shad0w/homelab-voyager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
homelab-voyager/README.md
Hardik a81e83e16b Add stirling pdf
2026-06-04 00:49:35 +00:00

101 lines
3.6 KiB
Markdown
Raw Blame History

# Voyager Homelab — Docker Stack
Self-hosted infrastructure running on an HP t630 thin client (Ubuntu Server).
All services are exposed externally via [Pangolin](https://github.com/fosrl/pangolin) reverse proxy tunnel through PMS1 (`tunnel.pelagiamarine.com`).
---
## Architecture
```
Client
└── Pangolin (PMS1 VPS) ── Newt tunnel ──► Voyager (192.168.1.55)
├── Pi-hole :53
├── Unbound :5335
├── dnscrypt-proxy :5053
├── Vaultwarden :8000
├── Forgejo :3000
├── Karakeep :3000
├── Resilio Sync :8888
└── Stirling pdf :8181
```
### DNS Chain
```
LAN Devices → Pi-hole (ad blocking) → Unbound (recursive) → dnscrypt-proxy (DoH) → Cloudflare/Quad9
```
---
## Services
### DNS (`dns/`)
| Service | Role | Port |
|---|---|---|
| Pi-hole | Network-wide ad blocking | 53 (public) |
| Unbound | Recursive DNS resolver + DNSSEC | 5335 (internal) |
| dnscrypt-proxy | DNS-over-HTTPS encryption | 5053 (internal) |
Pi-hole is the only DNS service exposed to the LAN. Unbound and dnscrypt-proxy are internal to the Docker network.
### Vaultwarden (`vaultwarden/`)
Self-hosted password manager, compatible with all Bitwarden clients.
- **URL:** `https://vaultwarden.tunnel.pelagiamarine.com`
- **Image:** `vaultwarden/server:latest`
### Forgejo (`forgejo/`)
Self-hosted Git mirror. Primary instance lives on PMS1 (`git.pelagiamarine.com`).
This instance is a push mirror — automatically receives commits from PMS1.
- **URL:** `https://git.tunnel.pelagiamarine.com`
- **Image:** `codeberg.org/forgejo/forgejo:10`
- **SSH:** port `22222`
### Karakeep (`karakeep/`)
Self-hosted bookmark manager with AI tagging, full-page archiving, and screenshots.
- **URL:** `https://bookmarks.tunnel.pelagiamarine.com`
### Resilio Sync (`resilio/`)
P2P sync for receiving PostgreSQL database backups from PMS1.
Paired with PMS1's Resilio instance which runs a nightly `pg_dump` cron.
- **URL:** `https://sync.tunnel.pelagiamarine.com`
- **Sync folder:** `~/backups/postgres/`
### Newt (`newt/`)
Pangolin tunnel client. Creates an outbound tunnel to PMS1 (87.76.191.133),
allowing Pangolin/Traefik to route `*.tunnel.pelagiamarine.com` traffic
back to Voyager without any open inbound ports.
### Stirling pdf
Self hosted pdf toolbox
---
## Host Network
| Detail | Value |
|---|---|
| Hostname | voyager |
| LAN IP | `192.168.1.55` (static) |
| IPv6 | `2405:201:24:38a4::55/64` (static) |
| OS | Ubuntu Server 24.04 |
| Hardware | HP t630 thin client |
---
## Related Infrastructure
| Service | Host | URL |
|---|---|---|
| Pangolin (reverse proxy) | PMS1 VPS | `pangolin.pelagiamarine.com` |
| Forgejo (primary) | PMS1 VPS | `git.pelagiamarine.com` |
| Resilio (primary) | PMS1 VPS | `resilio.pelagiamarine.com` |
| Pelagia Portal (Next.js) | PMS1 VPS | `pms.pelagiamarine.com` |
---
## Setup Notes
- Port 53 requires disabling `systemd-resolved` stub listener before starting the DNS stack
- Unbound is built from a custom Dockerfile (Alpine-based) due to scratch image limitations in `klutchell/unbound`
- dnscrypt-proxy cache directory requires `chown 1000:1000` for write permissions
- Forgejo `ROOT_URL` must be set to the Pangolin tunnel URL to avoid redirect loops when accessed locally
Reference in a new issue View git blame Copy permalink