / Compose | webtop.netgrimoire.com | Browser-based desktop | Software rendering via llvmpipe; behind Authentik |
| ✅ | Firefox (container) | znas / Swarm | firefox.netgrimoire.com | Containerized browser | `jlesage/firefox` |
---
## 📊 Monitoring & Observability
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Uptime Kuma | znas / Swarm | — | Service uptime monitoring | `louislam/uptime-kuma:1` |
| ✅ | AutoKuma | znas / Swarm | — | Auto-create Kuma monitors from labels | `ghcr.io/bigboot/autokuma`; co-deployed in `kuma.yaml` |
| ✅ | Beszel | znas / Swarm | — | Docker resource monitoring | `henrygd/beszel` hub + agents on all nodes |
| ✅ | DIUN | znas / Swarm | — | Docker image update notifications | `crazymax/diun`; label-based per-service |
| ✅ | ntfy | znas / Swarm | ntfy.netgrimoire.com | Push notifications | `binwiederhier/ntfy`; OPNsense alerts via CrowdSec HTTP plugin |
| ✅ | Dozzle | znas / Swarm | dozzle.netgrimoire.com | Real-time container logs | `amir20/dozzle`; behind Authentik |
| ✅ | Scrutiny | znas / Compose | scrutiny.netgrimoire.com | Disk S.M.A.R.T. monitoring | `analogj/scrutiny:master-omnibus`; monitors /dev/sdasdg; behind Authentik |
| ✅ | Glances | znas / Compose | — | Real-time system stats | `nicolargo/glances`; `network_mode: host`; co-deployed in `monitor.yaml` |
| ✅ | Graylog | docker4 / Compose | log.netgrimoire.com | Log aggregation | Graylog 6.0 + MongoDB 5 + DataNode (OpenSearch); compose-only (noted in file) |
| ✅ | LibreNMS | docker3 / Compose | nms.netgrimoire.com | Network/SNMP monitoring | Full stack: librenms + dispatcher + syslog-ng + snmptrapd + MariaDB + Redis; port 8000 |
| ✅ | Homelable | znas / Compose | — | Infrastructure visualizer | Frontend + Backend via GHCR; MCP deferred (requires build from source) |
| ✅ | phpIPAM | znas / Swarm | ipam.netgrimoire.com | IP address management | `phpipam/phpipam-www` + cron + MariaDB |
| ✅ | Homepage | znas / Swarm | — | Primary dashboard | `ghcr.io/gethomepage/homepage` |
| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` |
| ✅ | Dockpeek | znas / Swarm | dockpeek.netgrimoire.com | Container inspector | `dockpeek/dockpeek` |
| ✅ | Loki + Promtail + Grafana | znas / Swarm | — | Metrics/log stack | `logging.yaml`; Grafana 10.4.2 + Loki 2.9.3 + Promtail 2.9.3 |
| ✅ | phpMyAdmin + phpPgAdmin | znas / Swarm | — | DB admin UIs | `SQL-mgmt.yaml` |
| ✅ | pgAdmin | znas / Swarm | — | Postgres admin | `dpage/pgadmin4`; `database.yaml` |
| 🔍 | WatchYourLAN | TBD | — | Network device tracker | https://github.com/aceberg/WatchYourLAN |
| 🔍 | NUT UPS | TBD | — | UPS power management | https://hub.docker.com/r/instantlinux/nut-upsd |
| 🔍 | OliveTin | TBD | — | Web button → shell command | Run commands from web UI |
| 🔍 | Swarm Dashboard | TBD | — | Docker Swarm visualizer | https://github.com/mohsenasm/swarm-dashboard |
---
## 💾 Storage & Backup
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | OpenZFS (ZNAS) | znas | — | Primary storage | ~94TB raw, two RAIDZ1 VDEVs; vault pool |
| ✅ | NFSv4 | znas | — | Shared storage for Swarm | Loopback NFS at `/data/nfs/znas`; ZFS must fully mount before NFS starts |
| ✅ | Kopia (primary vault) | znas / Swarm | kopia.netgrimoire.com | Primary backup repo | `kopia.yaml`; dedup + replication |
| ✅ | Kopia (offsite vault) | znas / Swarm | vault.netgrimoire.com | Offsite replication server | `vault.yaml`; port 51516; separate dataset → ZFS raw send to Pi vaults |
| ✅ | syncoid | znas | — | ZFS replication | Syncs vault/Green/Pocket → Pocket Grimoire |
| ✅ | Nextcloud AIO BorgBackup | znas | — | Nextcloud-native backup | Local snapshots before Kopia |
| ✅ | Czkawka | znas / Swarm | dupes.netgrimoire.com | Duplicate file finder | `jlesage/czkawka` |
| ✅ | Cloud Commander | znas / Swarm | — | Web file manager | `coderaiser/cloudcmd`; **two instances** (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional |
| ✅ | File Browser | znas / Swarm | — | Web file manager | `filebrowser/filebrowser` |
| 🔍 | Manyfold | TBD | — | 3D print model collector | https://github.com/manyfold3d/manyfold |
---
## 🖥️ Management & Remote Access
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Portainer | znas / Swarm | docker.netgrimoire.com | Container management UI | `portainer/portainer-ce:2.33.6` + agents on all nodes |
| ✅ | ISPConfig | 192.168.4.11 | — | Web/DNS hosting control panel | |
| ✅ | Cockpit | All hosts | win.netgrimoire.com | Linux server management | Caddy → `192.168.5.10:8006` |
| ✅ | Termix | znas / Swarm | termix.netgrimoire.com | Web-based terminal | `ghcr.io/lukegus/termix` |
| ✅ | DumbTerm | znas / Swarm | — | Simple web terminal | `dockwareio/dumbterm` |
| ✅ | Windows 7 (VM) | znas / Compose | — | Windows VM | `dockurr/windows`; `windows7.yaml` |
| 🔍 | Guacamole | TBD | — | Remote desktop gateway | Previously tried as `nxterm` — in archive |
| 🔍 | SSHwifty | TBD | — | SSH web client | In archive; reconsidering |
---
## 🎭 Green Door (Adult Content)
> Protected behind Authelia (`*.wasted-bandwidth.net`)
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Whisparr | znas / Swarm | — | Adult content downloader | `ghcr.io/hotio/whisparr` |
| ✅ | Namer | znas / Compose | namer.wasted-bandwidth.net | Scene file namer | `theporndatabase/namer`; port 6980; data → `/data/nfs/Baxter/Green/` |
| ✅ | Stash (main) | znas / Compose | stash.wasted-bandwidth.net | Adult content library | `stashapp/stash`; port 9999 |
| ✅ | PocketStash | znas / Compose | — | Stash for Pocket Grimoire | Separate instance; port 9998; data → `/export/Green/Pocket/`; `pocketstash.yaml` |
---
## 🌐 Web Hosting
| Status | App | Host / Runtime | URL | Purpose | Notes |
|--------|-----|----------------|-----|---------|-------|
| ✅ | Apache/PHP web | znas / Swarm | fish.pncharris.com · www.wasted-bandwidth.net | Static/PHP web hosting | `php:8.2-apache`; `web.yaml`; replicas: 1 |
---
## 📦 Archive (Not Currently Running)
> Files in `archive/` — previously evaluated or deployed, not currently active.
| App | File | Notes |
|-----|------|-------|
| Plex | `plex.yaml` | Replaced by Jellyfin |
| Komodo | `komodo.yaml` | Container management platform — evaluated, not deployed |
| cAdvisor | `cadvisor.yaml` | Container metrics — not deployed |
| Peekaping | `peekaping.yaml` | Uptime monitor — Kuma preferred |
| WatchState | `WatchState.yaml` | Jellyfin/Plex watch state sync |
| Nessus | `nessus.yaml` | Vulnerability scanner — evaluated |
| NxTerm | `nxterm.yaml` | Guacamole-style remote desktop — evaluated |
| SSHwifty | `sshwifty.yaml` | SSH web client — evaluated |
| Wordpress Classifieds | `wordpress-classifieds.yaml` | Not deployed |
| Cal (calendar?) | `cal.yaml` | Evaluated |
| CrowdSec (standalone) | `crowdsec.yaml` | Merged into Caddy stack |
| Arr stack | `arr.yaml` | Old consolidated arr compose — superseded by individual yamls |
| Caddyfile.old | `Caddyfile.old` | Legacy Caddyfile |
---
## 🗃️ Ideas Backlog
| App | Category | Notes |
|-----|----------|-------|
| Soularr | Audio | Soulseek for Lidarr; strongly recommended |
| Tubifarry | Audio | Spotify → YouTube → Lidarr |
| MeTube | Video | YouTube downloader for Tunarr filler |
| Memos | Journal | Preferred self-hosted journal pick |
| Wallabag | Reading | Read-it-later |
| Firefly III | Finance | Budgeting |
| Baikal | PIM | CalDAV/CardDAV |
| Fluid Calendar | PIM | https://github.com/dotnetfactory/fluid-calendar |
| Perplexica | AI | Self-hosted AI search |
| WatchYourLAN | Network | Device tracker |
| OliveTin | Automation | Web UI → shell commands |
| Swarm Dashboard | Monitoring | Swarm-aware visualizer |
| ContainerNursery | Automation | On-demand container start/stop |
| NUT UPS | Power | UPS management |
| Wire-pod for Vector | IoT | Anki Vector local server |
| Kindle reuse | IoT | Repurpose Kindle as weather/info display |
| Collectarr | Media | https://github.com/RiffSphere/Collectarr |
| SuggestArr | Media | Automated media recommendations |
| Recommendarr | Media | AI media recommendations |
| Manyfold | 3D Print | Model library |
| OrcaSlicer | 3D Print | Slicer web UI |
| Memos / Journiv | Journal | Self-hosted journaling (Memos preferred) |
| Romm | Gaming | ROM library manager |
| EmulatorJS | Gaming | Browser-based emulation |
---
## 🔑 Key Architecture Decisions & Gotchas
> Reference these before deploying or modifying services.
- **MailCow network isolation:** Only `nginx-mailcow` on the `netgrimoire` overlay. All other containers stay on internal bridge. Mixing causes PHP-FPM → Redis DNS conflicts.
- **caddy-docker-proxy + static Caddyfile conflict:** Never manage the same hostname via both Docker labels AND a static block. Pick one method exclusively per service.
- **`{{upstreams}}` is Swarm-only:** Does not work for Docker Compose stacks. Use static Caddyfile with container name or pinned IP.
- **Docker Compose `ports: []` override:** Does not nullify ports from base file. Remap to unused host ports instead.
- **Graylog is Compose-only:** The `graylog.yaml` file explicitly notes this — do not attempt to run it in Swarm.
- **Calibre requires `seccomp=unconfined`:** Necessary for the desktop app container; incompatible with Swarm mode — must remain in `compose/znas/`.
- **Kopia repos not ZFS-separable:** Use separate repositories with independent retention (`kopia.yaml` vs `vault.yaml`) rather than trying to separate at the ZFS snapshot level.
- **ZFS encryption:** In-place encryption impossible. Use rsync migration + `-w` flag for raw send to Pi vaults (no key needed on vault side).
- **SRS rewrite:** All domains using MXRoute inbound forwarding require catch-all aliases in MailCow to prevent `reject_unlisted_sender` rejections.
- **Docker Swarm DNS caching:** Use `endpoint_mode: dnsrr` for internal services; VIP only for published-port services.
- **NFS boot ordering on znas:** ZFS must fully mount before NFS starts — systemd override required (`After=zfs-import.target zfs-mount.service`). Loopback NFS mount needs `x-systemd.after=nfs-server.service` in fstab.
- **Wiki.js angle brackets:** `<value>` placeholders cause rendering hangs. Use `VALUE` or backtick format instead.
- **bcrypt in `.env`:** Wrap full hash in single quotes to preserve leading `$`.
- **Webtop GPU rendering:** Requires `LIBGL_ALWAYS_SOFTWARE=1` + `GALLIUM_DRIVER=llvmpipe`; remove `devices:/dev/dri` mapping.
- **Cloud Commander duplication:** Two nearly identical `coderaiser/cloudcmd` stacks exist (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional or a duplicate to clean up.
- **Lidarr missing Caddy label:** Lidarr yaml has no caddy label — either routed via static Caddyfile or not yet exposed. Confirm and standardize.
- another potential mapping tool https://github.com/gelatinescreams/The-One-File/tree/main
---
*Last updated: March 2026 | Source: Forgejo repo git archive*
Reference in a new issue View git blame Copy permalink