Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8924ce16825c23a42c7eb295d3439714beadcde
homelab-optimized/docs/infrastructure/atlantis-migration.md
Gitea Mirror Bot e8924ce168
Some checks failed
Documentation / Build Docusaurus (push) Failing after 4m59s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details
Sanitized mirror from private repository - 2026-04-05 12:45:10 UTC
2026-04-05 12:45:11 +00:00

167 lines
5.4 KiB
Markdown
Raw Blame History

# Atlantis Migration Guide
Moving Atlantis NAS and homelab-vm to a new location while Calypso stays.
## Overview
```
LOCATION A (Calypso stays) LOCATION B (New location)
┌──────────────────────┐ ┌─────────────────────────────────┐
│ CALYPSO │ │ ATLANTIS + HOMELAB-VM │
│ ├── sso.vish.gg │ │ ├── pw.vish.gg │
│ ├── git.vish.gg │◄──Internet─┤ ├── gf.vish.gg │
│ ├── seafile │ │ ├── meet.thevish.io │
│ └── paperless │ │ ├── mastodon.vish.gg │
└──────────────────────┘ │ └── (all other services) │
└─────────────────────────────────┘
```
## Pre-Migration Checklist
### 1. Backup Everything
- [ ] Portainer stack configurations exported
- [ ] Docker volumes backed up
- [ ] Synology configuration backed up
- [ ] DNS records documented
### 2. Create Cloudflare Tunnels
#### Atlantis Tunnel
1. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com/)
2. Navigate to: Networks → Tunnels → Create tunnel
3. Name: `atlantis-tunnel`
4. Copy the tunnel token
5. Add public hostnames:
| Public Hostname | Type | Service |
|-----------------|------|---------|
| pw.vish.gg | HTTP | localhost:4080 |
| cal.vish.gg | HTTP | localhost:12852 |
| meet.thevish.io | HTTPS | localhost:5443 |
| joplin.thevish.io | HTTP | localhost:22300 |
| mastodon.vish.gg | HTTP | 192.168.0.154:3000 |
| matrix.thevish.io | HTTP | 192.168.0.154:8081 |
| mx.vish.gg | HTTP | 192.168.0.154:8082 |
| mm.crista.love | HTTP | 192.168.0.154:8065 |
#### Homelab-VM Tunnel
1. Create another tunnel named `homelab-vm-tunnel`
2. Add public hostnames:
| Public Hostname | Type | Service |
|-----------------|------|---------|
| gf.vish.gg | HTTP | localhost:3300 |
| ntfy.vish.gg | HTTP | localhost:8081 |
| hoarder.thevish.io | HTTP | localhost:3000 |
| binterest.thevish.io | HTTP | localhost:21544 |
### 3. Deploy Tunnel Containers
Deploy `cloudflare-tunnel.yaml` on both:
- Atlantis: `hosts/synology/atlantis/cloudflare-tunnel.yaml`
- Homelab-VM: `hosts/vms/homelab-vm/cloudflare-tunnel.yaml`
Set the `TUNNEL_TOKEN` environment variable in Portainer.
### 4. Test Before Moving
- [ ] Verify tunnel shows "Healthy" in Cloudflare dashboard
- [ ] Test each service through tunnel (may conflict with current reverse proxy)
## Migration Day
### Step 1: Update Calypso Reverse Proxy
Remove entries that will be handled by tunnels:
- pw.vish.gg
- cal.vish.gg
- meet.thevish.io
- joplin.thevish.io
- mastodon.vish.gg
- matrix.thevish.io
- mx.vish.gg
- mm.crista.love
- gf.vish.gg
- ntfy.vish.gg
- hoarder.thevish.io
- binterest.thevish.io
Keep only Calypso's local services:
- sso.vish.gg
- git.vish.gg
- sf.vishconcord.synology.me
- paperlessngx.vishconcord.synology.me
- actual.vishconcord.synology.me
- (other localhost services)
### Step 2: Update DDNS Configuration
**Calypso** (`dynamic_dns.yaml`):
Only update domains that Calypso serves directly:
- sso.vish.gg
- git.vish.gg
- (other Calypso services)
**Atlantis**:
Disable or remove DDNS updater - tunnels don't need public IP.
### Step 3: Physical Move
1. Shut down Atlantis and homelab-vm gracefully
2. Transport equipment
3. Connect to new network
4. Power on and verify tunnel connectivity
### Step 4: Verify Services
- [ ] All tunneled services accessible
- [ ] Calypso services still working
- [ ] No DNS conflicts
## Post-Migration
### DNS Records After Migration
| Domain | Before | After |
|--------|--------|-------|
| pw.vish.gg | A record → home IP | CNAME → tunnel |
| gf.vish.gg | A record → home IP | CNAME → tunnel |
| sso.vish.gg | A record → home IP | A record → Calypso IP (unchanged) |
| git.vish.gg | A record → home IP | A record → Calypso IP (unchanged) |
### Benefits of Cloudflare Tunnel
- No port forwarding needed at new location
- Automatic SSL
- DDoS protection
- Works behind CGNAT
- Access policies via Cloudflare Access (optional)
## Rollback Plan
If issues occur:
1. Connect Atlantis back to original network
2. Re-enable Calypso reverse proxy entries
3. Disable tunnel containers
4. Services resume through Calypso
## Services by Location (Post-Migration)
### Location A - Calypso Only
| Service | Domain | Port |
|---------|--------|------|
| Authentik | sso.vish.gg | 9000 |
| Gitea | git.vish.gg | 3052 |
| Seafile | sf.vishconcord.synology.me | 8611 |
| Paperless | paperlessngx.vishconcord.synology.me | 8777 |
| Actual | actual.vishconcord.synology.me | 8304 |
### Location B - Via Cloudflare Tunnel
| Service | Domain | Host | Port |
|---------|--------|------|------|
| Vaultwarden | pw.vish.gg | Atlantis | 4080 |
| Grafana | gf.vish.gg | homelab-vm | 3300 |
| Jitsi | meet.thevish.io | Atlantis | 5443 |
| Mastodon | mastodon.vish.gg | Atlantis VM | 3000 |
| Ntfy | ntfy.vish.gg | homelab-vm | 8081 |
| Hoarder | hoarder.thevish.io | homelab-vm | 3000 |
| Binterest | binterest.thevish.io | homelab-vm | 21544 |
| Joplin | joplin.thevish.io | Atlantis | 22300 |
| Calendar | cal.vish.gg | Atlantis | 12852 |
| Matrix | matrix.thevish.io | Atlantis VM | 8081 |
Reference in New Issue View Git Blame Copy Permalink