README.md at fix-docker-install · dynamicalsystem.com/tinsnip

dynamicalsystem.com / tinsnip
fork atom
homelab infrastructure services
fork atom
tinsnip / README.md
at fix-docker-install 168 lines 6.0 kB view raw view rendered
wrap content
dynamicalsystem.com integrated machine and split out service 7mo ago
d1beb006
  1# tinsnip - Homelab Infrastructure Platform
  2
  3An opinionated service deployment platform that standardizes how services are configured, deployed, and managed in homelab environments.
  4
  5## Overview
  6
  7tinsnip provides the infrastructure foundation for deploying services with:
  8- **Standardized UIDs** following the TNSEP scheme for proper NFS permissions
  9- **NFS-backed persistence** for config, data, and state
 10- **XDG integration** via symbolic links in standard locations
 11- **Rootless Docker** with consistent host-to-container data mapping
 12- **Service isolation** through dedicated users and namespaces
 13
 14## Service Catalog
 15
 16Services are maintained in a separate repository. Example services include:
 17- **LLDAP** - Lightweight identity management
 18- **Redis** - Caching and queuing (planned)
 19- **Prometheus** - Metrics collection (planned)
 20
 21See: [https://tangled.sh/dynamicalsystem.com/service](https://tangled.sh/dynamicalsystem.com/service)
 22
 23## Quick Start
 24
 25```bash
 26# Install tinsnip platform only
 27curl -fsSL "https://tangled.sh/dynamicalsystem.com/tinsnip/raw/main/install.sh?$(date +%s)" | bash
 28
 29# Install with service catalog
 30curl -fsSL "https://tangled.sh/dynamicalsystem.com/tinsnip/raw/main/install.sh?$(date +%s)" | INSTALL_SERVICES=true bash
 31
 32# Install with custom service catalog
 33curl -fsSL "https://tangled.sh/dynamicalsystem.com/tinsnip/raw/main/install.sh?$(date +%s)" | \
 34  SERVICE_REPO_URL="git@github.com:mycompany/services" INSTALL_SERVICES=true bash
 35```
 36
 37## Architecture
 38
 39tinsnip uses a multi-environment deployment model with:
 40
 41- **Service Isolation**: Each service runs under dedicated users (UID 11000+ range)
 42- **Environment Separation**: Separate prod/test deployments with different UIDs and ports
 43- **Namespace Support**: Configurable namespaces for multi-tenant deployments (defaults to `dynamicalsystem`)
 44- **Rootless Docker**: Complete container isolation without root privileges
 45- **NFS-Backed Storage**: Persistent data across host rebuilds
 46- **Automatic Port Allocation**: UID-based port assignment prevents conflicts
 47
 48### UID and Port Convention
 49
 50Services follow a 5-digit UID scheme (`TNSEP`) with automatic port allocation:
 51
 52| Service | Environment | UID | Primary Port | Secondary Port |
 53|---------|-------------|-----|--------------|----------------|
 54| station | prod | 11000 | 11000 | 11001 |
 55| station | test | 11010 | 11010 | 11011 |
 56| lldap | prod | 11200 | 11200 | 11201 |
 57| lldap | test | 11210 | 11210 | 11211 |
 58
 59For details on UID conventions, port allocation, and deployment patterns, see [DEPLOYMENT_STRATEGY.md](DEPLOYMENT_STRATEGY.md). For step-by-step machine setup including NFS configuration, see [CREATE_MACHINE.md](CREATE_MACHINE.md). For namespace configuration options, see [NAMESPACE_CONFIGURATION.md](NAMESPACE_CONFIGURATION.md). For service registry mechanics and service number assignment, see [SERVICE_REGISTRY.md](SERVICE_REGISTRY.md).
 60
 61## Service Management
 62
 63```bash
 64# Switch to tinsnip user
 65sudo -u tinsnip -i
 66
 67# Check service status  
 68cd ~/service/lldap
 69docker compose ps
 70
 71# View logs
 72docker compose logs -f
 73```
 74
 75## Integration Guide
 76
 77### LLDAP Configuration
 78- **Base DN**: `dc=home,dc=local`
 79- **Production**: `tinsnip-host:11000` (LDAP), `tinsnip-host:11001` (Web UI)
 80- **Test**: `tinsnip-host:11010` (LDAP), `tinsnip-host:11011` (Web UI)
 81
 82### For Ubuntu/Debian Systems
 83```bash
 84# Configure LDAP client
 85apt install sssd-ldap
 86# Point to tinsnip-host:11000 (prod) or tinsnip-host:11010 (test)
 87```
 88
 89### For Docker Services
 90```yaml
 91environment:
 92  - LDAP_HOST=tinsnip-host
 93  - LDAP_PORT=11000  # Use 11010 for test environment
 94  - LDAP_BASE_DN=dc=home,dc=local
 95```
 96
 97### Standard Port Forwarding
 98
 99For clients expecting standard ports (389 for LDAP), use port forwarding:
100
101```bash
102# Forward standard LDAP port to tinsnip production
103sudo iptables -t nat -A PREROUTING -p tcp --dport 389 -j REDIRECT --to-port 11000
104```
105
106## Working with Services
107
108### Using Official Service Catalog
109```bash
110# Services installed to ~/.local/opt/dynamicalsystem.service/
111# Deploy a service after machine setup:
112sudo -u lldap-prod -i
113cp -r ~/.local/opt/dynamicalsystem.service/lldap /mnt/docker/service/
114cd /mnt/docker/service/lldap
115docker compose up -d
116```
117
118### Creating Custom Services
119Services must follow tinsnip conventions:
1201. Create a service repository with your services
1212. Each service needs a `docker-compose.yml` following tinsnip standards
1223. Optional: Add `setup.sh` for service-specific configuration
1234. Deploy using the same workflow as official services
124
125See the [service repository](https://tangled.sh/dynamicalsystem.com/service) for examples.
126
127## Service Repository
128
129The official service catalog is maintained separately at:
130- Repository: `git@tangled.sh:dynamicalsystem.com/service`
131- Web: [https://tangled.sh/dynamicalsystem.com/service](https://tangled.sh/dynamicalsystem.com/service)
132
133This separation allows:
134- Independent service development and updates
135- Organizations to maintain private service catalogs
136- Clean separation between platform and applications
137
138## Planned Services
139
140- [x] LLDAP - Identity Management
141- [ ] Redis - Caching/queuing  
142- [ ] Prometheus - Metrics collection
143
144## Validation (Optional)
145
146tinsnip includes optional validation scripts for the machine setup infrastructure:
147
148```bash
149# Run all validations (optional)
150cd machine
151./validate.sh
152```
153
154**Validation Coverage:**
155- UID convention validation (TNSEP scheme: 11000, 11010, 11100, 11110)
156- Automatic port allocation and conflict prevention  
157- NFS path generation for different services/environments
158- XDG Base Directory compliance
159
160Running validations before deployment is recommended but not required.
161
162## Design Principles
163
1641. **Complete Isolation** - Dedicated users per service/environment
1652. **Rootless Docker** - No root daemon required
1663. **UID-Based Allocation** - Systematic port and user management
1674. **NFS Persistence** - Data survives host rebuilds
1685. **XDG Compliance** - Integrates with Linux desktop standards