TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hermes-ice/homelab/entities/ubuntu.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

169 lines
7.1 KiB
Markdown
Raw Permalink Blame History

---
title: ubuntu
created: 2026-04-28
updated: 2026-04-29
type: entity
tags: [hosts, docker, primary]
sources: []
---
# ubuntu
**Role:** Primary Docker host — runs ~70 containers for the homelab
**IP:** 192.168.50.61
**Hostname:** ubuntu
**Uptime:** 5 days, 11h (as of 2026-04-28)
**CPU Load:** 7.44 (elevated — investigate if persistent)
## Overview
ubuntu is the workhorse of the homelab — a beefy Intel NUC or server-class machine running Ubuntu with Docker. It hosts approximately 70 containers including authentik SSO, the full monitoring stack, media automation (Sonarr/Radarr/Prowlarr), AI services (whisper, qdrant, reccollection), and the primary Traefik reverse proxy.
## Hardware
| Spec | Detail |
|------|--------|
| Model | Intel NUC or server-class x86_64 |
| CPU | Multi-core x86_64 |
| RAM | 47 GB total, 31 GB available |
| Storage | NVMe/SSD (check `df -h` for details) |
| Network | Gigabit Ethernet |
| IP | 192.168.50.61 |
## Docker Containers (Live)
### Git & CI/CD
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `gitea` | 2222, 3000/tcp | healthy | Git hosting at gitea.tophermayor.com |
| `gitea-runner` | 3010/tcp | healthy | Gitea Actions self-hosted runner |
| `registry` | 5000/tcp | healthy | Private Docker registry |
### Identity & SSO
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `authentik-server` | — | healthy | SSO identity provider |
| `authentik-worker` | — | healthy | Background worker |
| `authentik-redis` | 6379/tcp | healthy | Redis for authentik |
| `postgres-shared` | 5432/tcp (127.0.0.1 + 192.168.50.61) | healthy | Shared PostgreSQL |
### Media Stack
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `jellyfin` | 8096/tcp | healthy | Media server |
| `sonarr` | — | healthy | TV management |
| `sonarr-anime` | — | healthy | Anime TV management |
| `radarr` | — | healthy | Movie management |
| `radarr-anime` | — | healthy | Anime movie management |
| `prowlarr` | — | healthy | Indexer aggregation |
| `lidarr` | — | healthy | Music management |
| `readarr` | — | healthy | E-book management |
| `bazarr` | 6767/tcp | healthy | Subtitles |
| `ombi` | 3579/tcp | healthy | Media request UI |
| `lazylibrarian` | 5299/tcp | healthy | eBook downloader |
| `flaresolverr` | 8191-8192/tcp | healthy | Proxy forflare solver |
| `sabnzbd` | — | healthy | Usenet downloader |
| `qbittorrent` | — | healthy | BitTorrent downloader |
| `gluetun` | 8000,8388,8888/tcp; 8388/udp | healthy | VPN (WireGuard/OpenVPN) |
| `stremio-server` | 11470, 12470/tcp | healthy | Streaming server |
| `navidrome` | 4533/tcp | healthy | Music streaming |
| `audiobookshelf` | 80/tcp | healthy | Audiobook streaming |
| `kavita` | 5000/tcp | healthy | Comic/ebook reader |
| `calibre` | 3000-3001/tcp | healthy | eBook management |
| `calibre-web` | 8083/tcp | healthy | Calibre web UI |
### AI & ML Services
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `faster-whisper-server` | 8394/tcp | healthy | Whisper speech-to-text |
| `qdrant-qdrant-1` | 6333-6334/tcp | healthy | Vector database |
| `ai-subscriptions` | 8020/tcp | healthy | AI subscription management |
| `ai-alert-aggregator-frontend-1` | 3002/tcp | healthy | Alert aggregator UI |
| `ai-alert-aggregator-backend-1` | — | restarting | Alert aggregator backend |
| `ai-job-pipeline-frontend-1` | 3000/tcp | healthy | Job pipeline UI |
| `ai-job-pipeline-backend-1` | — | restarting | Job pipeline backend |
| `ai-media-intelligence-backend-1` | — | restarting | Media AI backend |
| `reccollection-backend-local` | 3001/tcp | healthy | Recommendation collection backend |
| `reccollection-frontend-local` | 8081/tcp | healthy | Recommendation collection frontend |
| `reccollection-postgres-local` | 5432/tcp | healthy | reccollection PostgreSQL |
| `comparaison` | 3000/tcp | healthy | Comparison service |
### Monitoring Stack
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `prometheus` | 9090/tcp | healthy | Metrics database |
| `grafana` | 3000/tcp | healthy | Dashboards |
| `loki` | 3100/tcp | healthy | Log aggregation |
| `alertmanager` | 9093/tcp | healthy | Alert routing |
| `blackbox-exporter` | 9115/tcp | healthy | Blackbox probing |
| `node-exporter` | 9100/tcp | healthy | Host metrics |
| `cadvisor` | 8080/tcp | healthy | Container metrics |
| `promtail` | — | healthy | Log scraping |
### Infrastructure & Utility
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `traefik` | 80,443/tcp | healthy | Primary reverse proxy (HA primary) |
| `homepage-ubuntu` | 3003/tcp | healthy | Homepage dashboard |
| `rustfs` | 9000-9001/tcp | healthy | S3-compatible storage (TrueNAS backend) |
| `infisical-backend` | 8080,443/tcp | — | Secrets management |
| `infisical-db` | 5432/tcp | healthy | Infisical PostgreSQL |
| `infisical-redis` | 6379/tcp | — | Infisical Redis |
| `docker-osx` | 5901,50922/tcp | healthy | macOS VM in Docker |
| `immich_server` | 2283/tcp | healthy | Photo/video backup |
| `immich_redis` | 6379/tcp | healthy | Immich Redis |
| `immich_postgres` | 5432/tcp | healthy | Immich PostgreSQL |
| `immich_machine_learning` | — | healthy | ML for photos |
| `analyzarr` | 4310/tcp | healthy | Media analysis |
| `recyclarr` | — | — | Automated arr config sync |
| `musicseerr` | 8688/tcp | healthy | Music request server |
| `seerr` | 5055/tcp | healthy | Media request server |
| `open-computer-use` | 8080/tcp | healthy | Computer use agent (OpenComputerUse) |
| `unified-media-manager-*` | 80,3000/tcp | healthy | Multi-variant media manager UI |
**Note:** `ai-alert-aggregator-backend-1`, `ai-job-pipeline-backend-1`, `ai-media-intelligence-backend-1` are in a restart loop — investigate.
## Docker Networks
| Network | Driver | Connected services |
|---------|--------|-------------------|
| `proxy-net` | bridge | traefik (primary ingress) |
| `app-net` | bridge | general app containers |
| `uefi-proxynet` | bridge | — |
| `authentik_authentik-internal` | bridge | authentik stack |
| `monitoring_monitoring-internal` | bridge | prometheus, grafana, loki, etc. |
| `immich_immich-internal` | bridge | immich stack |
| `reccollection-internal` | bridge | reccollection stack |
| `ai-subscriptions_default` | bridge | ai-subscriptions |
| `calibre-web_default` | bridge | calibre-web |
| `faster-whisper-service_default` | bridge | faster-whisper |
| `homepage_default` | bridge | homepage |
| `comparaison_default` | bridge | comparaison |
| `infisical_infisical` | bridge | infisical stack |
| `reccollection_default` | bridge | reccollection |
## Traefik Role
ubuntu runs the **primary** Traefik instance (HA mode). It handles the majority of ingress traffic. Certificate sync via NFS from grizzley's traefik-pi. See [[traefik-ha]] for full architecture.
## Access
```bash
ssh bear@192.168.50.61
```
## Related
- [[ice]] — Control plane
- [[grizzley]] — Edge node, Traefik HA backup
- [[authentik]] — SSO running on ubuntu
- [[traefik]] — Traefik entity
- [[proxmox]] — Hosts ubuntu as a VM (VMID 9003)
- [[truenas]] — NFS/S3 storage backend
Reference in New Issue View Git Blame Copy Permalink