feat(terraform): expand caliban port forwards and document port ranges
- Add proxy devices on caliban for SSH (25512), Postgres (25515), and three web ports (25516-25518) alongside existing RDP forward - Remove HTTP/HTTPS proxy devices from prospero (now handled via HAProxy on titania) - Document Incus port forwarding ranges (25510-25599) per host in ouranos.md and fix a typo
This commit is contained in:
@@ -54,7 +54,18 @@ XXX Project Number or 290-299 for external project (host specific)
|
|||||||
Y Service: 0 reserved, 1-4 flexible, 5 database, 6 MCP, 7 API, 8 Web App, 9 Prometheus metrics
|
Y Service: 0 reserved, 1-4 flexible, 5 database, 6 MCP, 7 API, 8 Web App, 9 Prometheus metrics
|
||||||
Z Instance: The running instance of this app on the same host, starting at 1. May also be used to handle exceptions.
|
Z Instance: The running instance of this app on the same host, starting at 1. May also be used to handle exceptions.
|
||||||
|
|
||||||
255 Incus port forwarding: Ports in ths range are forwarded from the Incus host to Incus containers (defined in Terraform), but HAProxy through Titania
|
255 Incus port forwarding: Ports in this range are forwarded from the Incus host to Incus containers (defined in Terraform), but HAProxy through Titania
|
||||||
|
|
||||||
|
| Range | Host | Purpose |
|
||||||
|
|-------|------|---------|
|
||||||
|
| 25510–25519 | caliban | 25512→22 SSH, 25515→5432 Postgres, 25516→8006 web, 25517→8007 web, 25518→8008 web, 25519→3389 RDP |
|
||||||
|
| 25530–25539 | miranda | MCP containers |
|
||||||
|
| 25540–25544 | sycorax | Arke LLM proxy |
|
||||||
|
| 25554 | ariel | Neo4j |
|
||||||
|
| 25555 | umbriel | Neo4j (Mnemosyne) |
|
||||||
|
| 25560–25569 | miranda | MCPO ports |
|
||||||
|
| 25570–25589 | puck | 25570–25588 app ports, 25589→3389 RDP |
|
||||||
|
| 25590–25599 | oberon | App ports |
|
||||||
|
|
||||||
514ZZ is the syslog port. Docker containers send their syslog to an Alloy syslog collector port. ZZ is the application instance, they just need to be different on the same host and increment from 01.
|
514ZZ is the syslog port. Docker containers send their syslog to an Alloy syslog collector port. ZZ is the application instance, they just need to be different on the same host and increment from 01.
|
||||||
|
|
||||||
|
|||||||
@@ -158,43 +158,68 @@ EOT
|
|||||||
"security.nesting" = true
|
"security.nesting" = true
|
||||||
"raw.lxc" = "lxc.apparmor.profile=unconfined"
|
"raw.lxc" = "lxc.apparmor.profile=unconfined"
|
||||||
}
|
}
|
||||||
devices = [{
|
devices = [
|
||||||
name = "caliban"
|
{
|
||||||
type = "proxy"
|
name = "caliban_rdp"
|
||||||
properties = {
|
type = "proxy"
|
||||||
listen = "tcp:0.0.0.0:25519"
|
properties = {
|
||||||
connect = "tcp:127.0.0.1:3389"
|
listen = "tcp:0.0.0.0:25519"
|
||||||
|
connect = "tcp:127.0.0.1:3389"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "caliban_web3"
|
||||||
|
type = "proxy"
|
||||||
|
properties = {
|
||||||
|
listen = "tcp:0.0.0.0:25518"
|
||||||
|
connect = "tcp:127.0.0.1:8008"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "caliban_web2"
|
||||||
|
type = "proxy"
|
||||||
|
properties = {
|
||||||
|
listen = "tcp:0.0.0.0:25517"
|
||||||
|
connect = "tcp:127.0.0.1:8007"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "caliban_web1"
|
||||||
|
type = "proxy"
|
||||||
|
properties = {
|
||||||
|
listen = "tcp:0.0.0.0:25516"
|
||||||
|
connect = "tcp:127.0.0.1:8006"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "caliban_postgres"
|
||||||
|
type = "proxy"
|
||||||
|
properties = {
|
||||||
|
listen = "tcp:0.0.0.0:25515"
|
||||||
|
connect = "tcp:127.0.0.1:5432"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "caliban_ssh"
|
||||||
|
type = "proxy"
|
||||||
|
properties = {
|
||||||
|
listen = "tcp:0.0.0.0:25512"
|
||||||
|
connect = "tcp:127.0.0.1:22"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "gpu"
|
||||||
|
type = "gpu"
|
||||||
|
properties = {}
|
||||||
}
|
}
|
||||||
},
|
]
|
||||||
{
|
|
||||||
name = "gpu"
|
|
||||||
type = "gpu"
|
|
||||||
properties = {}
|
|
||||||
}]
|
|
||||||
}
|
}
|
||||||
prospero = {
|
prospero = {
|
||||||
description = "Master magician observing events - PPLG observability stack with internal HAProxy"
|
description = "Master magician observing events - PPLG observability stack with internal HAProxy"
|
||||||
role = "observability"
|
role = "observability"
|
||||||
image = "noble"
|
image = "noble"
|
||||||
config = {}
|
config = {}
|
||||||
devices = [
|
devices = []
|
||||||
{
|
|
||||||
name = "https_internal"
|
|
||||||
type = "proxy"
|
|
||||||
properties = {
|
|
||||||
listen = "tcp:0.0.0.0:25510"
|
|
||||||
connect = "tcp:127.0.0.1:443"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name = "http_redirect"
|
|
||||||
type = "proxy"
|
|
||||||
properties = {
|
|
||||||
listen = "tcp:0.0.0.0:25511"
|
|
||||||
connect = "tcp:127.0.0.1:80"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
titania = {
|
titania = {
|
||||||
description = "Proxy & SSO Services - Queen of the fairies managing access and authentication"
|
description = "Proxy & SSO Services - Queen of the fairies managing access and authentication"
|
||||||
|
|||||||
Reference in New Issue
Block a user