24 KiB
24 KiB
| title | description | published | date | tags | editor | dateCreated |
|---|---|---|---|---|---|---|
| Netgrimoire Service Catalog | Done or soon to be | true | 2026-04-01T11:38:19.890Z | markdown | 2026-03-29T16:05:26.168Z |
Netgrimoire Service Catalog
Living document — tracks all deployed, configured, and planned services across the Netgrimoire homelab. Source of truth: Forgejo repo —
compose/= Docker Compose per host |swarm/= Docker Swarm |archive/= not runningStatus: ✅ Deployed & Configured | 🔧 Deployed, Needs Config | 📋 Planned | 🔍 Evaluating | ❌ Abandoned/Archived
🏗️ Infrastructure Overview
| Host | Role | IP | Runtime |
|---|---|---|---|
| znas | NAS / Primary Swarm node | 192.168.5.10 | Docker Compose + Swarm manager |
| docker2 | VPN gateway host | — | Docker Compose |
| docker3 | LibreNMS host | — | Docker Compose |
| docker4 (hermes) | Mail server host | 192.168.5.16 | Docker Compose |
| docker5 | Media host | 192.168.5.18 | Docker Compose |
| Pi4s / NUCs | Swarm worker nodes | various | Docker Swarm workers |
📡 Network & Reverse Proxy
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | OPNsense | Firewall appliance | — | Firewall / Dual-WAN / NAT | ATT igc1 primary; 5 static IPs allocated; legacy WAN retiring |
| 🔧 | Caddy (new) | znas / Swarm | — | Reverse proxy — CrowdSec edition | serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy; migration in progress; caddy.yaml |
| ✅ | Caddy (legacy) | znas / Swarm | — | Reverse proxy | lucaslorentz/caddy-docker-proxy; caddy-1.yaml |
| ✅ | Authentik | znas / Swarm | — | SSO / IdP | Protects *.netgrimoire.com services |
| ✅ | Authelia | znas / Swarm | — | SSO / IdP | Protects *.wasted-bandwidth.net services |
| ✅ | WireGuard | OPNsense | — | VPN | Peers: Obie (.2), pncfishandmore (.3), GLNet (.4/.6), PortaPotty (.5) — 192.168.32.0/24 |
| ✅ | OpenVPN | OPNsense | — | VPN | Configured alongside WireGuard |
| ✅ | Gluetun | docker2 / Compose | — | VPN gateway container | PIA VPN; Jackett + Transmission share network_mode: container:gluetun |
| ✅ | Internal DNS | 192.168.5.7 | dns.netgrimoire.com | Internal name resolution | Technitium DNS; behind Authentik |
| ✅ | LLDAP | znas / Swarm | ldap.netgrimoire.com | Lightweight LDAP directory | lldap/lldap:stable + postgres; user management backend |
| 📋 | dnscrypt-proxy | TBD | — | Encrypted upstream DNS | Pending install |
| 📋 | Suricata | OPNsense | — | IDS/IPS | Pending config |
| 📋 | Zenarmor | OPNsense | — | Deep packet inspection (free tier) | Pending install |
| 📋 | os-git-backup | OPNsense | — | OPNsense config backup to git | Pending install |
🔒 Security
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | CrowdSec | OPNsense + Swarm | — | Threat intelligence / IP blocking | OPNsense bouncer active; Caddy bouncer in progress |
| ✅ | Vaultwarden | znas / Swarm | pass.netgrimoire.com | Password manager | vaultwarden/server |
| 🔧 | CrowdSec Caddy Bouncer | znas / Swarm | — | HTTP-level blocking | Gradual rollout via caddy.import=crowdsec label per service |
| 🔧 | OPNsense Spamhaus + GeoIP | OPNsense | — | IP blocklist / geo-blocking | Currently DISABLED — needs fixing |
| 📋 | YubiKey PIV (SSH) | All hosts | — | Smartcard SSH authentication | Highest-impact pending integration |
| 📋 | YubiKey Challenge-Response | znas | — | LUKS / Kopia key derivation | Planned |
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | MailCow | docker4 / Compose | mail.netgrimoire.com + all domains | Self-hosted mail server | hermes.netgrimoire.com; MXRoute inbound filter + outbound relay for all 8 domains |
| ✅ | Roundcube | docker4 / Swarm | — | Webmail | SSL peer verify disabled for internal dovecot; SRS catch-all aliases configured |
| ✅ | MXRoute | External | — | Inbound filter + outbound relay | Two DKIM selectors: mailcow + mxroute |
| 📋 | Dedicated ATT_Mail IP | OPNsense | — | Separate static IP for mail traffic | Assignment still pending |
Domains: netgrimoire.com · pncharris.com · nucking-futz.com · wasted-bandwidth.net · florosafd.org · gnarlypandaproductions.com · pncfishandmore.com · pncharrisenterprises.com
🎬 Media — Video
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Jellyfin | docker5 / Compose | — | Media server | Port 8096; VAAPI via /dev/dri; dedicated static IP 107.133.34.147 |
| ✅ | Jellyfinx | docker5 / Compose | — | Green Door media server | Port 7096; separate instance; Green + AfterDark library mounts |
| ✅ | Sonarr | znas / Swarm | — | TV show downloader | linuxserver/sonarr |
| ✅ | Radarr | znas / Swarm | — | Movie downloader | linuxserver/radarr |
| ✅ | Bazarr | znas / Swarm | bazarr.netgrimoire.com | Subtitle management | linuxserver/bazarr |
| ✅ | Tunarr | znas / Swarm | — | IPTV channel creation | chrisbenincasa/tunarr; ErsatzTV replacement (ErsatzTV archived Feb 2026) |
| ✅ | JellySeerr | znas / Swarm | requests.netgrimoire.com | Media request management | fallenbagel/jellyseerr |
| ✅ | JellyStat | znas / Swarm | — | Jellyfin usage statistics | cyfershepard/jellystat + postgres |
| ✅ | TinyMediaManager | znas / Swarm | tmm.netgrimoire.com | Media metadata manager | tinymediamanager/tinymediamanager |
| ✅ | Pinchflat | znas / Swarm | pinchflat.netgrimoire.com | YouTube channel downloader | kieraneglin/pinchflat |
| 📋 | MeTube | TBD | — | YouTube downloader | Needed for Tunarr period-accurate filler sourcing workflow |
| 🔍 | Wizarr | TBD | — | Jellyfin user onboarding | Evaluating |
🎵 Media — Audio
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Lidarr | znas / Swarm | — | Music downloader | (Caddy label not found in yaml — likely static Caddyfile entry) |
| ✅ | Beets | znas / Swarm | beets.netgrimoire.com | Music library tagging | linuxserver/beets |
| 🔍 | Navidrome | TBD | — | Music streaming server | Lightweight Subsonic-compatible |
| 🔍 | Soularr | TBD | — | Soulseek integration for Lidarr | Strongly recommended; fills gaps Usenet/torrents miss |
| 🔍 | Tubifarry | TBD | — | Spotify playlists → YouTube → Lidarr | https://github.com/TypNull/Tubifarry |
📚 Media — Books & Comics
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Calibre | znas / Compose | calibre.netgrimoire.com | Ebook library management | linuxserver/calibre; port 7070; behind Authentik; requires seccomp=unconfined (Compose-only) |
| ✅ | Calibre-Web Automated | znas / Swarm | books.netgrimoire.com · books.pncharris.com | Web UI + auto-import | crocodilestick/calibre-web-automated; dual-domain Caddy label |
| ✅ | Calibre-Web (library) | znas / Swarm | — | Secondary Calibre-Web instance | linuxserver/calibre-web; hostname calibre-netgrimoire; library.yaml |
| ✅ | Readarr | znas / Swarm | — | Book downloader | Using blampe/rreading-glasses image |
| 📋 | Mylar | znas / Swarm | — | Comic book downloader | Not currently running; needs setup soon. Reference archive/arr.yaml for old config |
| ✅ | Kavita | znas / Swarm | kavita.netgrimoire.com | Ebook/comic reader | jvmilazz0/kavita |
| ✅ | Comixed | znas / Swarm | comics.netgrimoire.com | Comic library server | comixed/comixed |
| ✅ | FreshRSS | znas / Swarm | rss.netgrimoire.com | RSS aggregator | linuxserver/freshrss |
| 🔍 | Komga | TBD | — | Comic/manga server | Evaluating vs Kavita/Comixed |
| 🔍 | MyAnonaMouse | TBD | — | Private ebook tracker | Worth investigating |
📥 Download Stack
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | NZBGet | znas / Swarm | — | Usenet download manager | linuxserver/nzbget |
| ✅ | SABnzbd | znas / Swarm | — | Usenet download manager | linuxserver/sabnzbd |
| ✅ | NZBHydra | znas / Swarm | hydra.netgrimoire.com | Usenet indexer aggregator | linuxserver/nzbhydra2:dev; altHUB, NZBGeek, Drunken Slug, Usenet Crawler, DogNZB |
| ✅ | Jackett | docker2 / Compose | jackett.netgrimoire.com | Torrent indexer | Runs inside Gluetun network; behind Authentik |
| ✅ | Transmission | docker2 / Compose | — | Torrent client | network_mode: container:gluetun; shares Gluetun VPN |
| ✅ | Recyclarr | znas / Swarm | — | Sonarr/Radarr quality profile sync | recyclarr/recyclarr |
| ✅ | Profilarr | znas / Swarm | profilarr.netgrimoire.com | Quality profile management | santiagosayshey/profilarr |
| ✅ | Configarr | znas / Swarm | configarr.netgrimoire.com | Arr config management | raydak-labs/configarr |
| 📋 | Prowlarr | TBD | — | Unified indexer manager | Low priority — light torrent usage; NZBHydra covers current needs |
🤖 AI & Automation (Gremlin Stack)
All pinned to
znasnode on Docker Swarm viaswarm/ollama.yaml.
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Ollama | znas / Swarm | — | Local LLM inference | CPU-only (Ryzen); 3B–14B models |
| ✅ | Open WebUI | znas / Swarm | — | Chat interface for Ollama | ghcr.io/open-webui/open-webui |
| ✅ | Qdrant | znas / Swarm | — | Vector database for RAG | Wiki.js / markdown doc search |
| ✅ | n8n | znas / Swarm | — | Workflow automation | Forgejo webhook → doc gen, compose validation, alert triage |
| 🔍 | Perplexica | TBD | — | Self-hosted AI search | https://github.com/ItzCrazyKns/Perplexica |
☁️ Files, Notes & Personal Apps
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Nextcloud AIO | znas / Compose | cloud.netgrimoire.com | File sync / cloud storage | nextcloud/all-in-one; data at /srv/NextCloud-AIO; Caddy → port 11000 |
| ✅ | Immich | znas / Compose | immich.netgrimoire.com | Photo management | Port 2283; Postgres dump + Kopia backup; external photo + Nextcloud mounts |
| ✅ | Joplin Server | znas / Swarm | joplin.netgrimoire.com | Note sync server | joplin/server + postgres; Homepage widget configured |
| ✅ | Vikunja | znas / Swarm | task.netgrimoire.com | Task management | vikunja/vikunja + MariaDB |
| ✅ | Linkding | znas / Swarm | link.netgrimoire.com | Bookmark manager | sissbruecker/linkding:1.13.0 |
| ✅ | Mealie | znas / Swarm | recipe.netgrimoire.com | Recipe manager | ghcr.io/mealie-recipes/mealie |
| ✅ | Wallos | znas / Swarm | expense.netgrimoire.com | Subscription / expense tracker | bellamy/wallos |
| ✅ | DailyTxT | znas / Swarm | — | Encrypted diary | phitux/dailytxt:2.x.x |
| ✅ | Bigcapital | docker5 / Compose | accounts.netgrimoire.com | Accounting / invoicing | Static Caddyfile entry; {{upstreams}} doesn't work for Compose stacks |
| ✅ | Scanopy | znas / Swarm | scn.netgrimoire.com | Document scanner | ghcr.io/scanopy/scanopy (server + daemon) + postgres |
| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | glanceapp/glance |
| 📋 | Memos | TBD | — | Self-hosted journaling | Preferred journal addition (alongside Joplin for notes) |
| 🔍 | Wallabag | TBD | — | Read-it-later / article saving | |
| 🔍 | Fluid Calendar | TBD | — | Self-hosted calendar | https://github.com/dotnetfactory/fluid-calendar |
| 🔍 | Firefly III | TBD | — | Personal finance / budgeting | |
| 🔍 | Stirling-PDF | TBD | — | PDF editor / tools | |
| 🔍 | Excalidraw | TBD | — | Collaborative whiteboard | |
| 🔍 | Baikal | TBD | — | CalDAV / CardDAV sync | https://sabre.io/baikal/ |
📝 Documentation & Dev
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Wiki.js | znas / Swarm | wiki.netgrimoire.com | Documentation wiki | requarks/wiki:2 + postgres; Grimoire theme; Forgejo git backend |
| ✅ | Draw.io | znas / Swarm | draw.netgrimoire.com | Diagramming | jgraph/drawio; co-deployed in wiki.yaml |
| ✅ | Forgejo | znas / Swarm | git.netgrimoire.com | Self-hosted Git | codeberg.org/forgejo/forgejo:11; source of truth for Wiki.js + Gremlin |
| ✅ | Forgejo Runner | znas / Swarm | — | CI/CD | data.forgejo.org/forgejo/runner:4.0.0; gitrunner.yaml |
| ✅ | VS Code Server | znas / Swarm | code.netgrimoire.com | Web-based IDE | linuxserver/code-server |
| ✅ | Webtop (ubuntu-kde) | znas / Compose | webtop.netgrimoire.com | Browser-based desktop | Software rendering via llvmpipe; behind Authentik |
| ✅ | Firefox (container) | znas / Swarm | firefox.netgrimoire.com | Containerized browser | jlesage/firefox |
📊 Monitoring & Observability
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Uptime Kuma | znas / Swarm | — | Service uptime monitoring | louislam/uptime-kuma:1 |
| ✅ | AutoKuma | znas / Swarm | — | Auto-create Kuma monitors from labels | ghcr.io/bigboot/autokuma; co-deployed in kuma.yaml |
| ✅ | Beszel | znas / Swarm | — | Docker resource monitoring | henrygd/beszel hub + agents on all nodes |
| ✅ | DIUN | znas / Swarm | — | Docker image update notifications | crazymax/diun; label-based per-service |
| ✅ | ntfy | znas / Swarm | ntfy.netgrimoire.com | Push notifications | binwiederhier/ntfy; OPNsense alerts via CrowdSec HTTP plugin |
| ✅ | Dozzle | znas / Swarm | dozzle.netgrimoire.com | Real-time container logs | amir20/dozzle; behind Authentik |
| ✅ | Scrutiny | znas / Compose | scrutiny.netgrimoire.com | Disk S.M.A.R.T. monitoring | analogj/scrutiny:master-omnibus; monitors /dev/sda–sdg; behind Authentik |
| ✅ | Glances | znas / Compose | — | Real-time system stats | nicolargo/glances; network_mode: host; co-deployed in monitor.yaml |
| ✅ | Graylog | docker4 / Compose | log.netgrimoire.com | Log aggregation | Graylog 6.0 + MongoDB 5 + DataNode (OpenSearch); compose-only (noted in file) |
| ✅ | LibreNMS | docker3 / Compose | nms.netgrimoire.com | Network/SNMP monitoring | Full stack: librenms + dispatcher + syslog-ng + snmptrapd + MariaDB + Redis; port 8000 |
| ✅ | Homelable | znas / Compose | — | Infrastructure visualizer | Frontend + Backend via GHCR; MCP deferred (requires build from source) |
| ✅ | phpIPAM | znas / Swarm | ipam.netgrimoire.com | IP address management | phpipam/phpipam-www + cron + MariaDB |
| ✅ | Homepage | znas / Swarm | — | Primary dashboard | ghcr.io/gethomepage/homepage |
| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | glanceapp/glance |
| ✅ | Dockpeek | znas / Swarm | dockpeek.netgrimoire.com | Container inspector | dockpeek/dockpeek |
| ✅ | Loki + Promtail + Grafana | znas / Swarm | — | Metrics/log stack | logging.yaml; Grafana 10.4.2 + Loki 2.9.3 + Promtail 2.9.3 |
| ✅ | phpMyAdmin + phpPgAdmin | znas / Swarm | — | DB admin UIs | SQL-mgmt.yaml |
| ✅ | pgAdmin | znas / Swarm | — | Postgres admin | dpage/pgadmin4; database.yaml |
| 🔍 | WatchYourLAN | TBD | — | Network device tracker | https://github.com/aceberg/WatchYourLAN |
| 🔍 | NUT UPS | TBD | — | UPS power management | https://hub.docker.com/r/instantlinux/nut-upsd |
| 🔍 | OliveTin | TBD | — | Web button → shell command | Run commands from web UI |
| 🔍 | Swarm Dashboard | TBD | — | Docker Swarm visualizer | https://github.com/mohsenasm/swarm-dashboard |
💾 Storage & Backup
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | OpenZFS (ZNAS) | znas | — | Primary storage | ~94TB raw, two RAIDZ1 VDEVs; vault pool |
| ✅ | NFSv4 | znas | — | Shared storage for Swarm | Loopback NFS at /data/nfs/znas; ZFS must fully mount before NFS starts |
| ✅ | Kopia (primary vault) | znas / Swarm | kopia.netgrimoire.com | Primary backup repo | kopia.yaml; dedup + replication |
| ✅ | Kopia (offsite vault) | znas / Swarm | vault.netgrimoire.com | Offsite replication server | vault.yaml; port 51516; separate dataset → ZFS raw send to Pi vaults |
| ✅ | syncoid | znas | — | ZFS replication | Syncs vault/Green/Pocket → Pocket Grimoire |
| ✅ | Nextcloud AIO BorgBackup | znas | — | Nextcloud-native backup | Local snapshots before Kopia |
| ✅ | Czkawka | znas / Swarm | dupes.netgrimoire.com | Duplicate file finder | jlesage/czkawka |
| ✅ | Cloud Commander | znas / Swarm | — | Web file manager | coderaiser/cloudcmd; two instances (cloudcmd.yaml + commander.yaml) — verify if intentional |
| ✅ | File Browser | znas / Swarm | — | Web file manager | filebrowser/filebrowser |
| 🔍 | Manyfold | TBD | — | 3D print model collector | https://github.com/manyfold3d/manyfold |
🖥️ Management & Remote Access
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Portainer | znas / Swarm | docker.netgrimoire.com | Container management UI | portainer/portainer-ce:2.33.6 + agents on all nodes |
| ✅ | ISPConfig | 192.168.4.11 | — | Web/DNS hosting control panel | |
| ✅ | Cockpit | All hosts | win.netgrimoire.com | Linux server management | Caddy → 192.168.5.10:8006 |
| ✅ | Termix | znas / Swarm | termix.netgrimoire.com | Web-based terminal | ghcr.io/lukegus/termix |
| ✅ | DumbTerm | znas / Swarm | — | Simple web terminal | dockwareio/dumbterm |
| ✅ | Windows 7 (VM) | znas / Compose | — | Windows VM | dockurr/windows; windows7.yaml |
| 🔍 | Guacamole | TBD | — | Remote desktop gateway | Previously tried as nxterm — in archive |
| 🔍 | SSHwifty | TBD | — | SSH web client | In archive; reconsidering |
🎭 Green Door (Adult Content)
Protected behind Authelia (
*.wasted-bandwidth.net)
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Whisparr | znas / Swarm | — | Adult content downloader | ghcr.io/hotio/whisparr |
| ✅ | Namer | znas / Compose | namer.wasted-bandwidth.net | Scene file namer | theporndatabase/namer; port 6980; data → /data/nfs/Baxter/Green/ |
| ✅ | Stash (main) | znas / Compose | stash.wasted-bandwidth.net | Adult content library | stashapp/stash; port 9999 |
| ✅ | PocketStash | znas / Compose | — | Stash for Pocket Grimoire | Separate instance; port 9998; data → /export/Green/Pocket/; pocketstash.yaml |
🌐 Web Hosting
| Status | App | Host / Runtime | URL | Purpose | Notes |
|---|---|---|---|---|---|
| ✅ | Apache/PHP web | znas / Swarm | fish.pncharris.com · www.wasted-bandwidth.net | Static/PHP web hosting | php:8.2-apache; web.yaml; replicas: 1 |
📦 Archive (Not Currently Running)
Files in
archive/— previously evaluated or deployed, not currently active.
| App | File | Notes |
|---|---|---|
| Plex | plex.yaml |
Replaced by Jellyfin |
| Komodo | komodo.yaml |
Container management platform — evaluated, not deployed |
| cAdvisor | cadvisor.yaml |
Container metrics — not deployed |
| Peekaping | peekaping.yaml |
Uptime monitor — Kuma preferred |
| WatchState | WatchState.yaml |
Jellyfin/Plex watch state sync |
| Nessus | nessus.yaml |
Vulnerability scanner — evaluated |
| NxTerm | nxterm.yaml |
Guacamole-style remote desktop — evaluated |
| SSHwifty | sshwifty.yaml |
SSH web client — evaluated |
| Wordpress Classifieds | wordpress-classifieds.yaml |
Not deployed |
| Cal (calendar?) | cal.yaml |
Evaluated |
| CrowdSec (standalone) | crowdsec.yaml |
Merged into Caddy stack |
| Arr stack | arr.yaml |
Old consolidated arr compose — superseded by individual yamls |
| Caddyfile.old | Caddyfile.old |
Legacy Caddyfile |
🗃️ Ideas Backlog
| App | Category | Notes |
|---|---|---|
| Soularr | Audio | Soulseek for Lidarr; strongly recommended |
| Tubifarry | Audio | Spotify → YouTube → Lidarr |
| MeTube | Video | YouTube downloader for Tunarr filler |
| Memos | Journal | Preferred self-hosted journal pick |
| Wallabag | Reading | Read-it-later |
| Firefly III | Finance | Budgeting |
| Baikal | PIM | CalDAV/CardDAV |
| Fluid Calendar | PIM | https://github.com/dotnetfactory/fluid-calendar |
| Perplexica | AI | Self-hosted AI search |
| WatchYourLAN | Network | Device tracker |
| OliveTin | Automation | Web UI → shell commands |
| Swarm Dashboard | Monitoring | Swarm-aware visualizer |
| ContainerNursery | Automation | On-demand container start/stop |
| NUT UPS | Power | UPS management |
| Wire-pod for Vector | IoT | Anki Vector local server |
| Kindle reuse | IoT | Repurpose Kindle as weather/info display |
| Collectarr | Media | https://github.com/RiffSphere/Collectarr |
| SuggestArr | Media | Automated media recommendations |
| Recommendarr | Media | AI media recommendations |
| Manyfold | 3D Print | Model library |
| OrcaSlicer | 3D Print | Slicer web UI |
| Memos / Journiv | Journal | Self-hosted journaling (Memos preferred) |
| Romm | Gaming | ROM library manager |
| EmulatorJS | Gaming | Browser-based emulation |
🔑 Key Architecture Decisions & Gotchas
Reference these before deploying or modifying services.
- MailCow network isolation: Only
nginx-mailcowon thenetgrimoireoverlay. All other containers stay on internal bridge. Mixing causes PHP-FPM → Redis DNS conflicts. - caddy-docker-proxy + static Caddyfile conflict: Never manage the same hostname via both Docker labels AND a static block. Pick one method exclusively per service.
{{upstreams}}is Swarm-only: Does not work for Docker Compose stacks. Use static Caddyfile with container name or pinned IP.- Docker Compose
ports: []override: Does not nullify ports from base file. Remap to unused host ports instead. - Graylog is Compose-only: The
graylog.yamlfile explicitly notes this — do not attempt to run it in Swarm. - Calibre requires
seccomp=unconfined: Necessary for the desktop app container; incompatible with Swarm mode — must remain incompose/znas/. - Kopia repos not ZFS-separable: Use separate repositories with independent retention (
kopia.yamlvsvault.yaml) rather than trying to separate at the ZFS snapshot level. - ZFS encryption: In-place encryption impossible. Use rsync migration +
-wflag for raw send to Pi vaults (no key needed on vault side). - SRS rewrite: All domains using MXRoute inbound forwarding require catch-all aliases in MailCow to prevent
reject_unlisted_senderrejections. - Docker Swarm DNS caching: Use
endpoint_mode: dnsrrfor internal services; VIP only for published-port services. - NFS boot ordering on znas: ZFS must fully mount before NFS starts — systemd override required (
After=zfs-import.target zfs-mount.service). Loopback NFS mount needsx-systemd.after=nfs-server.servicein fstab. - Wiki.js angle brackets:
<value>placeholders cause rendering hangs. UseVALUEor backtick format instead. - bcrypt in
.env: Wrap full hash in single quotes to preserve leading$. - Webtop GPU rendering: Requires
LIBGL_ALWAYS_SOFTWARE=1+GALLIUM_DRIVER=llvmpipe; removedevices:/dev/drimapping. - Cloud Commander duplication: Two nearly identical
coderaiser/cloudcmdstacks exist (cloudcmd.yaml+commander.yaml) — verify if intentional or a duplicate to clean up. - Lidarr missing Caddy label: Lidarr yaml has no caddy label — either routed via static Caddyfile or not yet exposed. Confirm and standardize.
- another potential mapping tool https://github.com/gelatinescreams/The-One-File/tree/main
Last updated: March 2026 | Source: Forgejo repo git archive