lionel/202601docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f00047c7d12cff496162ec94c9fa2d8533e78e5b
202601docs/docs/infra/overview.md
Lionel f00047c7d1 Initial commit - Migration documentation 2026
2025-12-31 18:44:24 +01:00

7.8 KiB
Raw Blame History

Infrastructure Talloires v2.0

Documentation de l'infrastructure réseau, VPN, DNS, et backups.

🖥️ Serveurs

Talloires (Production)

  • Type: Raspberry Pi 5 (8GB RAM)
  • OS: Raspberry Pi OS (Debian 12)
  • IP Tailscale: 100.116.198.105
  • Hostname: talloires.tailfd281f.ts.net
  • Rôle: Serveur principal (Docker)

Annecy (Storage)

  • Type: Synology DS620slim
  • OS: DSM 7.x
  • IP Tailscale: 100.69.227.96
  • Hostname: annecy.tailfd281f.ts.net
  • Rôle: NAS, Backups

Theseus (Network)

  • Type: UniFi Dream Router 7
  • Rôle: Gateway, Firewall, DHCP

🐳 Outils Docker Management

🎨 Arcane - Web UI

URL: go/arcane
License: BSD-3-Clause
Status: Opérationnel

Fonctionnalités:

  • Gestion containers, images, volumes, networks
  • Docker Compose templates & projects
  • Monitoring temps réel (CPU/RAM)
  • Interface moderne & responsive
  • Multi-serveurs (via agents)

Usage:

# Accès web
https://go/arcane

# Credentials par défaut
Username: arcane
Password: arcane-admin

Alternative à: Portainer (proprietary), Dockge (unstable)

📋 Dozzle - Logs Viewer

URL: go/logs
License: MIT
Status: Opérationnel

Fonctionnalités:

  • Real-time log streaming
  • Multi-container view
  • Search & filter
  • Ultra-léger (~30 MB RAM)
  • Aucune base de données

Usage:

# Accès web
https://go/logs

# Pas d'authentification requise (Tailscale VPN only)

Use cases: Debug, troubleshooting, monitoring logs

Lazydocker - Terminal UI

License: MIT
Status: Installé sur Talloires & Annecy
Version: 0.24.3

Installation:

# Talloires
lazydocker --version
# Location: /usr/local/bin/lazydocker

# Annecy (Synology)
~/.local/bin/lazydocker --version

Fonctionnalités:

  • TUI (Terminal User Interface)
  • Stats en temps réel (CPU/RAM)
  • Logs interactifs
  • Actions rapides (start/stop/restart)
  • Fonctionne via SSH

Usage:

# Sur Talloires
ssh lionel@talloires.local
lazydocker

# Sur Annecy
ssh lionel@100.69.227.96
~/.local/bin/lazydocker

Navigation:

  • ↑/↓: Sélection
  • Enter: Actions
  • l: Logs
  • e: Exec shell
  • q: Quitter

📊 Comparaison Outils

Feature Arcane Dozzle Lazydocker
Type Web UI Web UI TUI
Containers Full mgmt View only Full mgmt
Logs
Compose Templates View
Stats
Remote Multi-host Single Single
SSH Works
RAM ~100 MB ~30 MB ~50 MB

Recommandations:

  • Arcane: Gestion quotidienne, templates, multi-serveurs
  • Dozzle: Quick log inspection, debugging
  • Lazydocker: SSH access, TUI lovers, remote management

🌐 Réseau

Tailscale VPN

  • Type: WireGuard mesh VPN
  • MagicDNS: Désactivé (dnsmasq preferred)
  • Subnet: 100.64.0.0/10

DNS Local (dnsmasq)

Config: /etc/dnsmasq.d/tailscale.conf

# Machines
address=/talloires.local/100.116.198.105
address=/annecy.local/100.69.227.96

# Wildcards
address=/.talloires.local/100.116.198.105

# Go-links
address=/go/100.116.198.105

# Upstream DNS
server=127.0.0.1#5053

AdGuard DNS (DoH)

  • Port: 5053
  • Upstream: AdGuard DNS-over-HTTPS
  • Config: cloudflared tunnel

🔐 VPN Tunnel (ProtonVPN)

Configuration WireGuard

  • Server: Luxembourg (LU#44)
  • Public IP: 5.253.204.190
  • Endpoint: 5.253.204.162:51820
  • Config: /home/lionel/talloires-v2/transmission/wireguard/wg0.conf

Kill-Switch

Transmission utilise network_mode: service:wireguard → Impossible de leak l'IP réelle.

Monitoring VPN

  • Vérification automatique IP publique
  • Alertes Telegram si VPN down (<30s)
  • Health checks Docker

💾 Backups

Structure NFS

/mnt/annecy/talloires/
├── migration-v2/                     # Backups migration
│   ├── jellyfin-config-*.tar.gz     # 2.3 GB
│   ├── gitea-data-*.tar.gz          # Repos Git
│   ├── mkdocs-v1-archive-*.tar.gz   # 12 KB
│   └── critical-configs-*.tar.gz    # 3.5 KB
└── daily/                            # Backups quotidiens (TODO)

NFS Mount

sudo mount -t nfs 100.69.227.96:/volume1/talloires /mnt/annecy -o rw,hard,intr,rsize=8192,wsize=8192

Fstab:

100.69.227.96:/volume1/talloires /mnt/annecy nfs rw,hard,intr,rsize=8192,wsize=8192 0 0

Backup Automatique (Cron)

TODO: Mettre à jour cron pour v2.0 structure.

🔒 Sécurité

Firewall (UFW)

sudo ufw status

Ports ouverts:

  • 80, 443: HTTP/HTTPS (Caddy)
  • 2222: SSH Gitea
  • 8096: Jellyfin (direct access)
  • 22: SSH (Tailscale only)

Certificats HTTPS

  • CA: Caddy Local Authority
  • Cert: /data/caddy/pki/authorities/local/root.crt
  • Installation: Importer dans macOS Keychain → Always Trust

Accès

  • Tailscale VPN uniquement
  • Pas d'exposition Internet directe
  • SSH keys only (no password)

📊 Monitoring

Stack Monitoring

Netdata - System metrics

  • URL: https://go/net
  • Métriques: CPU, RAM, Disk, Network, Docker
  • Alertes: À configurer (optionnel)

Arcane - Docker monitoring

  • URL: https://go/arcane
  • Métriques: Containers stats (CPU/RAM)
  • Features: Dashboard, projects, logs

Dozzle - Logs viewer

  • URL: https://go/logs
  • Features: Real-time logs, search, filter

Lazydocker - Terminal monitoring

ssh lionel@talloires.local
lazydocker

Docker Health Checks

Tous les containers ont des health checks configurés.

Logs

# CLI
docker logs <container>
docker logs <container> --follow
docker logs <container> --tail 100

# Web UI (Dozzle)
https://go/logs

# TUI (Lazydocker)
lazydocker

🛠️ Maintenance

Docker Management

Via Arcane (Web):

https://go/arcane
→ Containers → Start/Stop/Restart
→ Images → Pull/Delete
→ Projects → Manage Compose stacks

Via Lazydocker (TUI):

ssh lionel@talloires.local
lazydocker
# Navigate avec arrows, Enter pour actions

Via CLI:

# Update containers
cd /home/lionel/talloires-v2/core
docker compose pull
docker compose up -d

# Restart service
docker restart <container>

# View logs
docker logs <container> --tail 100

Backup Manuel

# Jellyfin
tar -czf /mnt/annecy/talloires/manual/jellyfin-$(date +%Y%m%d).tar.gz \\
  /home/lionel/talloires-v2/jellyfin/config

# Gitea
tar -czf /mnt/annecy/talloires/manual/gitea-$(date +%Y%m%d).tar.gz \\
  /home/lionel/talloires-v2/gitea/

# Arcane database
tar -czf /mnt/annecy/talloires/manual/arcane-$(date +%Y%m%d).tar.gz \\
  /home/lionel/talloires-v2/docker-mgmt/arcane-data

Restart Services

docker restart <container>
docker compose restart

📁 Fichiers de Configuration

Docker Management

/home/lionel/talloires-v2/docker-mgmt/
├── docker-compose.yml      # Arcane + Dozzle
└── arcane-data/           # Arcane database

Caddy

/home/lionel/talloires-v2/caddy/
├── Caddyfile             # Reverse proxy config
└── Caddyfile.backup-*    # Backups automatiques

Services

/home/lionel/talloires-v2/
├── core/                 # Caddy, Shlink
├── jellyfin/            # Media server
├── transmission/        # BitTorrent + WireGuard
├── gitea/              # Git hosting
├── homeassistant/      # Domotique
├── mkdocs/             # Documentation
├── netdata/            # Monitoring
├── signal-api/         # Notifications
└── docker-mgmt/        # Arcane + Dozzle

Voir Services pour configuration applicative.

Dernière mise à jour: 31 décembre 2025

Reference in New Issue View Git Blame Copy Permalink