docs/src/services/README.md at main

dunkirk.sh / dots
fork atom
Kieran's opinionated (and probably slightly dumb) nix config
fork atom
dots / docs / src / services / README.md
at main 76 lines 2.7 kB view raw view rendered
wrap content
dunkirk.sh feat: add extra service defs 14d ago
dd6e4cdf
 1# Services
 2
 3Services are grouped by machine in the services manifest. Machines with Tailscale enabled automatically expose their hostname for reachability checks via `atelier.machine.tailscaleHost`.
 4
 5## Machines
 6
 7| Machine | Platform | Tailscale |
 8|---------|----------|-----------|
 9| terebithia | Oracle Cloud aarch64 | `terebithia` |
10| moonlark | — | — |
11| prattle | — | — |
12
13## terebithia
14
15All services run behind Caddy with Cloudflare DNS TLS.
16
17### mkService-based
18
19| Service | Domain | Port | Runtime | Description |
20|---------|--------|------|---------|-------------|
21| cachet | cachet.dunkirk.sh | 3000 | bun | Slack emoji/profile cache |
22| hn-alerts | hn.dunkirk.sh | 3001 | bun | Hacker News monitoring |
23| indiko | indiko.dunkirk.sh | 3003 | bun | IndieAuth/OAuth2 server |
24| l4 | l4.dunkirk.sh | 3004 | bun | Image CDN — Slack image optimizer |
25| canvas-mcp | canvas.dunkirk.sh | 3006 | bun | Canvas MCP server |
26| control | control.dunkirk.sh | 3010 | bun | Admin dashboard for Caddy toggles |
27| traverse | traverse.dunkirk.sh | 4173 | bun | Code walkthrough diagram server |
28| cedarlogic | cedarlogic.dunkirk.sh | 3100 | custom | Circuit simulator |
29
30### Multi-instance
31
32| Service | Domain | Port | Description |
33|---------|--------|------|-------------|
34| emojibot-hackclub | hc.emojibot.dunkirk.sh | 3002 | Emojibot for Hack Club |
35| emojibot-df1317 | df.emojibot.dunkirk.sh | 3005 | Emojibot for df1317 |
36
37### Custom / external
38
39| Service | Domain | Description |
40|---------|--------|-------------|
41| bore (frps) | bore.dunkirk.sh | HTTP/TCP/UDP tunnel proxy |
42| herald | herald.dunkirk.sh | Git SSH hosting + email |
43| knot | knot.dunkirk.sh | Tangled git hosting |
44| spindle | spindle.dunkirk.sh | Tangled CI |
45| triage-agent | triage.dunkirk.sh | AI-powered service triage webhook |
46| n8n | n8n.dunkirk.sh | Workflow automation |
47
48## Services manifest
49
50The manifest is now grouped by machine. Evaluate with:
51
52```sh
53nix eval --json .#services-manifest
54```
55
56Output shape:
57
58```json
59{
60  "terebithia": {
61    "hostname": "terebithia",
62    "tailscale_host": "terebithia",
63    "services": [{ "name": "cachet", "health_url": "https://cachet.dunkirk.sh/health", ... }]
64  }
65}
66```
67
68## Architecture
69
70Each mkService module provides:
71
72- **Systemd service** — initial git clone for scaffolding, subsequent deploys via GitHub Actions
73- **Caddy reverse proxy** — TLS via Cloudflare DNS challenge, optional rate limiting
74- **Data declarations** — `sqlite`, `postgres`, `files` feed into automatic backups
75- **Dedicated user** — sudo for restart/stop/start, per-user Tailscale SSH ACLs
76- **Port conflict detection** — assertions prevent two services binding the same port