philipp.info Infrastructure¶

Self-hosted platform orchestrating two servers:

phil-app (157.90.134.159) — Application server, ~100 Docker Compose containers
phil-db (88.198.7.144) — Database server, MariaDB only

Connected via WireGuard tunnel (phil-app: 10.42.10.4 ↔ phil-db: 10.42.10.3).

Doc	Contents
architecture.md	Ansible playbooks, MariaDB, Docker networking overview, secrets table
hardware.md	Server hardware, disk layouts, performance baselines
pitfalls.md	Cross-cutting gotchas (networking, Docker, system, I/O)
roadmap.md	Prioritized backlog

Doc	Contents
operations/runbooks.md	Health checks, Step-CA/PKI, failure cascades, restart policies, housekeeping
operations/deploy.md	Deploying compose changes, git workflow, server access

Service	Stack	Doc
Mail (mailcow)	`stack/mailcow/`	services/mail.md
Identity (Keycloak + OpenLDAP)	`stack/secure/`, `stack/ldap/`	services/identity.md
Friendica — philipp.info	`stack/friendica/`	services/friendica-philipp.md
Friendica — opensocial.at	`stack/opensocial/`	services/friendica-opensocial.md
Friendica — friendica.me	`stack/friendica.me/`	services/friendica-me.md
Monitoring	`stack/itop/`	services/monitoring.md
Backups	`stack/borgmatic/`	services/backup.md
Matrix	`stack/matrix/`	services/matrix.md
Network (Traefik + CoreDNS)	`stack/traefik/`, `stack/dns/`	services/network.md
Nextcloud	`stack/nextcloud/`	services/nextcloud.md

ADR	Decision
ADR-001	Secrets `_FILE` migration strategy
ADR-002	PHP cron/worker `memory_limit` cap
ADR-003	`host.docker.internal` with Shorewall
ADR-004	PHP-FPM `dynamic` vs `ondemand`
ADR-005	Mailstack migration Kopano → mailcow
ADR-006	OpenLDAP image bitnamilegacy → nfrastack

SSH Access¶

ssh -p 5422 philipp@157.90.134.159   # phil-app
ssh -p 5422 philipp@88.198.7.144     # phil-db

SSH port: 5422. User philipp has passwordless sudo.