Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c3d2c5db1e1e04555177d56e477e3f99219dec9
homelab-optimized/docs/infrastructure/atlantis-migration.md
Gitea Mirror Bot 2c3d2c5db1
Some checks failed
Documentation / Build Docusaurus (push) Failing after 5m0s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details
Sanitized mirror from private repository - 2026-04-08 03:24:28 UTC
2026-04-08 03:24:28 +00:00

5.4 KiB
Raw Blame History

Atlantis Migration Guide

Moving Atlantis NAS and homelab-vm to a new location while Calypso stays.

Overview

LOCATION A (Calypso stays)          LOCATION B (New location)
┌──────────────────────┐            ┌─────────────────────────────────┐
│  CALYPSO             │            │  ATLANTIS + HOMELAB-VM          │
│  ├── sso.vish.gg     │            │  ├── pw.vish.gg                 │
│  ├── git.vish.gg     │◄──Internet─┤  ├── gf.vish.gg                 │
│  ├── seafile         │            │  ├── meet.thevish.io            │
│  └── paperless       │            │  ├── mastodon.vish.gg           │
└──────────────────────┘            │  └── (all other services)       │
                                    └─────────────────────────────────┘

Pre-Migration Checklist

1. Backup Everything

  • Portainer stack configurations exported
  • Docker volumes backed up
  • Synology configuration backed up
  • DNS records documented

2. Create Cloudflare Tunnels

Atlantis Tunnel

  1. Go to Cloudflare Zero Trust
  2. Navigate to: Networks → Tunnels → Create tunnel
  3. Name: atlantis-tunnel
  4. Copy the tunnel token
  5. Add public hostnames:
Public Hostname Type Service
pw.vish.gg HTTP localhost:4080
cal.vish.gg HTTP localhost:12852
meet.thevish.io HTTPS localhost:5443
joplin.thevish.io HTTP localhost:22300
mastodon.vish.gg HTTP 192.168.0.154:3000
matrix.thevish.io HTTP 192.168.0.154:8081
mx.vish.gg HTTP 192.168.0.154:8082
mm.crista.love HTTP 192.168.0.154:8065

Homelab-VM Tunnel

  1. Create another tunnel named homelab-vm-tunnel
  2. Add public hostnames:
Public Hostname Type Service
gf.vish.gg HTTP localhost:3300
ntfy.vish.gg HTTP localhost:8081
hoarder.thevish.io HTTP localhost:3000
binterest.thevish.io HTTP localhost:21544

3. Deploy Tunnel Containers

Deploy cloudflare-tunnel.yaml on both:

  • Atlantis: hosts/synology/atlantis/cloudflare-tunnel.yaml
  • Homelab-VM: hosts/vms/homelab-vm/cloudflare-tunnel.yaml

Set the TUNNEL_TOKEN environment variable in Portainer.

4. Test Before Moving

  • Verify tunnel shows "Healthy" in Cloudflare dashboard
  • Test each service through tunnel (may conflict with current reverse proxy)

Migration Day

Step 1: Update Calypso Reverse Proxy

Remove entries that will be handled by tunnels:

  • pw.vish.gg
  • cal.vish.gg
  • meet.thevish.io
  • joplin.thevish.io
  • mastodon.vish.gg
  • matrix.thevish.io
  • mx.vish.gg
  • mm.crista.love
  • gf.vish.gg
  • ntfy.vish.gg
  • hoarder.thevish.io
  • binterest.thevish.io

Keep only Calypso's local services:

  • sso.vish.gg
  • git.vish.gg
  • sf.vishconcord.synology.me
  • paperlessngx.vishconcord.synology.me
  • actual.vishconcord.synology.me
  • (other localhost services)

Step 2: Update DDNS Configuration

Calypso (dynamic_dns.yaml): Only update domains that Calypso serves directly:

  • sso.vish.gg
  • git.vish.gg
  • (other Calypso services)

Atlantis: Disable or remove DDNS updater - tunnels don't need public IP.

Step 3: Physical Move

  1. Shut down Atlantis and homelab-vm gracefully
  2. Transport equipment
  3. Connect to new network
  4. Power on and verify tunnel connectivity

Step 4: Verify Services

  • All tunneled services accessible
  • Calypso services still working
  • No DNS conflicts

Post-Migration

DNS Records After Migration

Domain Before After
pw.vish.gg A record → home IP CNAME → tunnel
gf.vish.gg A record → home IP CNAME → tunnel
sso.vish.gg A record → home IP A record → Calypso IP (unchanged)
git.vish.gg A record → home IP A record → Calypso IP (unchanged)

Benefits of Cloudflare Tunnel

  • No port forwarding needed at new location
  • Automatic SSL
  • DDoS protection
  • Works behind CGNAT
  • Access policies via Cloudflare Access (optional)

Rollback Plan

If issues occur:

  1. Connect Atlantis back to original network
  2. Re-enable Calypso reverse proxy entries
  3. Disable tunnel containers
  4. Services resume through Calypso

Services by Location (Post-Migration)

Location A - Calypso Only

Service Domain Port
Authentik sso.vish.gg 9000
Gitea git.vish.gg 3052
Seafile sf.vishconcord.synology.me 8611
Paperless paperlessngx.vishconcord.synology.me 8777
Actual actual.vishconcord.synology.me 8304

Location B - Via Cloudflare Tunnel

Service Domain Host Port
Vaultwarden pw.vish.gg Atlantis 4080
Grafana gf.vish.gg homelab-vm 3300
Jitsi meet.thevish.io Atlantis 5443
Mastodon mastodon.vish.gg Atlantis VM 3000
Ntfy ntfy.vish.gg homelab-vm 8081
Hoarder hoarder.thevish.io homelab-vm 3000
Binterest binterest.thevish.io homelab-vm 21544
Joplin joplin.thevish.io Atlantis 22300
Calendar cal.vish.gg Atlantis 12852
Matrix matrix.thevish.io Atlantis VM 8081
Reference in New Issue View Git Blame Copy Permalink