samantha/homelab
1
0
Fork 0
Code Issues 2 Pull requests Projects 1 Releases Packages Wiki Activity Actions

new services

Browse source
This commit is contained in:
Samantha Atkins 2026-04-01 04:35:10 +00:00
parent ee99a2da9d
commit 9ea5557490
5 changed files with 193 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CLAUDE.md
View file

@ -26,6 +26,7 @@ Primary workstation (i9-13900KF, 96GB, RTX 4090) is **standalone — not in the
| game | 192.168.40.109 | 10.10.10.172 | Proxmox host | | game | 192.168.40.109 | 10.10.10.172 | Proxmox host |
| pve-postgres | — | 10.10.10.2 | VM on pve, swarm manager | | pve-postgres | — | 10.10.10.2 | VM on pve, swarm manager |
| pve-tools | — | 10.10.10.3 | VM on pve, swarm worker | | pve-tools | — | 10.10.10.3 | VM on pve, swarm worker |
| pve-social | — | 10.10.10.4 | VM on pve, swarm worker |
| adder-ghost | — | 10.10.10.20 | VM on adder, swarm worker | | adder-ghost | — | 10.10.10.20 | VM on adder, swarm worker |
All VMs on vmbr1 (internal, not directly LAN-reachable). A gateway LXC on pve is dual-homed vmbr0+vmbr1 and handles WireGuard + iptables DNAT. All VMs on vmbr1 (internal, not directly LAN-reachable). A gateway LXC on pve is dual-homed vmbr0+vmbr1 and handles WireGuard + iptables DNAT.
@ -35,8 +36,9 @@ All VMs on vmbr1 (internal, not directly LAN-reachable). A gateway LXC on pve is
``` ```
LXC: gateway 256MB — WireGuard client, iptables DNAT, SSH jump host LXC: gateway 256MB — WireGuard client, iptables DNAT, SSH jump host
VM: infra 8GB — NATS/JetStream, n8n VM: infra 8GB — NATS/JetStream, n8n
VM: data 20GB — PostgreSQL (shared: Ghost, Forgejo, all apps) VM: data 20GB — PostgreSQL (shared: Ghost, Forgejo, Synapse, all apps)
VM: apps 8GB — Ghost instances, Forgejo VM: apps 8GB — Ghost instances
VM: social 24GB — Forgejo, Synapse (Matrix), Snikket (XMPP); 1TB NVMe, 4 cores
VM: redis 14GB — Redis (own VM required — needs vm.overcommit_memory=1 kernel tuning) VM: redis 14GB — Redis (own VM required — needs vm.overcommit_memory=1 kernel tuning)
VM: nextcloud 8GB — Nextcloud AIO (manages its own isolated internal Postgres) VM: nextcloud 8GB — Nextcloud AIO (manages its own isolated internal Postgres)
``` ```
@ -91,7 +93,7 @@ Use SSH config aliases (`pve-postgres`, `pve-tools`, `adder-ghost`, `pve`, `adde
## Planned Services ## Planned Services
NATS JetStream (3-replica cluster service), PostgreSQL, Redis, Neo4j, FusionAuth, Authentik, n8n, Nextcloud, Garage (object storage), Ghost, monerod, monero-wallet-rpc, zanod, Peertube, BTCPay, Jitsi, Caddy, WireGuard. NATS JetStream (3-replica cluster service), PostgreSQL, Redis, Neo4j, FusionAuth, Authentik, n8n, Nextcloud, Garage (object storage), Ghost, Forgejo, Synapse (Matrix), Snikket (XMPP), monerod, monero-wallet-rpc, zanod, Peertube, BTCPay, Jitsi, Caddy, WireGuard.
## Key Files ## Key Files

15
proxmox/services/01-init.sql
View file

@ -16,3 +16,18 @@ GRANT ALL PRIVILEGES ON DATABASE n8n_db TO n8n_user;
CREATE USER c4trou_user WITH PASSWORD 'mlhWiZcp5I2kXwRmyFEMPjZz6BX6ZjLi'; CREATE USER c4trou_user WITH PASSWORD 'mlhWiZcp5I2kXwRmyFEMPjZz6BX6ZjLi';
CREATE DATABASE c4trou_db OWNER c4trou_user; CREATE DATABASE c4trou_db OWNER c4trou_user;
GRANT ALL PRIVILEGES ON DATABASE c4trou_db TO c4trou_user; GRANT ALL PRIVILEGES ON DATABASE c4trou_db TO c4trou_user;
-- Forgejo
CREATE USER forgejo_user WITH PASSWORD 'K]UrEl=//>8>!cJD[3Z/OdVC3AA{m2F(';
CREATE DATABASE forgejo_db OWNER forgejo_user;
GRANT ALL PRIVILEGES ON DATABASE forgejo_db TO forgejo_user;
-- Synapse (requires C locale — do not change template or encoding)
CREATE USER synapse_user WITH PASSWORD 'mWMb1sIkxYG6aHFkvOMcHg96Y6HZtefx';
CREATE DATABASE synapse_db
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER synapse_user;
GRANT ALL PRIVILEGES ON DATABASE synapse_db TO synapse_user;

47
proxmox/services/forgejo.yml Normal file
View file

@ -0,0 +1,47 @@
version: '3.8'
# Deploy with:
# docker stack deploy -c forgejo.yml forgejo
#
# Runs on: pve-social
# Self-hosted Git forge (Gitea fork).
# Web UI on port 3000. Uses shared PostgreSQL on pve-postgres.
services:
forgejo:
image: codeberg.org/forgejo/forgejo:9
environment:
USER_UID: 1000
USER_GID: 1000
FORGEJO__database__DB_TYPE: postgres
FORGEJO__database__HOST: postgres_postgres:5432
FORGEJO__database__NAME: forgejo_db
FORGEJO__database__USER: forgejo_user
FORGEJO__database__PASSWD: ${FORGEJO_DB_PASSWORD}
FORGEJO__server__HTTP_PORT: 3000
ports:
- target: 3000
published: 3000
protocol: tcp
mode: host
volumes:
- forgejo_data:/data
networks:
- overlay-net
deploy:
replicas: 1
placement:
constraints:
- node.hostname == pve-social
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
volumes:
forgejo_data:
networks:
overlay-net:
external: true
name: ${OVERLAY_NETWORK:-homelab-net}

74
proxmox/services/snikket.yml Normal file
View file

@ -0,0 +1,74 @@
version: '3.8'
# Deploy with:
# docker stack deploy -c snikket.yml snikket
#
# Runs on: pve-social
# XMPP server (Prosody-based). TLS terminated externally by Caddy at the hub.
# Certs must be bind-mounted into the container when ready.
#
# Web portal (invites/admin): port 80 — proxied by Caddy
# XMPP client connections: port 5222
# XMPP federation: port 5269
# File transfer proxy: port 5000
services:
snikket-web:
image: snikket/snikket-server:latest
command: web
ports:
- target: 80
published: 80
protocol: tcp
mode: host
volumes:
- snikket_data:/snikket
networks:
- overlay-net
deploy:
replicas: 1
placement:
constraints:
- node.hostname == pve-social
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
snikket-server:
image: snikket/snikket-server:latest
command: server
ports:
- target: 5222
published: 5222
protocol: tcp
mode: host
- target: 5269
published: 5269
protocol: tcp
mode: host
- target: 5000
published: 5000
protocol: tcp
mode: host
volumes:
- snikket_data:/snikket
networks:
- overlay-net
deploy:
replicas: 1
placement:
constraints:
- node.hostname == pve-social
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
volumes:
snikket_data:
networks:
overlay-net:
external: true
name: ${OVERLAY_NETWORK:-homelab-net}

52
proxmox/services/synapse.yml Normal file
View file

@ -0,0 +1,52 @@
version: '3.8'
# Deploy with:
# docker stack deploy -c synapse.yml synapse
#
# Runs on: pve-social
# Matrix homeserver. Client/federation API on port 8008.
#
# First deploy generates /data/homeserver.yaml automatically.
# After first boot, update homeserver.yaml on pve-social to add PostgreSQL:
# database:
# name: psycopg2
# args:
# user: synapse_user
# password: <from pass homelab/SYNAPSE_DB_PASSWORD>
# database: synapse_db
# host: postgres_postgres
# cp_min: 5
# cp_max: 10
services:
synapse:
image: matrixdotorg/synapse:latest
environment:
SYNAPSE_SERVER_NAME: pve-social
SYNAPSE_REPORT_STATS: "no"
ports:
- target: 8008
published: 8008
protocol: tcp
mode: host
volumes:
- synapse_data:/data
networks:
- overlay-net
deploy:
replicas: 1
placement:
constraints:
- node.hostname == pve-social
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
volumes:
synapse_data:
networks:
overlay-net:
external: true
name: ${OVERLAY_NETWORK:-homelab-net}