From 9bfa9a3617a6e02393e57e3a52b9587f6db0950a Mon Sep 17 00:00:00 2001 From: Robert Helewka Date: Sun, 7 Jun 2026 06:40:42 -0400 Subject: [PATCH] feat(terraform): expand caliban port forwards and document port ranges - Add proxy devices on caliban for SSH (25512), Postgres (25515), and three web ports (25516-25518) alongside existing RDP forward - Remove HTTP/HTTPS proxy devices from prospero (now handled via HAProxy on titania) - Document Incus port forwarding ranges (25510-25599) per host in ouranos.md and fix a typo --- docs/ouranos.md | 13 ++++++- terraform/containers.tf | 85 ++++++++++++++++++++++++++--------------- 2 files changed, 67 insertions(+), 31 deletions(-) diff --git a/docs/ouranos.md b/docs/ouranos.md index f8181bb..44a8b20 100644 --- a/docs/ouranos.md +++ b/docs/ouranos.md @@ -54,7 +54,18 @@ XXX Project Number or 290-299 for external project (host specific) Y Service: 0 reserved, 1-4 flexible, 5 database, 6 MCP, 7 API, 8 Web App, 9 Prometheus metrics Z Instance: The running instance of this app on the same host, starting at 1. May also be used to handle exceptions. -255 Incus port forwarding: Ports in ths range are forwarded from the Incus host to Incus containers (defined in Terraform), but HAProxy through Titania +255 Incus port forwarding: Ports in this range are forwarded from the Incus host to Incus containers (defined in Terraform), but HAProxy through Titania + +| Range | Host | Purpose | +|-------|------|---------| +| 25510–25519 | caliban | 25512→22 SSH, 25515→5432 Postgres, 25516→8006 web, 25517→8007 web, 25518→8008 web, 25519→3389 RDP | +| 25530–25539 | miranda | MCP containers | +| 25540–25544 | sycorax | Arke LLM proxy | +| 25554 | ariel | Neo4j | +| 25555 | umbriel | Neo4j (Mnemosyne) | +| 25560–25569 | miranda | MCPO ports | +| 25570–25589 | puck | 25570–25588 app ports, 25589→3389 RDP | +| 25590–25599 | oberon | App ports | 514ZZ is the syslog port. Docker containers send their syslog to an Alloy syslog collector port. ZZ is the application instance, they just need to be different on the same host and increment from 01. diff --git a/terraform/containers.tf b/terraform/containers.tf index 3ccbfb2..1078af2 100644 --- a/terraform/containers.tf +++ b/terraform/containers.tf @@ -158,43 +158,68 @@ EOT "security.nesting" = true "raw.lxc" = "lxc.apparmor.profile=unconfined" } - devices = [{ - name = "caliban" - type = "proxy" - properties = { - listen = "tcp:0.0.0.0:25519" - connect = "tcp:127.0.0.1:3389" + devices = [ + { + name = "caliban_rdp" + type = "proxy" + properties = { + listen = "tcp:0.0.0.0:25519" + connect = "tcp:127.0.0.1:3389" + } + }, + { + name = "caliban_web3" + type = "proxy" + properties = { + listen = "tcp:0.0.0.0:25518" + connect = "tcp:127.0.0.1:8008" + } + }, + { + name = "caliban_web2" + type = "proxy" + properties = { + listen = "tcp:0.0.0.0:25517" + connect = "tcp:127.0.0.1:8007" + } + }, + { + name = "caliban_web1" + type = "proxy" + properties = { + listen = "tcp:0.0.0.0:25516" + connect = "tcp:127.0.0.1:8006" + } + }, + { + name = "caliban_postgres" + type = "proxy" + properties = { + listen = "tcp:0.0.0.0:25515" + connect = "tcp:127.0.0.1:5432" + } + }, + { + name = "caliban_ssh" + type = "proxy" + properties = { + listen = "tcp:0.0.0.0:25512" + connect = "tcp:127.0.0.1:22" + } + }, + { + name = "gpu" + type = "gpu" + properties = {} } - }, - { - name = "gpu" - type = "gpu" - properties = {} - }] + ] } prospero = { description = "Master magician observing events - PPLG observability stack with internal HAProxy" role = "observability" image = "noble" config = {} - devices = [ - { - name = "https_internal" - type = "proxy" - properties = { - listen = "tcp:0.0.0.0:25510" - connect = "tcp:127.0.0.1:443" - } - }, - { - name = "http_redirect" - type = "proxy" - properties = { - listen = "tcp:0.0.0.0:25511" - connect = "tcp:127.0.0.1:80" - } - } - ] + devices = [] } titania = { description = "Proxy & SSO Services - Queen of the fairies managing access and authentication"