Split MinIO into media + infra-backup instances; add Gitea

- photos minio -> media.kennethreitz.org (media-minio console) - new infra project: minio-backups on s3.kennethreitz.org (Dokploy backup destination), gitea on git.kennethreitz.org mirroring all github.com/kennethreitz repos every 8h - note the compose-domains-are-deploy-time-labels gotcha Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 02:29:07 -04:00
parent a58cd5ac78
commit 0f2da47321
1 changed files with 37 additions and 11 deletions
@@ -180,25 +180,51 @@ Redeploy: `scripts/api.sh application.deploy '{"applicationId":"arptPVNJZU0SIsk7

 Redeploy: `scripts/api.sh compose.deploy '{"composeId":"WICLbVwy5JEbHz2SPb4tR"}'`

-#### Compose: minio (in the photos project)
+#### Compose: minio (photos media store)

-> MinIO object storage — S3-compatible, self-hosted. Lives in the photos project
-> (it's primarily photos' media store) but also serves as the Dokploy backup target.
+> MinIO for photo media. Lives in the photos project. A *separate* MinIO in the
+> infra project handles backups — see below.

 | | |
 |---|---|
 | Compose ID | `UK8pWczw8d9GSmyLjZJiP` (appName `minio-q3xgqx`, sourceType raw, env `production` of photos) |
-| S3 API | https://s3.kennethreitz.org (container port 9000) |
-| Console | https://minio.kennethreitz.org (container port 9001) |
+| S3 API | https://media.kennethreitz.org (container port 9000) |
+| Console | https://media-minio.kennethreitz.org (container port 9001) |
 | Data dir | `/mnt/objects/minio` — bind mount on the 250 GB `mercury-objects` Hetzner volume |
 | Root user | `exiftree-admin` (password in Dokploy compose env) |
-| Buckets | `exiftree-media` (anonymous download enabled), `dokploy-backups` (private) |
-| Service account | access key `HU3BA5QMX2AZ67LYSKOQ` (secret in Dokploy destination + app env) |
+| Buckets | `exiftree-media` (anonymous download enabled) |
+| Service account | access key `HU3BA5QMX2AZ67LYSKOQ` |

-Note: this compose was originally its own project; moved under photos 2026-06-05.
-Moving a raw compose between projects = delete + recreate; the bind-mounted data
-is untouched. Domains and Dokploy backup destination reference the endpoint URL,
-so they survive moves unchanged (domains were recreated on the new composeId).
+⚠️ Gotcha learned the hard way: Dokploy compose domains are applied as **container
+labels at deploy time** — `domain.create`/`delete` alone changes nothing until the
+compose is redeployed. Stale labels keep routing the old hostname.
+
+### infra
+
+> Infrastructure services (own project)
+
+#### Compose: minio-backups
+
+| | |
+|---|---|
+| Compose ID | `o5LlW9tAugh9K3nf5CTh5` (appName `minio-backups-o5fjyf`, raw) |
+| S3 API | https://s3.kennethreitz.org (port 9000) |
+| Console | https://minio.kennethreitz.org (port 9001) |
+| Data dir | `/mnt/objects/minio-infra` (on the volume) |
+| Root user | `infra-admin` (password in Dokploy compose env) |
+| Buckets | `dokploy-backups` (private) |
+| Service account | access key `6XXKL051TW9ENNKE14DM` (used by the Dokploy destination) |
+
+#### Compose: gitea
+
+| | |
+|---|---|
+| Compose ID | `PV7bUFe4wV-2G1WD8H57e` (appName `gitea-qdogok`, raw) |
+| URL | https://git.kennethreitz.org (container port 3000) |
+| Git SSH | `git.kennethreitz.org:2222` (host port 2222 → container 22) |
+| Data dir | `/var/lib/gitea` (root disk; sqlite DB) |
+| Admin | `kennethreitz` (password noted at setup; registration disabled) |
+| Mirrors | Pull-mirrors of all github.com/kennethreitz repos (public + private), refreshed every 8h, created via `/api/v1/repos/migrate` with a GitHub token for private clones |

 ### Backups