Sanitized mirror from private repository - 2026-04-06 01:59:54 UTC

2026-04-06 01:59:54 +00:00
commit 93ca229fd5
1407 changed files with 358691 additions and 0 deletions
--- a/docs/infrastructure/atlantis-migration.md
+++ b/docs/infrastructure/atlantis-migration.md
@@ -0,0 +1,166 @@
+# Atlantis Migration Guide
+
+Moving Atlantis NAS and homelab-vm to a new location while Calypso stays.
+
+## Overview
+
+```
+LOCATION A (Calypso stays)          LOCATION B (New location)
+┌──────────────────────┐            ┌─────────────────────────────────┐
+│  CALYPSO             │            │  ATLANTIS + HOMELAB-VM          │
+│  ├── sso.vish.gg     │            │  ├── pw.vish.gg                 │
+│  ├── git.vish.gg     │◄──Internet─┤  ├── gf.vish.gg                 │
+│  ├── seafile         │            │  ├── meet.thevish.io            │
+│  └── paperless       │            │  ├── mastodon.vish.gg           │
+└──────────────────────┘            │  └── (all other services)       │
+                                    └─────────────────────────────────┘
+```
+
+## Pre-Migration Checklist
+
+### 1. Backup Everything
+- [ ] Portainer stack configurations exported
+- [ ] Docker volumes backed up
+- [ ] Synology configuration backed up
+- [ ] DNS records documented
+
+### 2. Create Cloudflare Tunnels
+
+#### Atlantis Tunnel
+1. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com/)
+2. Navigate to: Networks → Tunnels → Create tunnel
+3. Name: `atlantis-tunnel`
+4. Copy the tunnel token
+5. Add public hostnames:
+
+| Public Hostname | Type | Service |
+|-----------------|------|---------|
+| pw.vish.gg | HTTP | localhost:4080 |
+| cal.vish.gg | HTTP | localhost:12852 |
+| meet.thevish.io | HTTPS | localhost:5443 |
+| joplin.thevish.io | HTTP | localhost:22300 |
+| mastodon.vish.gg | HTTP | 192.168.0.154:3000 |
+| matrix.thevish.io | HTTP | 192.168.0.154:8081 |
+| mx.vish.gg | HTTP | 192.168.0.154:8082 |
+| mm.crista.love | HTTP | 192.168.0.154:8065 |
+
+#### Homelab-VM Tunnel
+1. Create another tunnel named `homelab-vm-tunnel`
+2. Add public hostnames:
+
+| Public Hostname | Type | Service |
+|-----------------|------|---------|
+| gf.vish.gg | HTTP | localhost:3300 |
+| ntfy.vish.gg | HTTP | localhost:8081 |
+| hoarder.thevish.io | HTTP | localhost:3000 |
+| binterest.thevish.io | HTTP | localhost:21544 |
+
+### 3. Deploy Tunnel Containers
+
+Deploy `cloudflare-tunnel.yaml` on both:
+- Atlantis: `hosts/synology/atlantis/cloudflare-tunnel.yaml`
+- Homelab-VM: `hosts/vms/homelab-vm/cloudflare-tunnel.yaml`
+
+Set the `TUNNEL_TOKEN` environment variable in Portainer.
+
+### 4. Test Before Moving
+- [ ] Verify tunnel shows "Healthy" in Cloudflare dashboard
+- [ ] Test each service through tunnel (may conflict with current reverse proxy)
+
+## Migration Day
+
+### Step 1: Update Calypso Reverse Proxy
+Remove entries that will be handled by tunnels:
+- pw.vish.gg
+- cal.vish.gg  
+- meet.thevish.io
+- joplin.thevish.io
+- mastodon.vish.gg
+- matrix.thevish.io
+- mx.vish.gg
+- mm.crista.love
+- gf.vish.gg
+- ntfy.vish.gg
+- hoarder.thevish.io
+- binterest.thevish.io
+
+Keep only Calypso's local services:
+- sso.vish.gg
+- git.vish.gg
+- sf.vishconcord.synology.me
+- paperlessngx.vishconcord.synology.me
+- actual.vishconcord.synology.me
+- (other localhost services)
+
+### Step 2: Update DDNS Configuration
+
+**Calypso** (`dynamic_dns.yaml`):
+Only update domains that Calypso serves directly:
+- sso.vish.gg
+- git.vish.gg
+- (other Calypso services)
+
+**Atlantis**: 
+Disable or remove DDNS updater - tunnels don't need public IP.
+
+### Step 3: Physical Move
+1. Shut down Atlantis and homelab-vm gracefully
+2. Transport equipment
+3. Connect to new network
+4. Power on and verify tunnel connectivity
+
+### Step 4: Verify Services
+- [ ] All tunneled services accessible
+- [ ] Calypso services still working
+- [ ] No DNS conflicts
+
+## Post-Migration
+
+### DNS Records After Migration
+
+| Domain | Before | After |
+|--------|--------|-------|
+| pw.vish.gg | A record → home IP | CNAME → tunnel |
+| gf.vish.gg | A record → home IP | CNAME → tunnel |
+| sso.vish.gg | A record → home IP | A record → Calypso IP (unchanged) |
+| git.vish.gg | A record → home IP | A record → Calypso IP (unchanged) |
+
+### Benefits of Cloudflare Tunnel
+- No port forwarding needed at new location
+- Automatic SSL
+- DDoS protection
+- Works behind CGNAT
+- Access policies via Cloudflare Access (optional)
+
+## Rollback Plan
+
+If issues occur:
+1. Connect Atlantis back to original network
+2. Re-enable Calypso reverse proxy entries
+3. Disable tunnel containers
+4. Services resume through Calypso
+
+## Services by Location (Post-Migration)
+
+### Location A - Calypso Only
+| Service | Domain | Port |
+|---------|--------|------|
+| Authentik | sso.vish.gg | 9000 |
+| Gitea | git.vish.gg | 3052 |
+| Seafile | sf.vishconcord.synology.me | 8611 |
+| Paperless | paperlessngx.vishconcord.synology.me | 8777 |
+| Actual | actual.vishconcord.synology.me | 8304 |
+
+### Location B - Via Cloudflare Tunnel
+| Service | Domain | Host | Port |
+|---------|--------|------|------|
+| Vaultwarden | pw.vish.gg | Atlantis | 4080 |
+| Grafana | gf.vish.gg | homelab-vm | 3300 |
+| Jitsi | meet.thevish.io | Atlantis | 5443 |
+| Mastodon | mastodon.vish.gg | Atlantis VM | 3000 |
+| Ntfy | ntfy.vish.gg | homelab-vm | 8081 |
+| Hoarder | hoarder.thevish.io | homelab-vm | 3000 |
+| Binterest | binterest.thevish.io | homelab-vm | 21544 |
+| Joplin | joplin.thevish.io | Atlantis | 22300 |
+| Calendar | cal.vish.gg | Atlantis | 12852 |
+| Matrix | matrix.thevish.io | Atlantis VM | 8081 |