Infrastructure Overview
Services
| Service | Subdomain | Port | Container | Stack Path | Status | Notes |
|---|---|---|---|---|---|---|
| BudStab | bud.buckstabu.dev | 5000 | budstab | /root/server/budstab/ | Active | Custom app, Watchtower EXCLUDED |
| Authelia | auth.buckstabu.dev | 9091 | authelia | /root/server/authelia/ | Active | 2FA for all *.buckstabu.dev |
| Vaultwarden | vault.buckstabu.dev | 80 | vaultwarden | /root/server/vaultwarden/ | Active | Bitwarden-compatible |
| Ente (web) | ente.buckstabu.dev | 3000 | my-ente-web-1 | /root/server/my-ente/ | Active | Google Photos replacement |
| Ente (API) | api.ente.buckstabu.dev | 8080 | my-ente-museum-1 | /root/server/my-ente/ | Active | MEGA S4 backend |
| Navidrome | music.buckstabu.dev | 4533 | navidrome | /root/server/navidrome/ | Active | rclone MEGA mount |
| Trek | trek.buckstabu.dev | — | trek | /root/server/trek/ | Active | Needs SETUID/SETGID |
| Blinko | blinko.buckstabu.dev | 1111 | blinko | /root/server/blinko/ | Active | Notes/bookmarks |
| Watchtower | — | — | watchtower | /root/server/watchtower/ | Active | Auto-updates, excludes BudStab |
| Glance | — | — | glance | /root/server/glance/ | Active | Dashboard |
| Memos | — | — | memos | /root/server/memos/ | Active | Memos |
| Actual | — | — | actual | /root/server/actual/ | Active | Budget |
| SMTP Relay | — | — | smtp-relay | /root/server/smtp-relay/ | Active | Brevo, boky/postfix |
| Notes | — | — | notes | /root/server/notes/ | Active | Standard Notes instance |
| BudStab DB | — | — | — | /root/server/budstab/ | Active | SQLite, backup at 03:00 |
Backup Schedule
| Time | Service | Method | Destination |
|---|---|---|---|
| 03:00 | BudStab SQLite | GPG AES-256 | MEGA S4 dedicated bucket |
| 03:30 | Vaultwarden | GPG AES-256 | MEGA S4 dedicated bucket |
| 04:00 | Ente Postgres | GPG AES-256 | MEGA S4 dedicated bucket |
Quick Commands
SSH Login:
$ssh thomas@89.167.7.211
Navigate to server dir:
$cd /root/server && ls
Check running containers:
$docker ps
Check CrowdSec status:
$sudo systemctl status crowdsec
Open Issues
- No-IP DDNS: router sends LAN IP instead of WAN IP to scatto.ddns.net → CrowdSec dynamic home IP whitelisting incomplete
- Spotify playlist import: into Navidrome (tunesynctool / NaviSpot) — blocked until MusicBrainz Picard library reorg complete
- Seafile: self-hosted E2E storage — not yet implemented