KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: move stack assets and wire in mailhog

Browse Source
This commit is contained in:
Charles N Wyble - admin
2025-10-29 05:56:27 -05:00
parent 8f37c46310
commit 7061fbb2a9
41 changed files with 217 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
SupportStack/collab/ChatPrompt-RefineAndSuggest-SupportStack.txt Normal file
View File

@@ -0,0 +1,192 @@
I am a solo entrepreneur and freelancer.
Hosted on Netcup VPS — managed via Cloudron
| Icon | Service | Purpose / Notes |
|------|---------|-----------------|
| 📓 | Joplin Server | Self-hosted note sync / personal knowledge base |
| 🔔 | ntfy.sh | Simple push notifications / webhooks |
| 🖼️ | Firefly | Personal photo management |
| 📂 | Paperless-NGX | Document ingestion / OCR / archival |
| 🧾 | Dolibarr | ERP / CRM for small business |
| 🎨 | Penpot | Design & SVG collaboration (open source Figma alternative) |
| 🎧 | Audiobookshelf | Self-hosted audiobooks & media server |
| 🖨️ | Stirling-PDF | PDF utilities / manipulation |
| 📰 | FreshRSS | Self-hosted RSS reader |
| 🤖 | OpenWebUI | Web UI for local LLM / AI interaction |
| 🗄️ | MinIO | S3-compatible object storage |
| 📝 | Hastebin | Quick paste / snippets service |
| 📊 | Prometheus | Metrics collection |
| 📈 | Grafana | Metrics visualization / dashboards |
| 🐙 | Gitea | Git hosting (also Docker registry + CI integrations) |
| 🔐 | Vault | Secrets management |
| 🗂️ | Redmine | Project management / issue tracking |
| 👥 | Keycloak | Single Sign-On / identity provider |
| 📝 | Hedgedoc | Collaborative markdown editor / docs |
| 🔎 | SearxNG | Privacy-respecting metasearch engine |
| ⏱️ | Uptime Kuma | Service uptime / status monitoring |
| 📷 | Immich | Personal photo & video backup server |
| 🔗 | LinkWarden | Personal link/bookmark manager |
| … | etc. | Additional Cloudron apps and personal services |
Notes:
- All apps are deployed under Cloudron on a Netcup VPS.
- This list is organized for quick visual reference; each entry is the hosted service name + short purpose.
I have been focused on the operations and infrastructure of building my businesses.
Hence deployment of Cloudron and the services on it and moving data into it from various SAAS and legacy LAMP systems.
Now I am focusing on setting up my development environment on a Debian 12 VM. Below is an organized, left-justified reference of the selected SupportStack services — software name links to the project website and the second column links to the repository (link text: repository).
Core utilities
| Icon | Software (website) | Repository |
|:---|:---|:---|
| 🐚 | [atuin](https://atuin.sh) | [repository](https://github.com/ellie/atuin) |
| 🧪 | [httpbin](https://httpbin.org) | [repository](https://github.com/postmanlabs/httpbin) |
| 📁 | [Dozzle](https://github.com/amir20/dozzle) | [repository](https://github.com/amir20/dozzle) |
| 🖥️ | [code-server](https://coder.com/code-server) | [repository](https://github.com/coder/code-server) |
| 📬 | [MailHog](https://mailhog.github.io/) | [repository](https://github.com/mailhog/MailHog) |
| 🧾 | [Adminer](https://www.adminer.org) | [repository](https://github.com/vrana/adminer) |
| 🧰 | [Portainer](https://www.portainer.io) | [repository](https://github.com/portainer/portainer) |
| 🔁 | [Watchtower](https://containrrr.dev/watchtower) | [repository](https://github.com/containrrr/watchtower) |
API, docs and mocking
| Icon | Software (website) | Repository |
|:---|:---|:---|
| 🧩 | [wiremock](http://wiremock.org) | [repository](https://github.com/wiremock/wiremock) |
| 🔗 | [hoppscotch](https://hoppscotch.io) | [repository](https://github.com/hoppscotch/hoppscotch) |
| 🧾 | [swagger-ui](https://swagger.io/tools/swagger-ui/) | [repository](https://github.com/swagger-api/swagger-ui) |
| 📚 | [redoc](https://redoc.ly) | [repository](https://github.com/Redocly/redoc) |
| 🔔 | [webhook.site](https://webhook.site) | [repository](https://github.com/search?q=webhook.site) |
| 🧪 | [pact_broker](https://docs.pact.io/pact_broker) | [repository](https://github.com/pact-foundation/pact_broker) |
| 🧰 | [httpbin (reference)](https://httpbin.org) | [repository](https://github.com/postmanlabs/httpbin) |
Observability & tracing
| Icon | Software (website) | Repository |
|:---|:---|:---|
| 🔍 | [Jaeger All-In-One](https://www.jaegertracing.io) | [repository](https://github.com/jaegertracing/jaeger) |
| 📊 | [Loki](https://grafana.com/oss/loki/) | [repository](https://github.com/grafana/loki) |
| 📤 | [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) | [repository](https://github.com/grafana/loki) |
| 🧭 | [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) | [repository](https://github.com/open-telemetry/opentelemetry-collector) |
| 🧮 | [node-exporter (Prometheus)](https://prometheus.io/docs/guides/node-exporter/) | [repository](https://github.com/prometheus/node_exporter) |
| 📦 | [google/cadvisor](https://github.com/google/cadvisor) | [repository](https://github.com/google/cadvisor) |
Chaos, networking & proxies
| Icon | Software (website) | Repository |
|:---|:---|:---|
| 🌩️ | [toxiproxy](https://github.com/Shopify/toxiproxy) | [repository](https://github.com/Shopify/toxiproxy) |
| 🧨 | [pumba](https://github.com/alexei-led/pumba) | [repository](https://github.com/alexei-led/pumba) |
| 🧭 | [CoreDNS](https://coredns.io) | [repository](https://github.com/coredns/coredns) |
| 🔐 | [step-ca (smallstep)](https://smallstep.com/docs/step-ca/) | [repository](https://github.com/smallstep/certificates) |
Devops, CI/CD & registries
| Icon | Software (website) | Repository |
|:---|:---|:---|
| 📦 | [Registry (Distribution v2)](https://docs.docker.com/registry/) | [repository](https://github.com/distribution/distribution) |
| ⚙️ | [Core workflow: Cadence](https://cadenceworkflow.io) | [repository](https://github.com/uber/cadence) |
| 🧾 | [Unleash (feature flags)](https://www.getunleash.io) | [repository](https://github.com/Unleash/unleash) |
| 🛡️ | [OpenPolicyAgent](https://www.openpolicyagent.org) | [repository](https://github.com/open-policy-agent/opa) |
Rendering, diagrams & misc developer tools
| Icon | Software (website) | Repository |
|:---|:---|:---|
| 🖼️ | [Kroki](https://kroki.io) | [repository](https://github.com/yuzutech/kroki) |
| 🧭 | [Dozzle (logs)](https://github.com/amir20/dozzle) | [repository](https://github.com/amir20/dozzle) |
| 📚 | [ArchiveBox](https://archivebox.io) | [repository](https://github.com/ArchiveBox/ArchiveBox) |
| 🧩 | [Registry tools / misc searches] | [repository](https://github.com/search?q=registry2) |
Personal / community / uncertain (link targets go to GitHub search where official page/repo was ambiguous)
| Icon | Software (website / search) | Repository |
|:---|:---|:---|
| 🧭 | [reactiveresume (search)](https://github.com/search?q=reactive+resume) | [repository](https://github.com/search?q=reactive+resume) |
| 🎞️ | [tubearchivst (search)](https://github.com/search?q=tubearchivst) | [repository](https://github.com/search?q=tubearchivst) |
| ⏱️ | [atomic tracker (search)](https://github.com/search?q=atomic+tracker) | [repository](https://github.com/search?q=atomic+tracker) |
| 📈 | [wakaapi (search)](https://github.com/search?q=wakaapi) | [repository](https://github.com/search?q=wakaapi) |
Notes:
- Where an authoritative project website exists it is linked in the Software column; where a dedicated site was not apparent the link points to a curated GitHub page or a GitHub search (to avoid guessing official domains).
- Let me know if you want this exported as Markdown, HTML, or rendered into your Cloudron/Stack documentation format.
Overview
This SupportStack is the always-on, developer-shared utility layer for local work and personal use. It is separate from per-project stacks (which own their DBs and runtime dependencies)
and separate from the LifecycleStack (build/package/release tooling).
Services here are intended to be stable, long-running, and reusable across projects.
Architecture & constraints
- Dev environment: Debian 12 VM with a devcontainer base + specialized containers. Each project ships an identical docker-compose.yml in dev and prod.
- Deployment model: 12factor principles. Per-project stateful services (databases, caches) live inside each project stack, not in SupportStack.
- LifecycleStack: build/package/release tooling (Trivy, credential management container, artifact signing, CI runners) lives in a separate stack.
- Cloud policy: no public cloud for local infrastructure (Hard NO). Cloud-targeted tools may exist only for cloud dev environments (run in the cloud).
- Networking/UI: access services by ports. No need for reverse proxies (Caddy/Traefik) in SupportStack; the homepage provides the unified entry point.
- Credentials: projects consume secrets from the creds container in LifecycleStack. Do NOT add a credential injector to SupportStack.
- Data ownership: SupportStack contains developer & personal services (MailHog, Atuin, personal analytics). Project production data and DBs are explicitly outside SupportStack.
Operational guidelines
- Use explicit ports and stable hostnames for each service to keep UX predictable.
- Pin container images (digest or specific semver) and include healthchecks.
- Limit resource usage per container (cpu/memory) to avoid noisy neighbors.
- Persist data to named volumes and schedule regular backups.
- Centralize logs and metrics (Prometheus + Grafana + Loki) and add basic alerting.
- Use network isolation where appropriate (bridge networks per stack) and document exposed ports.
- Use a single canonical docker-compose schema across dev and prod to reduce drift.
- Document service purpose, default ports, and admin credentials in a small README inside the SupportStack repo (no secrets in repo).
Suggested additions to the SupportStack (with rationale)
- Local artifact/cache proxies
- apt/aptly or apt-cacher-ng — speed package installs and reduce external hits.
- npm/yarn registry proxy (Verdaccio) — speed front-end dependency installs.
- Backup & restore
- restic or Duplicity plus a scheduled job to back up named volumes (or push to MinIO).
- Object storage & S3 tooling
- MinIO (already listed) — ensure lifecycle for backups and dev S3 workloads.
- s3gateway tools / rclone GUI for manual data movement.
- Registry & image tooling
- Private Docker Registry (distribution v2) — already listed; consider adding simple GC and retention policies.
- Image vulnerability dashboard (registry + Trivy / Polaris integrations) — surface image risks (Trivy stays in LifecycleStack for scanning).
- Caching & fast storage
- Redis — local cache for dev apps and simple feature testing.
- memcached — lightweight alternative where needed.
- Dev UX tooling
- filebrowser or chevereto-like lightweight file manager — quick SFTP/HTTP access to files.
- code-server (already listed) — ensure secure defaults for dev access.
- Networking & secure access
- WireGuard or a local VPN appliance — secure remote developer access without exposing services publicly.
- CoreDNS (already listed) — DNS for local hostnames and service discovery.
- Observability & testing
- Blackbox exporter or Uptime Kuma (already listed) — external checks on service ports.
- Tempo or Jaeger (already listed) — distributed tracing for local microservice testing.
- Loki + Promtail (already listed) — central logs; ensure retention policies.
- Development mocks & API tooling
- Wiremock / Mock servers (already listed) — richer API contract testing.
- Postman/hoppscotch (already listed) — request building and collection testing.
- CI/CD helpers (lightweight)
- Local runner (small container to run builds/tests) that mirrors prod runner environment.
- Container image pruning tools / reclaimers for long-running dev VM.
- Misc useful tools
- Sentry (or a lightweight error aggregator) — collect local app exceptions during dev runs.
- ArchiveBox / Archive utilities (already listed) — reproducible web captures.
- A small SMTP relay for inbound testing (MailHog already present).
- A small DB admin (Adminer already listed) and optional pgAdmin if need richer DB tools.
- Optional: a minimal artifact repository (Nexus/Harbor) if storing compiled artifacts or OCI images beyond the simple registry.
Operational checklist to add to repo
- Compose file naming and versioning policy (same file for dev & prod).
- Port assignment table (avoid collisions).
- Volume & backup policy (what to snapshot and when).
- Upgrade policy and maintenance window for SupportStack.
- Quick restore steps for any critical service.
Short example priorities for next additions
1. Verdaccio (npm proxy) + apt-cacher-ng — speed & reproducible installs.
2. Restic backup container that snapshots SupportStack volumes to MinIO.
3. WireGuard for secure remote dev access.
4. Image pruning/cleanup job and clear registry retention policy.
5. Add Redis and a lightweight error aggregator (Sentry) for local dev testing.
This expanded description is designed to be pasted along with the rest of the SupportStack file to prompt ideation from ChatGPT/CoPilot/Grok/Qwen.
Use the suggestions list to generate additional service proposals, playbooks, and compose templates for each recommended service.