From 4c9fe64fc373147784f625fbc773c7a9c05f9db7 Mon Sep 17 00:00:00 2001 From: Cal Corum Date: Sat, 7 Feb 2026 22:21:17 -0600 Subject: [PATCH] Add server configs for discord-bots, foundry-lxc, termix, and pihole Pull Docker Compose configs for discord-bots VM, foundry-lxc LXC, and termix. Add pihole and orbital-sync compose files for ubuntu-manticore. Back up LXC 223 (foundry) Proxmox config. Co-Authored-By: Claude Opus 4.6 --- .../docker-compose/foundry/.env.example | 5 + .../docker-compose/foundry/docker-compose.yml | 33 ++ .../docker-compose/foundry/.env.example | 5 + .../docker-compose/foundry/docker-compose.yml | 20 + server-configs/proxmox/lxc/223.conf | 9 + server-configs/termix/README.md | 375 ++++++++++++++++++ server-configs/termix/docker-compose.yml | 59 +++ .../termix/homelab-hosts-import.json | 236 +++++++++++ .../docker-compose/orbital-sync/.env.example | 12 + .../orbital-sync/docker-compose.yml | 35 ++ .../docker-compose/pihole/.env.example | 12 + .../docker-compose/pihole/docker-compose.yml | 38 ++ 12 files changed, 839 insertions(+) create mode 100644 server-configs/discord-bots/docker-compose/foundry/.env.example create mode 100644 server-configs/discord-bots/docker-compose/foundry/docker-compose.yml create mode 100644 server-configs/foundry-lxc/docker-compose/foundry/.env.example create mode 100644 server-configs/foundry-lxc/docker-compose/foundry/docker-compose.yml create mode 100644 server-configs/proxmox/lxc/223.conf create mode 100644 server-configs/termix/README.md create mode 100644 server-configs/termix/docker-compose.yml create mode 100644 server-configs/termix/homelab-hosts-import.json create mode 100644 server-configs/ubuntu-manticore/docker-compose/orbital-sync/.env.example create mode 100644 server-configs/ubuntu-manticore/docker-compose/orbital-sync/docker-compose.yml create mode 100644 server-configs/ubuntu-manticore/docker-compose/pihole/.env.example create mode 100644 server-configs/ubuntu-manticore/docker-compose/pihole/docker-compose.yml diff --git a/server-configs/discord-bots/docker-compose/foundry/.env.example b/server-configs/discord-bots/docker-compose/foundry/.env.example new file mode 100644 index 0000000..4fe10f7 --- /dev/null +++ b/server-configs/discord-bots/docker-compose/foundry/.env.example @@ -0,0 +1,5 @@ +# Foundry VTT Credentials +# Get these from your Foundry VTT account at foundryvtt.com +FOUNDRY_USERNAME=your_foundry_username +FOUNDRY_PASSWORD=your_foundry_password +FOUNDRY_ADMIN_KEY=your_admin_password diff --git a/server-configs/discord-bots/docker-compose/foundry/docker-compose.yml b/server-configs/discord-bots/docker-compose/foundry/docker-compose.yml new file mode 100644 index 0000000..4ee00cb --- /dev/null +++ b/server-configs/discord-bots/docker-compose/foundry/docker-compose.yml @@ -0,0 +1,33 @@ +version: "3.8" + +# secrets: +# config_json: +# file: secrets.json + +services: + foundry: + image: felddy/foundryvtt:release + restart: unless-stopped + hostname: foundry + volumes: + - type: bind + source: ./data + target: /data + environment: + - FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD} + - FOUNDRY_USERNAME=${FOUNDRY_USERNAME} + - FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY} + - CONTAINER_PRESERVE_CONFIG=true + - FOUNDRY_CSS_THEME=scifi + # - FOUNDRY_HOSTNAME=foundry.manticorum.com + - FOUNDRY_GID=0 + - FOUNDRY_UID=0 + - FOUNDRY_MINIFY_STATIC_FILES=true + - TIMEZONE=America/Chicago + ports: + - target: 30000 + published: 30000 + protocol: tcp + # secrets: + # - source: config_json + # target: config.json diff --git a/server-configs/foundry-lxc/docker-compose/foundry/.env.example b/server-configs/foundry-lxc/docker-compose/foundry/.env.example new file mode 100644 index 0000000..4fe10f7 --- /dev/null +++ b/server-configs/foundry-lxc/docker-compose/foundry/.env.example @@ -0,0 +1,5 @@ +# Foundry VTT Credentials +# Get these from your Foundry VTT account at foundryvtt.com +FOUNDRY_USERNAME=your_foundry_username +FOUNDRY_PASSWORD=your_foundry_password +FOUNDRY_ADMIN_KEY=your_admin_password diff --git a/server-configs/foundry-lxc/docker-compose/foundry/docker-compose.yml b/server-configs/foundry-lxc/docker-compose/foundry/docker-compose.yml new file mode 100644 index 0000000..24bf844 --- /dev/null +++ b/server-configs/foundry-lxc/docker-compose/foundry/docker-compose.yml @@ -0,0 +1,20 @@ +services: + foundry: + image: felddy/foundryvtt:release + restart: unless-stopped + hostname: foundry + security_opt: + - apparmor=unconfined + volumes: + - type: bind + source: ./data + target: /data + environment: + - FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD} + - FOUNDRY_USERNAME=${FOUNDRY_USERNAME} + - FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY} + - CONTAINER_PRESERVE_CONFIG=true + - FOUNDRY_VERSION=13.351 + - FOUNDRY_MINIFY_STATIC_FILES=true + ports: + - "30000:30000" diff --git a/server-configs/proxmox/lxc/223.conf b/server-configs/proxmox/lxc/223.conf new file mode 100644 index 0000000..5e235da --- /dev/null +++ b/server-configs/proxmox/lxc/223.conf @@ -0,0 +1,9 @@ +arch: amd64 +cores: 2 +features: nesting=1,keyctl=1 +hostname: foundry-lxc +memory: 2048 +net0: name=eth0,bridge=vmbr0,gw=10.10.0.1,hwaddr=56:72:BD:0F:EC:39,ip=10.10.0.223/24,type=veth +ostype: ubuntu +rootfs: local-lvm:vm-223-disk-0,size=16G +swap: 512 diff --git a/server-configs/termix/README.md b/server-configs/termix/README.md new file mode 100644 index 0000000..d44b06d --- /dev/null +++ b/server-configs/termix/README.md @@ -0,0 +1,375 @@ +# Termix - SSH Server Management Platform + +**LXC 210 (n8n)** | **10.10.0.210:8180** | **termix.manticorum.com** + +Self-hosted, open-source alternative to Termius for comprehensive SSH server management with web-based terminal, file management, Docker control, and monitoring. + +## Quick Info + +| Property | Value | +|----------|-------| +| **Type** | Docker container on n8n LXC | +| **Host OS** | Ubuntu (LXC 210) | +| **Host IP** | 10.10.0.210 | +| **Port** | 8180 (internal) | +| **Public URL** | https://termix.manticorum.com | +| **Termix Version** | 1.11.0 (via Docker) | +| **Reverse Proxy** | Nginx Proxy Manager (10.10.0.16) | + +## Deployment Details + +- **Deployed on**: Existing n8n LXC (210) to save resources +- **Shares container with**: n8n, omni-tools +- **Docker compose**: `/opt/termix/docker-compose.yml` +- **Data directory**: `/opt/termix/data/` + +## Services + +### Termix Web App +- **Port**: 8080 (internal) +- **Tech Stack**: TypeScript/React, SQLite database +- **Data**: `/opt/termix/data` (encrypted SQLite) +- **Config**: Environment variables in docker-compose + +### Docker Engine +- Required to run Termix container +- Manages Termix app lifecycle + +## Management + +### Access Container +```bash +ssh root@10.10.0.210 +# or via Proxmox +pct enter 210 +``` + +### Service Management +```bash +# Status +cd /opt/termix +docker compose ps + +# Restart +docker compose restart + +# Logs +docker compose logs -f + +# Stop/Start +docker compose down +docker compose up -d +``` + +### View Termix Logs +```bash +docker compose logs -f termix +``` + +## Configuration + +### Docker Compose Location +`/opt/termix/docker-compose.yml` + +### Environment Variables +Created in `/opt/termix/.env` (if needed): +```env +# Termix configuration +TERMIX_PORT=8080 +# Add any custom env vars as needed +``` + +### Data Persistence +All Termix data is stored in `/opt/termix/data`: +- **Database**: Encrypted SQLite with server credentials +- **SSH Keys**: Generated and managed by Termix +- **User Settings**: RBAC, 2FA settings, preferences + +## Features & Usage + +### SSH Terminal +- Full-featured web terminal with split-screen (up to 4 panels) +- Tab-based interface for multiple sessions +- Copy/paste support +- Session reconnection + +### SSH Tunneling +- Create local and remote tunnels +- Automatic reconnection with health monitoring +- Persistent tunnel configuration + +### File Management +- Upload/download files via web interface +- Remote file editing with syntax highlighting +- View code and media files directly +- Directory navigation and operations + +### Docker Management +- List containers across connected servers +- Start/stop/pause/remove containers +- Exec into containers with web terminal +- View container logs and stats + +### Server Monitoring +- Real-time CPU, memory, disk, network usage +- Server uptime tracking +- Firewall status visibility +- Custom dashboards with network graphs + +### Host Management +- Save SSH connections with tags and folders +- Automated SSH key deployment +- Organize servers by environment, project, or location +- Quick connect from saved hosts + +### Security Features +- **RBAC**: Role-based access control for multi-user +- **2FA**: TOTP authentication support +- **OIDC**: Single sign-on integration +- **Encryption**: All credentials encrypted in database + +## Initial Setup + +### First Login +1. Navigate to https://termix.manticorum.com +2. Create admin account on first run +3. **Important**: Enable 2FA immediately after account creation + +### Add Your First Server +1. Click "Add Host" or "+" +2. Enter connection details: + - **Hostname**: Server IP or hostname (e.g., `10.10.0.33`) + - **Port**: 22 (default SSH) + - **Username**: SSH user (e.g., `cal` or `root`) + - **Auth**: SSH key (recommended) or password +3. Test connection +4. Organize with tags (e.g., `proxmox`, `docker`, `production`) + +### Deploy SSH Keys +Termix can generate and deploy SSH keys to your servers: +1. Generate key pair in Termix +2. Use "Deploy SSH Key" feature +3. Termix will add the key to `~/.ssh/authorized_keys` on target server + +### Organize Servers +Create folders for organization: +- **By Environment**: `production/`, `development/`, `homelab/` +- **By Function**: `docker-hosts/`, `databases/`, `proxmox/` +- **By Location**: `local/`, `cloud/` + +## Quick Import: All Home Lab Servers + +A pre-configured JSON import file is available with all your home lab servers: + +**File**: `server-configs/termix/homelab-hosts-import.json` + +### Import Instructions +1. Log into Termix at https://termix.manticorum.com +2. Go to **Settings** → **Import/Export** +3. Click **Import Hosts** +4. Upload `homelab-hosts-import.json` +5. All 12 servers will be imported with: + - Organized folders (Infrastructure, LXC Containers, VMs, Cloud) + - Appropriate tags for filtering + - Docker management enabled for Docker hosts + - File manager with correct default paths + - System monitoring enabled + - Database tunnel pre-configured for strat-database + +### After Import: Configure SSH Keys +The import uses SSH key authentication. After importing: +1. Go to each host in Termix +2. Edit host settings +3. Add your SSH private key or generate a new one in Termix +4. Use Termix's "Deploy SSH Key" feature to add keys to servers + +**Or** use password authentication temporarily: +- Edit each host and change `authType` to "password" +- Add password in the password field +- Later switch to SSH keys for security + +### Included Servers + +| Server | IP | User | Folder | Features | +|--------|-----|------|--------|----------| +| proxmox | 10.10.0.11 | root | Infrastructure | ⭐ Pinned, Monitoring | +| ubuntu-manticore | 10.10.0.226 | cal | Physical Servers | ⭐ Pinned, Docker, Media | +| n8n | 10.10.0.210 | root | LXC Containers | ⭐ Pinned, Docker, Automation | +| discord-bots | 10.10.0.33 | cal | Virtual Machines | Docker, Dev Bots | +| sba-bots | 10.10.0.88 | cal | Virtual Machines | ⭐ Pinned, Docker, Production | +| strat-database | 10.10.0.42 | cal | Virtual Machines | Docker, Database, Tunnel | +| arr-stack | 10.10.0.221 | root | LXC Containers | Docker, Media Automation | +| foundry-lxc | 10.10.0.223 | root | LXC Containers | Docker, Gaming | +| openclaw | 10.10.0.224 | root | LXC Containers | Docker, AI Assistant | +| gitea | 10.10.0.225 | root | LXC Containers | Git Server, CI/CD | +| home-assistant | 10.0.0.28 | root | Virtual Machines | Smart Home | +| akamai | 172.237.147.99 | root | Cloud Servers | Docker, Public Cloud | + +## Backup + +### What to Backup +1. **Termix database**: `/opt/termix/data/` (contains all settings, credentials, SSH keys) +2. **Docker compose**: `/opt/termix/docker-compose.yml` +3. **Environment**: `/opt/termix/.env` (if exists) + +### Backup Commands +```bash +# Full data directory (includes encrypted database) +tar -czf termix-backup-$(date +%Y%m%d).tar.gz /opt/termix + +# Database only +cp /opt/termix/data/termix.db /backups/termix-db-$(date +%Y%m%d).db +``` + +### Restore +```bash +# Stop Termix +cd /opt/termix +docker compose down + +# Restore data +tar -xzf termix-backup.tar.gz -C / + +# Start Termix +docker compose up -d +``` + +## Upgrades + +### Update Termix +```bash +cd /opt/termix + +# Pull latest image +docker compose pull + +# Restart with new image +docker compose down +docker compose up -d + +# Check logs for successful start +docker compose logs -f +``` + +### Check Version +View version in Termix web UI: Settings → About + +## Integration with NPM + +Configure reverse proxy on NPM (10.10.0.16): +- **Domain**: termix.manticorum.com +- **Scheme**: http +- **Forward Hostname/IP**: 10.10.0.210 +- **Forward Port**: 8180 +- **SSL**: Let's Encrypt +- **Websockets**: ✅ **MUST BE ENABLED** (required for terminal sessions) +- **Block Common Exploits**: Enabled +- **Cache Assets**: Disabled (for real-time terminal) + +## Troubleshooting + +### Container won't start +```bash +# Check logs +docker compose logs + +# Common issues: +# - Port 8080 already in use +# - Missing /opt/termix/data directory +# - Permissions on data directory +``` + +### Can't connect to servers from Termix +```bash +# Ensure Termix container has network access +docker exec -it termix ping 10.10.0.11 + +# Check SSH from container +docker exec -it termix ssh -v user@server-ip + +# Verify firewall rules on target servers +``` + +### 502 Bad Gateway on web +```bash +# Check Termix is running and listening +docker compose ps +docker compose logs + +# Test local connection +curl http://localhost:8080 + +# Verify NPM can reach container +curl http://10.10.0.226:8080 +``` + +### Terminal sessions disconnect +- Ensure websockets are enabled in NPM +- Check for network connectivity issues +- Verify Termix auto-reconnect settings + +### Database corruption +```bash +# Stop Termix +docker compose down + +# Restore from backup +cp /backups/termix-db-YYYYMMDD.db /opt/termix/data/termix.db + +# Start Termix +docker compose up -d +``` + +## Security Notes + +- All credentials are encrypted in SQLite database +- SSH keys are stored securely within Termix +- Enable 2FA for all users +- Use SSH key authentication instead of passwords where possible +- LXC is unprivileged for better isolation +- Termix only accessible via HTTPS through NPM +- Consider restricting NPM access to internal network only + +## Advanced Configuration + +### OIDC Integration +For single sign-on with external identity provider: +1. Configure OIDC provider (e.g., Authelia, Keycloak) +2. Add OIDC settings to Termix via environment variables +3. Enable OIDC login in Termix settings + +### Custom Themes +Termix uses Tailwind/Shadcn UI. Themes can be customized if building from source. + +### Multi-User Setup +1. Create user accounts in Termix admin panel +2. Assign roles (Admin, User, Viewer) +3. Set per-user server access permissions +4. Enforce 2FA for all users + +## Related Documentation + +- [Official Termix GitHub](https://github.com/Termix-SSH/Termix) +- [Termix Documentation](https://github.com/Termix-SSH/Termix/wiki) (check for wiki) +- [Proxmox LXC Config](../proxmox/lxc/226.conf) +- [Networking Setup](../../networking/CONTEXT.md) + +## Deployment Date + +**Created**: 2026-02-03 +**By**: Claude Code (Proxmox Skill) +**Tech**: Termix (Docker) on Ubuntu 22.04 LXC + +## Next Steps + +After deployment: +1. ✅ Create LXC 226 on Proxmox +2. ✅ Install Docker and Docker Compose +3. ✅ Deploy Termix via docker-compose +4. ⬜ Configure NPM reverse proxy +5. ⬜ Set up first admin account +6. ⬜ Enable 2FA +7. ⬜ Add home lab servers to Termix +8. ⬜ Deploy SSH keys to managed servers +9. ⬜ Organize servers with tags and folders +10. ⬜ Test terminal, file management, Docker control features diff --git a/server-configs/termix/docker-compose.yml b/server-configs/termix/docker-compose.yml new file mode 100644 index 0000000..abfc661 --- /dev/null +++ b/server-configs/termix/docker-compose.yml @@ -0,0 +1,59 @@ +version: '3.8' + +services: + termix: + image: ghcr.io/lukegus/termix:latest + container_name: termix + restart: unless-stopped + ports: + - "8180:8080" + volumes: + # Persistent data volume for database, SSH keys, settings + - ./data:/app/data + environment: + # Port configuration (default is 8080) + - PORT=8080 + + # Optional: Set timezone + - TZ=America/New_York + + # Optional: Custom app name + # - APP_NAME=Manticorum SSH Manager + + # Optional: Database path (default is /app/data/termix.db) + # - DATABASE_PATH=/app/data/termix.db + + # Optional: Resource limits + # deploy: + # resources: + # limits: + # cpus: '1.5' + # memory: 1G + # reservations: + # cpus: '0.5' + # memory: 512M + + # Security options + security_opt: + - no-new-privileges:true + + # Network mode (bridge is default) + network_mode: bridge + + # Health check + healthcheck: + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + +# Optional: Define custom network +# networks: +# termix-network: +# driver: bridge + +# Optional: Backup volume +# volumes: +# termix-data: +# driver: local diff --git a/server-configs/termix/homelab-hosts-import.json b/server-configs/termix/homelab-hosts-import.json new file mode 100644 index 0000000..2e38c61 --- /dev/null +++ b/server-configs/termix/homelab-hosts-import.json @@ -0,0 +1,236 @@ +{ + "hosts": [ + { + "name": "Proxmox (Main Hypervisor)", + "ip": "10.10.0.11", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Infrastructure", + "tags": ["proxmox", "hypervisor", "critical"], + "pin": true, + "notes": "Main Proxmox VE hypervisor - manages all VMs and LXC containers", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": false, + "enableTunnel": true, + "defaultPath": "/etc/pve", + "statsConfig": { + "enabledWidgets": ["cpu", "memory", "disk", "network", "uptime", "system"], + "statusCheckEnabled": true, + "statusCheckInterval": 30, + "metricsEnabled": true, + "metricsInterval": 30 + } + }, + { + "name": "ubuntu-manticore (Media Server)", + "ip": "10.10.0.226", + "port": 22, + "username": "cal", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Physical Servers", + "tags": ["docker", "media", "jellyfin", "tdarr", "physical"], + "pin": true, + "notes": "Physical Ubuntu server - Jellyfin, Tdarr, Watchstate. Shares GPU with Tdarr for transcoding.", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/home/cal/docker", + "statsConfig": { + "enabledWidgets": ["cpu", "memory", "disk", "network", "uptime", "processes"], + "statusCheckEnabled": true, + "metricsEnabled": true + } + }, + { + "name": "n8n (Automation + Termix)", + "ip": "10.10.0.210", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "LXC Containers", + "tags": ["lxc", "docker", "automation", "n8n", "termix", "omni-tools"], + "pin": true, + "notes": "n8n workflow automation, OmniTools utilities, and Termix (this instance!)", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/opt", + "statsConfig": { + "enabledWidgets": ["cpu", "memory", "disk", "network", "uptime"], + "statusCheckEnabled": true, + "metricsEnabled": true + } + }, + { + "name": "discord-bots (Development Bots)", + "ip": "10.10.0.33", + "port": 22, + "username": "cal", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Virtual Machines", + "tags": ["vm", "docker", "bots", "discord", "development"], + "notes": "Discord bots and game services: MLN Ghost Ball, Major Domo dev, Foundry, Forever Werewolf, etc.", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/home/cal/container-data" + }, + { + "name": "sba-bots (Production Bots)", + "ip": "10.10.0.88", + "port": 22, + "username": "cal", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Virtual Machines", + "tags": ["vm", "docker", "bots", "production", "paper-dynasty", "major-domo"], + "pin": true, + "notes": "SBA/Paper Dynasty production: Paper Dynasty bot, Major Domo, SBA website, SBA Ghost", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/home/cal/container-data" + }, + { + "name": "strat-database (Databases)", + "ip": "10.10.0.42", + "port": 22, + "username": "cal", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Virtual Machines", + "tags": ["vm", "docker", "database", "postgres", "production"], + "notes": "Database services: SBA cards, PD database, Postgres, dev databases", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/home/cal/container-data", + "tunnelConnections": [ + { + "sourcePort": 5433, + "endpointPort": 5432, + "endpointHost": "localhost", + "maxRetries": 3, + "retryInterval": 10, + "autoStart": false + } + ] + }, + { + "name": "arr-stack (Media Automation)", + "ip": "10.10.0.221", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "LXC Containers", + "tags": ["lxc", "docker", "media", "sonarr", "radarr", "automation"], + "notes": "Media automation stack: Sonarr, Radarr, Prowlarr, etc.", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/opt/arr-stack" + }, + { + "name": "foundry-lxc (Foundry VTT)", + "ip": "10.10.0.223", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "LXC Containers", + "tags": ["lxc", "docker", "gaming", "foundry", "vtt"], + "notes": "Foundry VTT tabletop gaming server", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/opt/foundry" + }, + { + "name": "openclaw (Personal AI)", + "ip": "10.10.0.224", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "LXC Containers", + "tags": ["lxc", "docker", "ai", "openclaw", "assistant"], + "notes": "OpenClaw personal AI assistant with MiniMax M2.1 and Discord integration", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/opt/openclaw" + }, + { + "name": "gitea (Git Server)", + "ip": "10.10.0.225", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "LXC Containers", + "tags": ["lxc", "git", "gitea", "ci-cd", "development"], + "notes": "Gitea self-hosted Git server with Gitea Actions for CI/CD. URL: https://git.manticorum.com", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": false, + "enableTunnel": true, + "defaultPath": "/var/lib/gitea" + }, + { + "name": "home-assistant", + "ip": "10.0.0.28", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Virtual Machines", + "tags": ["vm", "homeassistant", "smart-home", "automation"], + "notes": "Home Assistant OS - smart home automation with Matter, mobile app, weather", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": false, + "enableTunnel": true, + "defaultPath": "/root", + "statsConfig": { + "enabledWidgets": ["cpu", "memory", "disk", "network", "uptime"], + "statusCheckEnabled": true + } + }, + { + "name": "akamai (Public Cloud)", + "ip": "172.237.147.99", + "port": 22, + "username": "root", + "authType": "key", + "key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7SgAAAJgwObKaMDmy\nmgAAAAtzc2gtZWQyNTUxOQAAACB3EOKxBdlNuQqZreE34KSIzIJ4+OAV+1mRMcXrF4Q7Sg\nAAAEDPaTj4EngcSzo2ZXJXYSB3+JBl9ZavXPMHs8Cyo19D4XcQ4rEF2U25Cpmt4TfgpIjM\ngnj44BX7WZExxesXhDtKAAAADnRlcm1peEBob21lbGFiAQIDBAUGBw==\n-----END OPENSSH PRIVATE KEY-----\n", + "folder": "Cloud Servers", + "tags": ["cloud", "akamai", "linode", "docker", "production", "public"], + "notes": "Akamai Linode - public-facing services: NPM, Major Domo, dev Paper Dynasty, SBA website", + "enableTerminal": true, + "enableFileManager": true, + "enableDocker": true, + "enableTunnel": true, + "defaultPath": "/root/container-data", + "statsConfig": { + "enabledWidgets": ["cpu", "memory", "disk", "network", "uptime", "system"], + "statusCheckEnabled": true, + "statusCheckInterval": 60 + } + } + ] +} diff --git a/server-configs/ubuntu-manticore/docker-compose/orbital-sync/.env.example b/server-configs/ubuntu-manticore/docker-compose/orbital-sync/.env.example new file mode 100644 index 0000000..9fa1d58 --- /dev/null +++ b/server-configs/ubuntu-manticore/docker-compose/orbital-sync/.env.example @@ -0,0 +1,12 @@ +# Orbital Sync Configuration +# Copy this file to .env and fill in the values + +# Primary Pi-hole (npm-pihole) - v6 app password +# Generated via: http://10.10.0.16:81/admin → Settings → Web Interface / API → Configure app password +# Stored in: ~/.claude/secrets/pihole1_app_password +PRIMARY_HOST_PASSWORD=your_primary_pihole_app_password_here + +# Secondary Pi-hole (ubuntu-manticore) - v6 app password +# Generated via: http://10.10.0.226:8053/admin → Settings → Web Interface / API → Configure app password +# Stored in: ~/.claude/secrets/pihole2_app_password +SECONDARY_HOST_PASSWORD=your_secondary_pihole_app_password_here diff --git a/server-configs/ubuntu-manticore/docker-compose/orbital-sync/docker-compose.yml b/server-configs/ubuntu-manticore/docker-compose/orbital-sync/docker-compose.yml new file mode 100644 index 0000000..ac9fca8 --- /dev/null +++ b/server-configs/ubuntu-manticore/docker-compose/orbital-sync/docker-compose.yml @@ -0,0 +1,35 @@ +version: '3.8' + +services: + orbital-sync: + container_name: orbital-sync + image: mattwebbio/orbital-sync:latest + environment: + # Primary Pi-hole (npm-pihole) + PRIMARY_HOST_BASE_URL: 'http://10.10.0.16:81' + PRIMARY_HOST_PASSWORD: ${PRIMARY_HOST_PASSWORD} + + # Secondary Pi-hole (ubuntu-manticore) + SECONDARY_HOST_1_BASE_URL: 'http://127.0.0.1:8053' + SECONDARY_HOST_1_PASSWORD: ${SECONDARY_HOST_PASSWORD} + + # Sync configuration + INTERVAL_MINUTES: '5' # Sync every 5 minutes + + # What to sync + SYNC_WHITELIST: 'true' + SYNC_REGEX_WHITELIST: 'true' + SYNC_BLACKLIST: 'true' + SYNC_REGEXLIST: 'true' + SYNC_ADLIST: 'true' + SYNC_CLIENT: 'true' + SYNC_GROUP: 'true' + SYNC_AUDITLOG: 'true' + SYNC_STATICDHCPLEASES: 'false' # Don't sync DHCP (not using Pi-hole for DHCP) + SYNC_LOCALDNSRECORDS: 'true' # Sync custom DNS entries + SYNC_LOCALCNAMERECORDS: 'true' # Sync CNAME records + + # Logging + LOG_LEVEL: 'info' + network_mode: host # Required to access localhost Pi-hole + restart: unless-stopped diff --git a/server-configs/ubuntu-manticore/docker-compose/pihole/.env.example b/server-configs/ubuntu-manticore/docker-compose/pihole/.env.example new file mode 100644 index 0000000..f1c9232 --- /dev/null +++ b/server-configs/ubuntu-manticore/docker-compose/pihole/.env.example @@ -0,0 +1,12 @@ +# Pi-hole Configuration +# Copy this file to .env and fill in the values + +# Web interface password +WEBPASSWORD=your_secure_password_here + +# Timezone +TZ=America/Chicago + +# Pi-hole v6 App Password +# Generated via: Settings → Web Interface / API → Advanced Settings → Configure app password +# Stored in: ~/.claude/secrets/pihole2_app_password diff --git a/server-configs/ubuntu-manticore/docker-compose/pihole/docker-compose.yml b/server-configs/ubuntu-manticore/docker-compose/pihole/docker-compose.yml new file mode 100644 index 0000000..e1d935b --- /dev/null +++ b/server-configs/ubuntu-manticore/docker-compose/pihole/docker-compose.yml @@ -0,0 +1,38 @@ +version: '3.8' + +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + ports: + - "53:53/tcp" + - "53:53/udp" + - "8053:80" # Web UI on 8053 to avoid conflict with Jellyfin on 8096 + environment: + TZ: 'America/Chicago' + WEBPASSWORD: ${WEBPASSWORD} + # DNS settings + PIHOLE_DNS_: '8.8.8.8;8.8.4.4' # Google DNS as upstream (match primary) + # Performance settings + DNSSEC: 'true' + FTLCONF_dns_listeningMode: 'all' # Listen on all interfaces (Pi-hole v6+) + FTLCONF_webserver_port: '8053' # Web UI on port 8053 to avoid port 80 conflict + DNSMASQ_LISTENING: 'all' # Fallback for older versions + # Privacy settings + QUERY_LOGGING: 'true' + INSTALL_WEB_SERVER: 'true' + INSTALL_WEB_INTERFACE: 'true' + volumes: + - './config:/etc/pihole' + - './dnsmasq:/etc/dnsmasq.d' + restart: unless-stopped + network_mode: host # Required for proper DNS resolution + cap_add: + - NET_ADMIN # Required for DHCP functionality (optional) + dns: + - 127.0.0.1 # Use itself for DNS after startup + - 8.8.8.8 # Fallback during startup + +networks: + default: + driver: bridge