jsbeckr/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe6ce5249e6c8b9ef3d2874c9b8f0cb1a78013ea
homelab/docs/index.md
Jens fe6ce5249e add knecht
2026-04-04 14:34:22 +02:00

5.3 KiB
Raw Blame History

Portainer — Homelab Documentation

Generated: 2026-04-02 Source: https://portainer.home.jens.pub

Instance Overview

Property Value
Edition Portainer EE (Enterprise Edition)
Image portainer/portainer-ee:lts
URL https://portainer.home.jens.pub
Container port 9443 (HTTPS)
Uptime Running

Portainer Settings

Setting Value
Authentication Internal (username/password)
Minimum password length 12 characters
User session timeout 8 hours
Snapshot interval 5 minutes
Edge compute Disabled
OAuth / LDAP Not configured

Users

Username Role
jens Administrator

Environment (Endpoint)

Single environment: local

Property Value
Type Docker standalone
Connection unix:///var/run/docker.sock
Docker version 29.3.0
CPUs 6
Memory ~15.5 GB
Running containers 3
Volumes 4
Images 7
Stacks 2 (traefik, adguard)
Swarm No

Security Settings

  • Bind mounts for regular users: disabled
  • Privileged mode for regular users: disabled
  • Host namespace for regular users: disabled
  • Stack management for regular users: allowed

Docker Networks

Name Driver Scope Notes
proxy bridge local Shared network used by all stacks
bridge bridge local Docker default
host host local Docker default
none null local Docker default

The proxy network is an external bridge network created manually. All services that need Traefik routing must be attached to it.

Running Stacks

Stack Purpose Docs
traefik Reverse proxy + TLS traefik.md
adguard DNS ad/tracker blocking adguard.md
portainer Container management UI portainer.md
vaultwarden Password manager vaultwarden.md
watchtower Automatic image updates watchtower.md
beszel Container & host metrics beszel.md
dozzle Container log viewer dozzle.md
rrr Media automation (VPN-routed) rrr.md
jellyfin Media server jellyfin.md

Service Map

Internet
   │
   ▼
[Host :80/:443]
   │
   ▼
[traefik:v3.6]  ──── TLS wildcard cert (*.home.jens.pub via Namecheap DNS-01)
   │
   ├── traefik.home.jens.pub    ──→  Traefik dashboard (api@internal)
   ├── adguard.home.jens.pub    ──→  adguard:80 (AdGuard web UI)
   ├── portainer.home.jens.pub  ──→  portainer:9000
   ├── vault.home.jens.pub      ──→  vaultwarden:80 (password manager)
   ├── beszel.home.jens.pub    ──→  beszel:8090 (metrics)
   ├── logs.home.jens.pub      ──→  dozzle:8080 (log viewer)
   ├── sonarr.home.jens.pub    ──→  gluetun→sonarr:8989 (TV, via Mullvad)
   ├── radarr.home.jens.pub    ──→  gluetun→radarr:7878 (movies, via Mullvad)
   ├── prowlarr.home.jens.pub  ──→  gluetun→prowlarr:9696 (indexers, via Mullvad)
   ├── sabnzbd.home.jens.pub   ──→  gluetun→sabnzbd:8080 (Usenet DL, via Mullvad)
   └── jellyfin.home.jens.pub  ──→  jellyfin:8096 (media server)

[adguard/adguardhome]   ──── DNS :53 (TCP/UDP)
[portainer/portainer-ee] ──── Portainer UI :9443

All services share the external `proxy` bridge network.

Notes & Considerations

  • Sensitive credentials in stack definitions: The traefik stack has the Namecheap API key and source IP hardcoded in the compose environment. Consider moving these to a .env file or Portainer's secret/environment variable management.
  • AdGuard image tag: Using latest — consider pinning to a specific version for reproducibility.
  • Portainer not in a stack: The Portainer container itself is not managed as a Portainer stack (typical self-managed setup).
  • Access control: The traefik stack is admin-only. The adguard stack grants explicit access to user jens (ID 1).
Reference in New Issue View Git Blame Copy Permalink