LXC / Conception
Description
This badly named LXC container (docker containers, inception for nested virtualization) is responsible for running the majority of my services.
Configuration
Resources
| Hostname | CPU | Memory |
|---|---|---|
| conception.hermz | 4 vCPU | 4096MB |
Storage
| Mount Point | Source | Destination |
|---|---|---|
| mp0 | /storage/zpool10/downloads | /storage/downloads |
| mp1 | /storage/zpool10/downloads/incomplete | /storage/downloads/incomplete |
| mp2 | /storage/zpool10/media | /storage/media |
| mp3 | /storage/zpool10/services | /storage/services |
Networking
Interfaces
| ID | Name | Bridge | IP Address |
|---|---|---|---|
| net0 | eth0 | vmbr1 | 10.0.2.2/21 |
| net1 | eth1 | vmbr2 | 192.168.0.2/24 |
Docker Networks
blackbox_containers (10.0.4.2/21)
All publically accessible containers should be part of this network. The idea is that Traefik receives public traffic and proxies it to the appropriate container through this network. Containers can directly address other containers in this network using their hostname without going back through SSL or leaving the network however they are inaccessible for everyone else without going through the Traefik proxy.
a_wireguarded (192.168.0.2/24)
All containers which should be run through VM / Shield need to be connected to this network. It is prefixed with a_ because networks are added to containers alphabetically and this must be the default gateway or else traffic will not be routed over this network.
Installed Software
Services
See Services