From 9ea5557490ad1a4f6371ec83e446971316bbe812 Mon Sep 17 00:00:00 2001 From: Samantha Atkins Date: Wed, 1 Apr 2026 04:35:10 +0000 Subject: [PATCH] new services --- CLAUDE.md | 8 ++-- proxmox/services/01-init.sql | 15 ++++++++ proxmox/services/forgejo.yml | 47 +++++++++++++++++++++++ proxmox/services/snikket.yml | 74 ++++++++++++++++++++++++++++++++++++ proxmox/services/synapse.yml | 52 +++++++++++++++++++++++++ 5 files changed, 193 insertions(+), 3 deletions(-) create mode 100644 proxmox/services/forgejo.yml create mode 100644 proxmox/services/snikket.yml create mode 100644 proxmox/services/synapse.yml diff --git a/CLAUDE.md b/CLAUDE.md index 0da4a5e..318d6f6 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -26,6 +26,7 @@ Primary workstation (i9-13900KF, 96GB, RTX 4090) is **standalone — not in the | game | 192.168.40.109 | 10.10.10.172 | Proxmox host | | pve-postgres | — | 10.10.10.2 | VM on pve, swarm manager | | pve-tools | — | 10.10.10.3 | VM on pve, swarm worker | +| pve-social | — | 10.10.10.4 | VM on pve, swarm worker | | adder-ghost | — | 10.10.10.20 | VM on adder, swarm worker | All VMs on vmbr1 (internal, not directly LAN-reachable). A gateway LXC on pve is dual-homed vmbr0+vmbr1 and handles WireGuard + iptables DNAT. @@ -35,8 +36,9 @@ All VMs on vmbr1 (internal, not directly LAN-reachable). A gateway LXC on pve is ``` LXC: gateway 256MB — WireGuard client, iptables DNAT, SSH jump host VM: infra 8GB — NATS/JetStream, n8n -VM: data 20GB — PostgreSQL (shared: Ghost, Forgejo, all apps) -VM: apps 8GB — Ghost instances, Forgejo +VM: data 20GB — PostgreSQL (shared: Ghost, Forgejo, Synapse, all apps) +VM: apps 8GB — Ghost instances +VM: social 24GB — Forgejo, Synapse (Matrix), Snikket (XMPP); 1TB NVMe, 4 cores VM: redis 14GB — Redis (own VM required — needs vm.overcommit_memory=1 kernel tuning) VM: nextcloud 8GB — Nextcloud AIO (manages its own isolated internal Postgres) ``` @@ -91,7 +93,7 @@ Use SSH config aliases (`pve-postgres`, `pve-tools`, `adder-ghost`, `pve`, `adde ## Planned Services -NATS JetStream (3-replica cluster service), PostgreSQL, Redis, Neo4j, FusionAuth, Authentik, n8n, Nextcloud, Garage (object storage), Ghost, monerod, monero-wallet-rpc, zanod, Peertube, BTCPay, Jitsi, Caddy, WireGuard. +NATS JetStream (3-replica cluster service), PostgreSQL, Redis, Neo4j, FusionAuth, Authentik, n8n, Nextcloud, Garage (object storage), Ghost, Forgejo, Synapse (Matrix), Snikket (XMPP), monerod, monero-wallet-rpc, zanod, Peertube, BTCPay, Jitsi, Caddy, WireGuard. ## Key Files diff --git a/proxmox/services/01-init.sql b/proxmox/services/01-init.sql index bc752f2..f486586 100644 --- a/proxmox/services/01-init.sql +++ b/proxmox/services/01-init.sql @@ -16,3 +16,18 @@ GRANT ALL PRIVILEGES ON DATABASE n8n_db TO n8n_user; CREATE USER c4trou_user WITH PASSWORD 'mlhWiZcp5I2kXwRmyFEMPjZz6BX6ZjLi'; CREATE DATABASE c4trou_db OWNER c4trou_user; GRANT ALL PRIVILEGES ON DATABASE c4trou_db TO c4trou_user; + +-- Forgejo +CREATE USER forgejo_user WITH PASSWORD 'K]UrEl=//>8>!cJD[3Z/OdVC3AA{m2F('; +CREATE DATABASE forgejo_db OWNER forgejo_user; +GRANT ALL PRIVILEGES ON DATABASE forgejo_db TO forgejo_user; + +-- Synapse (requires C locale — do not change template or encoding) +CREATE USER synapse_user WITH PASSWORD 'mWMb1sIkxYG6aHFkvOMcHg96Y6HZtefx'; +CREATE DATABASE synapse_db + ENCODING 'UTF8' + LC_COLLATE='C' + LC_CTYPE='C' + template=template0 + OWNER synapse_user; +GRANT ALL PRIVILEGES ON DATABASE synapse_db TO synapse_user; diff --git a/proxmox/services/forgejo.yml b/proxmox/services/forgejo.yml new file mode 100644 index 0000000..9f3e4dd --- /dev/null +++ b/proxmox/services/forgejo.yml @@ -0,0 +1,47 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c forgejo.yml forgejo +# +# Runs on: pve-social +# Self-hosted Git forge (Gitea fork). +# Web UI on port 3000. Uses shared PostgreSQL on pve-postgres. + +services: + forgejo: + image: codeberg.org/forgejo/forgejo:9 + environment: + USER_UID: 1000 + USER_GID: 1000 + FORGEJO__database__DB_TYPE: postgres + FORGEJO__database__HOST: postgres_postgres:5432 + FORGEJO__database__NAME: forgejo_db + FORGEJO__database__USER: forgejo_user + FORGEJO__database__PASSWD: ${FORGEJO_DB_PASSWORD} + FORGEJO__server__HTTP_PORT: 3000 + ports: + - target: 3000 + published: 3000 + protocol: tcp + mode: host + volumes: + - forgejo_data:/data + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-social + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + forgejo_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/proxmox/services/snikket.yml b/proxmox/services/snikket.yml new file mode 100644 index 0000000..cf0d78a --- /dev/null +++ b/proxmox/services/snikket.yml @@ -0,0 +1,74 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c snikket.yml snikket +# +# Runs on: pve-social +# XMPP server (Prosody-based). TLS terminated externally by Caddy at the hub. +# Certs must be bind-mounted into the container when ready. +# +# Web portal (invites/admin): port 80 — proxied by Caddy +# XMPP client connections: port 5222 +# XMPP federation: port 5269 +# File transfer proxy: port 5000 + +services: + snikket-web: + image: snikket/snikket-server:latest + command: web + ports: + - target: 80 + published: 80 + protocol: tcp + mode: host + volumes: + - snikket_data:/snikket + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-social + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + + snikket-server: + image: snikket/snikket-server:latest + command: server + ports: + - target: 5222 + published: 5222 + protocol: tcp + mode: host + - target: 5269 + published: 5269 + protocol: tcp + mode: host + - target: 5000 + published: 5000 + protocol: tcp + mode: host + volumes: + - snikket_data:/snikket + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-social + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + snikket_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/proxmox/services/synapse.yml b/proxmox/services/synapse.yml new file mode 100644 index 0000000..a3ad1a2 --- /dev/null +++ b/proxmox/services/synapse.yml @@ -0,0 +1,52 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c synapse.yml synapse +# +# Runs on: pve-social +# Matrix homeserver. Client/federation API on port 8008. +# +# First deploy generates /data/homeserver.yaml automatically. +# After first boot, update homeserver.yaml on pve-social to add PostgreSQL: +# database: +# name: psycopg2 +# args: +# user: synapse_user +# password: +# database: synapse_db +# host: postgres_postgres +# cp_min: 5 +# cp_max: 10 + +services: + synapse: + image: matrixdotorg/synapse:latest + environment: + SYNAPSE_SERVER_NAME: pve-social + SYNAPSE_REPORT_STATS: "no" + ports: + - target: 8008 + published: 8008 + protocol: tcp + mode: host + volumes: + - synapse_data:/data + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-social + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + synapse_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net}