kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Update RUNBOOK.md

Browse source
This commit is contained in:
kenpat 2026-06-11 20:56:03 +00:00
parent 24458bd5d1
commit c231bcce70
1 changed files with 16 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

32
RUNBOOK.md
View file

@ -14,30 +14,30 @@ Internet
└── Cloudflare (DNS + Tunnel) └── Cloudflare (DNS + Tunnel)
│ Active-Active across 3 connectors │ Active-Active across 3 connectors
├── cloudflared on monk (primary home machine) ├── cloudflared on monk (primary home machine)
├── cloudflared on kscloud1 (Hetzner VPS, 5.78.233.28) ├── cloudflared on kscloud1 (Hetzner VPS, [IP REDACTED])
└── cloudflared on assassin (T14, currently OFF) └── cloudflared on assassin (T14, currently OFF)
Tailscale overlay network (VPN mesh): Tailscale overlay network (VPN mesh):
monk 100.85.209.116 monk [IP REDACTED]
kscloud1 100.123.254.52 ← hosts shared Authentik Postgres + Redis kscloud1 [IP REDACTED] ← hosts shared Authentik Postgres + Redis
assassin 100.90.13.55 (off) assassin [IP REDACTED] (off)
pixel-6 100.74.0.109 pixel-6 [IP REDACTED]
samurai 100.91.238.73 samurai [IP REDACTED]
``` ```
**Nine public subdomains** route through the same Cloudflare Tunnel token. Both monk and kscloud1 are connectors so the site stays up when either goes offline. **Nine public subdomains** route through the same Cloudflare Tunnel token. Both monk and kscloud1 are connectors so the site stays up when either goes offline.
| Subdomain | Container | Port | | Subdomain | Container | Port |
|-----------|-----------|------| |-----------|-----------|------|
| www.kitestacks.com | homepage (nginx portal) | 3000 | | www.kitestacks.com | homepage (nginx portal) | [IP REDACTED] |
| auth.kitestacks.com | authentik | 9000 | | auth.kitestacks.com | authentik | [IP REDACTED] |
| gitforge.kitestacks.com | forgejo | 3000 | | gitforge.kitestacks.com | forgejo | [IP REDACTED] |
| tasks.kitestacks.com | openproject | 80 | | tasks.kitestacks.com | openproject | [IP REDACTED] |
| ai.kitestacks.com | kite-openwebui | 8080 | | ai.kitestacks.com | kite-openwebui | [IP REDACTED] |
| links.kitestacks.com | karakeep | 80 | | links.kitestacks.com | karakeep | [IP REDACTED] |
| kavita.kitestacks.com | kavita | 5000 | | kavita.kitestacks.com | kavita | [IP REDACTED] |
| grafana.kitestacks.com | grafana | 3000 | | grafana.kitestacks.com | grafana | [IP REDACTED] |
| status.kitestacks.com | uptime-kuma | 3001 | | status.kitestacks.com | uptime-kuma | [IP REDACTED] |
**Important — active-active data model:** monk and kscloud1 each run their own copies of all stateful apps (Forgejo, Kavita, OpenProject, etc.) with independent databases. Data is intentionally NOT synced between them (except for Authentik, which shares a single Postgres+Redis on kscloud1 over Tailscale). If kscloud1 serves a request, the user sees kscloud1's database. This is the accepted tradeoff for guaranteed uptime. **Important — active-active data model:** monk and kscloud1 each run their own copies of all stateful apps (Forgejo, Kavita, OpenProject, etc.) with independent databases. Data is intentionally NOT synced between them (except for Authentik, which shares a single Postgres+Redis on kscloud1 over Tailscale). If kscloud1 serves a request, the user sees kscloud1's database. This is the accepted tradeoff for guaranteed uptime.
@ -122,7 +122,7 @@ sudo tailscale up
### 2.2 SSH access ### 2.2 SSH access
```bash ```bash
ssh -i ~/.ssh/id_ed25519_kscloud1 kenpat@5.78.233.28 ssh -i ~/.ssh/id_ed25519_kscloud1 kenpat@[IP REDACTED]
``` ```
Password for sudo: `p12217177` (non-interactive sudo: `echo p12217177 | sudo -S <cmd>`) Password for sudo: `p12217177` (non-interactive sudo: `echo p12217177 | sudo -S <cmd>`)