cal/claude-home
1
0
Fork 0
Code Issues 6 Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Add server configs for discord-bots, foundry-lxc, termix, and pihole

Browse Source 
Pull Docker Compose configs for discord-bots VM, foundry-lxc LXC, and
termix. Add pihole and orbital-sync compose files for ubuntu-manticore.
Back up LXC 223 (foundry) Proxmox config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Cal Corum 2026-02-07 22:21:17 -06:00
parent 7d9aae4ac3
commit 4c9fe64fc3
12 changed files with 839 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server-configs/discord-bots/docker-compose/foundry/.env.example Normal file
View File

@ -0,0 +1,5 @@
# Foundry VTT Credentials
# Get these from your Foundry VTT account at foundryvtt.com
FOUNDRY_USERNAME=your_foundry_username
FOUNDRY_PASSWORD=your_foundry_password
FOUNDRY_ADMIN_KEY=your_admin_password

33
server-configs/discord-bots/docker-compose/foundry/docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
version: "3.8"
# secrets:
# config_json:
# file: secrets.json
services:
foundry:
image: felddy/foundryvtt:release
restart: unless-stopped
hostname: foundry
volumes:
- type: bind
source: ./data
target: /data
environment:
- FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}
- FOUNDRY_USERNAME=${FOUNDRY_USERNAME}
- FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY}
- CONTAINER_PRESERVE_CONFIG=true
- FOUNDRY_CSS_THEME=scifi
# - FOUNDRY_HOSTNAME=foundry.manticorum.com
- FOUNDRY_GID=0
- FOUNDRY_UID=0
- FOUNDRY_MINIFY_STATIC_FILES=true
- TIMEZONE=America/Chicago
ports:
- target: 30000
published: 30000
protocol: tcp
# secrets:
# - source: config_json
# target: config.json

5
server-configs/foundry-lxc/docker-compose/foundry/.env.example Normal file
View File

@ -0,0 +1,5 @@
# Foundry VTT Credentials
# Get these from your Foundry VTT account at foundryvtt.com
FOUNDRY_USERNAME=your_foundry_username
FOUNDRY_PASSWORD=your_foundry_password
FOUNDRY_ADMIN_KEY=your_admin_password

20
server-configs/foundry-lxc/docker-compose/foundry/docker-compose.yml Normal file
View File

@ -0,0 +1,20 @@
services:
foundry:
image: felddy/foundryvtt:release
restart: unless-stopped
hostname: foundry
security_opt:
- apparmor=unconfined
volumes:
- type: bind
source: ./data
target: /data
environment:
- FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}
- FOUNDRY_USERNAME=${FOUNDRY_USERNAME}
- FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY}
- CONTAINER_PRESERVE_CONFIG=true
- FOUNDRY_VERSION=13.351
- FOUNDRY_MINIFY_STATIC_FILES=true
ports:
- "30000:30000"

9
server-configs/proxmox/lxc/223.conf Normal file
View File

@ -0,0 +1,9 @@
arch: amd64
cores: 2
features: nesting=1,keyctl=1
hostname: foundry-lxc
memory: 2048
net0: name=eth0,bridge=vmbr0,gw=10.10.0.1,hwaddr=56:72:BD:0F:EC:39,ip=10.10.0.223/24,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-223-disk-0,size=16G
swap: 512

375
server-configs/termix/README.md Normal file
View File

@ -0,0 +1,375 @@
# Termix - SSH Server Management Platform
**LXC 210 (n8n)** | **10.10.0.210:8180** | **termix.manticorum.com**
Self-hosted, open-source alternative to Termius for comprehensive SSH server management with web-based terminal, file management, Docker control, and monitoring.
## Quick Info
| Property | Value |
|----------|-------|
| **Type** | Docker container on n8n LXC |
| **Host OS** | Ubuntu (LXC 210) |
| **Host IP** | 10.10.0.210 |
| **Port** | 8180 (internal) |
| **Public URL** | https://termix.manticorum.com |
| **Termix Version** | 1.11.0 (via Docker) |
| **Reverse Proxy** | Nginx Proxy Manager (10.10.0.16) |
## Deployment Details
- **Deployed on**: Existing n8n LXC (210) to save resources
- **Shares container with**: n8n, omni-tools
- **Docker compose**: `/opt/termix/docker-compose.yml`
- **Data directory**: `/opt/termix/data/`
## Services
### Termix Web App
- **Port**: 8080 (internal)
- **Tech Stack**: TypeScript/React, SQLite database
- **Data**: `/opt/termix/data` (encrypted SQLite)
- **Config**: Environment variables in docker-compose
### Docker Engine
- Required to run Termix container
- Manages Termix app lifecycle
## Management
### Access Container
```bash
ssh root@10.10.0.210
# or via Proxmox
pct enter 210
```
### Service Management
```bash
# Status
cd /opt/termix
docker compose ps
# Restart
docker compose restart
# Logs
docker compose logs -f
# Stop/Start
docker compose down
docker compose up -d
```
### View Termix Logs
```bash
docker compose logs -f termix
```
## Configuration
### Docker Compose Location
`/opt/termix/docker-compose.yml`
### Environment Variables
Created in `/opt/termix/.env` (if needed):
```env
# Termix configuration
TERMIX_PORT=8080
# Add any custom env vars as needed
```
### Data Persistence
All Termix data is stored in `/opt/termix/data`:
- **Database**: Encrypted SQLite with server credentials
- **SSH Keys**: Generated and managed by Termix
- **User Settings**: RBAC, 2FA settings, preferences
## Features & Usage
### SSH Terminal
- Full-featured web terminal with split-screen (up to 4 panels)
- Tab-based interface for multiple sessions
- Copy/paste support
- Session reconnection
### SSH Tunneling
- Create local and remote tunnels
- Automatic reconnection with health monitoring
- Persistent tunnel configuration
### File Management
- Upload/download files via web interface
- Remote file editing with syntax highlighting
- View code and media files directly
- Directory navigation and operations
### Docker Management
- List containers across connected servers
- Start/stop/pause/remove containers
- Exec into containers with web terminal
- View container logs and stats
### Server Monitoring
- Real-time CPU, memory, disk, network usage
- Server uptime tracking
- Firewall status visibility
- Custom dashboards with network graphs
### Host Management
- Save SSH connections with tags and folders
- Automated SSH key deployment
- Organize servers by environment, project, or location
- Quick connect from saved hosts
### Security Features
- **RBAC**: Role-based access control for multi-user
- **2FA**: TOTP authentication support
- **OIDC**: Single sign-on integration
- **Encryption**: All credentials encrypted in database
## Initial Setup
### First Login
1. Navigate to https://termix.manticorum.com
2. Create admin account on first run
3. **Important**: Enable 2FA immediately after account creation
### Add Your First Server
1. Click "Add Host" or "+"
2. Enter connection details:
- **Hostname**: Server IP or hostname (e.g., `10.10.0.33`)
- **Port**: 22 (default SSH)
- **Username**: SSH user (e.g., `cal` or `root`)
- **Auth**: SSH key (recommended) or password
3. Test connection
4. Organize with tags (e.g., `proxmox`, `docker`, `production`)
### Deploy SSH Keys
Termix can generate and deploy SSH keys to your servers:
1. Generate key pair in Termix
2. Use "Deploy SSH Key" feature
3. Termix will add the key to `~/.ssh/authorized_keys` on target server
### Organize Servers
Create folders for organization:
- **By Environment**: `production/`, `development/`, `homelab/`
- **By Function**: `docker-hosts/`, `databases/`, `proxmox/`
- **By Location**: `local/`, `cloud/`
## Quick Import: All Home Lab Servers
A pre-configured JSON import file is available with all your home lab servers:
**File**: `server-configs/termix/homelab-hosts-import.json`
### Import Instructions
1. Log into Termix at https://termix.manticorum.com
2. Go to **Settings** → **Import/Export**
3. Click **Import Hosts**
4. Upload `homelab-hosts-import.json`
5. All 12 servers will be imported with:
- Organized folders (Infrastructure, LXC Containers, VMs, Cloud)
- Appropriate tags for filtering
- Docker management enabled for Docker hosts
- File manager with correct default paths
- System monitoring enabled
- Database tunnel pre-configured for strat-database
### After Import: Configure SSH Keys
The import uses SSH key authentication. After importing:
1. Go to each host in Termix
2. Edit host settings
3. Add your SSH private key or generate a new one in Termix
4. Use Termix's "Deploy SSH Key" feature to add keys to servers
**Or** use password authentication temporarily:
- Edit each host and change `authType` to "password"
- Add password in the password field
- Later switch to SSH keys for security
### Included Servers
| Server | IP | User | Folder | Features |
|--------|-----|------|--------|----------|
| proxmox | 10.10.0.11 | root | Infrastructure | ⭐ Pinned, Monitoring |
| ubuntu-manticore | 10.10.0.226 | cal | Physical Servers | ⭐ Pinned, Docker, Media |
| n8n | 10.10.0.210 | root | LXC Containers | ⭐ Pinned, Docker, Automation |
| discord-bots | 10.10.0.33 | cal | Virtual Machines | Docker, Dev Bots |
| sba-bots | 10.10.0.88 | cal | Virtual Machines | ⭐ Pinned, Docker, Production |
| strat-database | 10.10.0.42 | cal | Virtual Machines | Docker, Database, Tunnel |
| arr-stack | 10.10.0.221 | root | LXC Containers | Docker, Media Automation |
| foundry-lxc | 10.10.0.223 | root | LXC Containers | Docker, Gaming |
| openclaw | 10.10.0.224 | root | LXC Containers | Docker, AI Assistant |
| gitea | 10.10.0.225 | root | LXC Containers | Git Server, CI/CD |
| home-assistant | 10.0.0.28 | root | Virtual Machines | Smart Home |
| akamai | 172.237.147.99 | root | Cloud Servers | Docker, Public Cloud |
## Backup
### What to Backup
1. **Termix database**: `/opt/termix/data/` (contains all settings, credentials, SSH keys)
2. **Docker compose**: `/opt/termix/docker-compose.yml`
3. **Environment**: `/opt/termix/.env` (if exists)
### Backup Commands
```bash
# Full data directory (includes encrypted database)
tar -czf termix-backup-$(date +%Y%m%d).tar.gz /opt/termix
# Database only
cp /opt/termix/data/termix.db /backups/termix-db-$(date +%Y%m%d).db
```
### Restore
```bash
# Stop Termix
cd /opt/termix
docker compose down
# Restore data
tar -xzf termix-backup.tar.gz -C /
# Start Termix
docker compose up -d
```
## Upgrades
### Update Termix
```bash
cd /opt/termix
# Pull latest image
docker compose pull
# Restart with new image
docker compose down
docker compose up -d
# Check logs for successful start
docker compose logs -f
```
### Check Version
View version in Termix web UI: Settings → About
## Integration with NPM
Configure reverse proxy on NPM (10.10.0.16):
- **Domain**: termix.manticorum.com
- **Scheme**: http
- **Forward Hostname/IP**: 10.10.0.210
- **Forward Port**: 8180
- **SSL**: Let's Encrypt
- **Websockets**: ✅ **MUST BE ENABLED** (required for terminal sessions)
- **Block Common Exploits**: Enabled
- **Cache Assets**: Disabled (for real-time terminal)
## Troubleshooting
### Container won't start
```bash
# Check logs
docker compose logs
# Common issues:
# - Port 8080 already in use
# - Missing /opt/termix/data directory
# - Permissions on data directory
```
### Can't connect to servers from Termix
```bash
# Ensure Termix container has network access
docker exec -it termix ping 10.10.0.11
# Check SSH from container
docker exec -it termix ssh -v user@server-ip
# Verify firewall rules on target servers
```
### 502 Bad Gateway on web
```bash
# Check Termix is running and listening
docker compose ps
docker compose logs
# Test local connection
curl http://localhost:8080
# Verify NPM can reach container
curl http://10.10.0.226:8080
```
### Terminal sessions disconnect
- Ensure websockets are enabled in NPM
- Check for network connectivity issues
- Verify Termix auto-reconnect settings
### Database corruption
```bash
# Stop Termix
docker compose down
# Restore from backup
cp /backups/termix-db-YYYYMMDD.db /opt/termix/data/termix.db
# Start Termix
docker compose up -d
```
## Security Notes
- All credentials are encrypted in SQLite database
- SSH keys are stored securely within Termix
- Enable 2FA for all users
- Use SSH key authentication instead of passwords where possible
- LXC is unprivileged for better isolation
- Termix only accessible via HTTPS through NPM
- Consider restricting NPM access to internal network only
## Advanced Configuration
### OIDC Integration
For single sign-on with external identity provider:
1. Configure OIDC provider (e.g., Authelia, Keycloak)
2. Add OIDC settings to Termix via environment variables
3. Enable OIDC login in Termix settings
### Custom Themes
Termix uses Tailwind/Shadcn UI. Themes can be customized if building from source.
### Multi-User Setup
1. Create user accounts in Termix admin panel
2. Assign roles (Admin, User, Viewer)
3. Set per-user server access permissions
4. Enforce 2FA for all users
## Related Documentation
- [Official Termix GitHub](https://github.com/Termix-SSH/Termix)
- [Termix Documentation](https://github.com/Termix-SSH/Termix/wiki) (check for wiki)
- [Proxmox LXC Config](../proxmox/lxc/226.conf)
- [Networking Setup](../../networking/CONTEXT.md)
## Deployment Date
**Created**: 2026-02-03
**By**: Claude Code (Proxmox Skill)
**Tech**: Termix (Docker) on Ubuntu 22.04 LXC
## Next Steps
After deployment:
1. ✅ Create LXC 226 on Proxmox
2. ✅ Install Docker and Docker Compose
3. ✅ Deploy Termix via docker-compose
4. ⬜ Configure NPM reverse proxy
5. ⬜ Set up first admin account
6. ⬜ Enable 2FA
7. ⬜ Add home lab servers to Termix
8. ⬜ Deploy SSH keys to managed servers
9. ⬜ Organize servers with tags and folders
10. ⬜ Test terminal, file management, Docker control features

59
server-configs/termix/docker-compose.yml Normal file
View File

@ -0,0 +1,59 @@
version: '3.8'
services:
termix:
image: ghcr.io/lukegus/termix:latest
container_name: termix
restart: unless-stopped
ports:
- "8180:8080"
volumes:
# Persistent data volume for database, SSH keys, settings
- ./data:/app/data
environment:
# Port configuration (default is 8080)
- PORT=8080
# Optional: Set timezone
- TZ=America/New_York
# Optional: Custom app name
# - APP_NAME=Manticorum SSH Manager
# Optional: Database path (default is /app/data/termix.db)
# - DATABASE_PATH=/app/data/termix.db
# Optional: Resource limits
# deploy:
# resources:
# limits:
# cpus: '1.5'
# memory: 1G
# reservations:
# cpus: '0.5'
# memory: 512M
# Security options
security_opt:
- no-new-privileges:true
# Network mode (bridge is default)
network_mode: bridge
# Health check
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# Optional: Define custom network
# networks:
# termix-network:
# driver: bridge
# Optional: Backup volume
# volumes:
# termix-data:
# driver: local

236
server-configs/termix/homelab-hosts-import.json Normal file
View File

@ -0,0 +1,236 @@
{
"hosts": [
{
"name": "Proxmox (Main Hypervisor)",
"ip": "10.10.0.11",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Infrastructure",
"tags": ["proxmox", "hypervisor", "critical"],
"pin": true,
"notes": "Main Proxmox VE hypervisor - manages all VMs and LXC containers",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": false,
"enableTunnel": true,
"defaultPath": "/etc/pve",
"statsConfig": {
"enabledWidgets": ["cpu", "memory", "disk", "network", "uptime", "system"],
"statusCheckEnabled": true,
"statusCheckInterval": 30,
"metricsEnabled": true,
"metricsInterval": 30
}
},
{
"name": "ubuntu-manticore (Media Server)",
"ip": "10.10.0.226",
"port": 22,
"username": "cal",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Physical Servers",
"tags": ["docker", "media", "jellyfin", "tdarr", "physical"],
"pin": true,
"notes": "Physical Ubuntu server - Jellyfin, Tdarr, Watchstate. Shares GPU with Tdarr for transcoding.",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/home/cal/docker",
"statsConfig": {
"enabledWidgets": ["cpu", "memory", "disk", "network", "uptime", "processes"],
"statusCheckEnabled": true,
"metricsEnabled": true
}
},
{
"name": "n8n (Automation + Termix)",
"ip": "10.10.0.210",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "LXC Containers",
"tags": ["lxc", "docker", "automation", "n8n", "termix", "omni-tools"],
"pin": true,
"notes": "n8n workflow automation, OmniTools utilities, and Termix (this instance!)",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/opt",
"statsConfig": {
"enabledWidgets": ["cpu", "memory", "disk", "network", "uptime"],
"statusCheckEnabled": true,
"metricsEnabled": true
}
},
{
"name": "discord-bots (Development Bots)",
"ip": "10.10.0.33",
"port": 22,
"username": "cal",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Virtual Machines",
"tags": ["vm", "docker", "bots", "discord", "development"],
"notes": "Discord bots and game services: MLN Ghost Ball, Major Domo dev, Foundry, Forever Werewolf, etc.",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/home/cal/container-data"
},
{
"name": "sba-bots (Production Bots)",
"ip": "10.10.0.88",
"port": 22,
"username": "cal",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Virtual Machines",
"tags": ["vm", "docker", "bots", "production", "paper-dynasty", "major-domo"],
"pin": true,
"notes": "SBA/Paper Dynasty production: Paper Dynasty bot, Major Domo, SBA website, SBA Ghost",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/home/cal/container-data"
},
{
"name": "strat-database (Databases)",
"ip": "10.10.0.42",
"port": 22,
"username": "cal",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Virtual Machines",
"tags": ["vm", "docker", "database", "postgres", "production"],
"notes": "Database services: SBA cards, PD database, Postgres, dev databases",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/home/cal/container-data",
"tunnelConnections": [
{
"sourcePort": 5433,
"endpointPort": 5432,
"endpointHost": "localhost",
"maxRetries": 3,
"retryInterval": 10,
"autoStart": false
}
]
},
{
"name": "arr-stack (Media Automation)",
"ip": "10.10.0.221",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "LXC Containers",
"tags": ["lxc", "docker", "media", "sonarr", "radarr", "automation"],
"notes": "Media automation stack: Sonarr, Radarr, Prowlarr, etc.",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/opt/arr-stack"
},
{
"name": "foundry-lxc (Foundry VTT)",
"ip": "10.10.0.223",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "LXC Containers",
"tags": ["lxc", "docker", "gaming", "foundry", "vtt"],
"notes": "Foundry VTT tabletop gaming server",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/opt/foundry"
},
{
"name": "openclaw (Personal AI)",
"ip": "10.10.0.224",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "LXC Containers",
"tags": ["lxc", "docker", "ai", "openclaw", "assistant"],
"notes": "OpenClaw personal AI assistant with MiniMax M2.1 and Discord integration",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/opt/openclaw"
},
{
"name": "gitea (Git Server)",
"ip": "10.10.0.225",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "LXC Containers",
"tags": ["lxc", "git", "gitea", "ci-cd", "development"],
"notes": "Gitea self-hosted Git server with Gitea Actions for CI/CD. URL: https://git.manticorum.com",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": false,
"enableTunnel": true,
"defaultPath": "/var/lib/gitea"
},
{
"name": "home-assistant",
"ip": "10.0.0.28",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Virtual Machines",
"tags": ["vm", "homeassistant", "smart-home", "automation"],
"notes": "Home Assistant OS - smart home automation with Matter, mobile app, weather",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": false,
"enableTunnel": true,
"defaultPath": "/root",
"statsConfig": {
"enabledWidgets": ["cpu", "memory", "disk", "network", "uptime"],
"statusCheckEnabled": true
}
},
{
"name": "akamai (Public Cloud)",
"ip": "172.237.147.99",
"port": 22,
"username": "root",
"authType": "key",
"key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n",
"folder": "Cloud Servers",
"tags": ["cloud", "akamai", "linode", "docker", "production", "public"],
"notes": "Akamai Linode - public-facing services: NPM, Major Domo, dev Paper Dynasty, SBA website",
"enableTerminal": true,
"enableFileManager": true,
"enableDocker": true,
"enableTunnel": true,
"defaultPath": "/root/container-data",
"statsConfig": {
"enabledWidgets": ["cpu", "memory", "disk", "network", "uptime", "system"],
"statusCheckEnabled": true,
"statusCheckInterval": 60
}
}
]
}

12
server-configs/ubuntu-manticore/docker-compose/orbital-sync/.env.example Normal file
View File

@ -0,0 +1,12 @@
# Orbital Sync Configuration
# Copy this file to .env and fill in the values
# Primary Pi-hole (npm-pihole) - v6 app password
# Generated via: http://10.10.0.16:81/admin → Settings → Web Interface / API → Configure app password
# Stored in: ~/.claude/secrets/pihole1_app_password
PRIMARY_HOST_PASSWORD=your_primary_pihole_app_password_here
# Secondary Pi-hole (ubuntu-manticore) - v6 app password
# Generated via: http://10.10.0.226:8053/admin → Settings → Web Interface / API → Configure app password
# Stored in: ~/.claude/secrets/pihole2_app_password
SECONDARY_HOST_PASSWORD=your_secondary_pihole_app_password_here

35
server-configs/ubuntu-manticore/docker-compose/orbital-sync/docker-compose.yml Normal file
View File

@ -0,0 +1,35 @@
version: '3.8'
services:
orbital-sync:
container_name: orbital-sync
image: mattwebbio/orbital-sync:latest
environment:
# Primary Pi-hole (npm-pihole)
PRIMARY_HOST_BASE_URL: 'http://10.10.0.16:81'
PRIMARY_HOST_PASSWORD: ${PRIMARY_HOST_PASSWORD}
# Secondary Pi-hole (ubuntu-manticore)
SECONDARY_HOST_1_BASE_URL: 'http://127.0.0.1:8053'
SECONDARY_HOST_1_PASSWORD: ${SECONDARY_HOST_PASSWORD}
# Sync configuration
INTERVAL_MINUTES: '5' # Sync every 5 minutes
# What to sync
SYNC_WHITELIST: 'true'
SYNC_REGEX_WHITELIST: 'true'
SYNC_BLACKLIST: 'true'
SYNC_REGEXLIST: 'true'
SYNC_ADLIST: 'true'
SYNC_CLIENT: 'true'
SYNC_GROUP: 'true'
SYNC_AUDITLOG: 'true'
SYNC_STATICDHCPLEASES: 'false' # Don't sync DHCP (not using Pi-hole for DHCP)
SYNC_LOCALDNSRECORDS: 'true' # Sync custom DNS entries
SYNC_LOCALCNAMERECORDS: 'true' # Sync CNAME records
# Logging
LOG_LEVEL: 'info'
network_mode: host # Required to access localhost Pi-hole
restart: unless-stopped

12
server-configs/ubuntu-manticore/docker-compose/pihole/.env.example Normal file
View File

@ -0,0 +1,12 @@
# Pi-hole Configuration
# Copy this file to .env and fill in the values
# Web interface password
WEBPASSWORD=your_secure_password_here
# Timezone
TZ=America/Chicago
# Pi-hole v6 App Password
# Generated via: Settings → Web Interface / API → Advanced Settings → Configure app password
# Stored in: ~/.claude/secrets/pihole2_app_password

38
server-configs/ubuntu-manticore/docker-compose/pihole/docker-compose.yml Normal file
View File

@ -0,0 +1,38 @@
version: '3.8'
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "8053:80" # Web UI on 8053 to avoid conflict with Jellyfin on 8096
environment:
TZ: 'America/Chicago'
WEBPASSWORD: ${WEBPASSWORD}
# DNS settings
PIHOLE_DNS_: '8.8.8.8;8.8.4.4' # Google DNS as upstream (match primary)
# Performance settings
DNSSEC: 'true'
FTLCONF_dns_listeningMode: 'all' # Listen on all interfaces (Pi-hole v6+)
FTLCONF_webserver_port: '8053' # Web UI on port 8053 to avoid port 80 conflict
DNSMASQ_LISTENING: 'all' # Fallback for older versions
# Privacy settings
QUERY_LOGGING: 'true'
INSTALL_WEB_SERVER: 'true'
INSTALL_WEB_INTERFACE: 'true'
volumes:
- './config:/etc/pihole'
- './dnsmasq:/etc/dnsmasq.d'
restart: unless-stopped
network_mode: host # Required for proper DNS resolution
cap_add:
- NET_ADMIN # Required for DHCP functionality (optional)
dns:
- 127.0.0.1 # Use itself for DNS after startup
- 8.8.8.8 # Fallback during startup
networks:
default:
driver: bridge