Notes/files relevant to operation of arcsnet.dev services.

Find a file

Arc 2624d10044 tailscale documented		2026-05-22 10:36:04 -04:00
README.md	tailscale documented	2026-05-22 10:36:04 -04:00

README.md

ArcsNet Core Repository

URLs:

Admin Panel (Cockpit)
Git Host (you're here dumbass)
OpenWebUI -- disabled until further notice, fuck OpenAI
SearXNG Instance
Wikipedia Mirror
Portainer
Zulip
DADS — Dictionary of Algorithms & Data Structures

To-Do:

~~Fix stupid piece of shit Portainer~~ Done via HTTP:9000
~~Potentially set up Fail2Ban~~ Done but no integration with cloudflared at this time
~~IRC -- use https://hub.docker.com/r/inspircd/inspircd-docker/~~ Replaced by Zulip instance
~~Email (tentative) -- use iRedMail~~ Impossible on consumer internet (no port 25 access)
Set more persistent storage for the Zulip DB -- see if possible, if not, cry
Figure out backups (where, how, when)

Systemd (systemctl) Services:

Service	Description / Purpose	Port / Access	ArcsNet Subdomain
cloudflared.service	Cloudflare Tunnels	internal	N/A
syncthing.service	File synchronization	8384	Localhost only
cockpit.service	Admin web panel	9090	admin.arcsnet.dev
ssh.service	Secure shell server (key-auth only)	22	ssh.arcsnet.dev
pm2-(user).service	PM2 process manager (rpbot + deploy-hook)	internal	N/A
tailscaled.service	Tailscale VPN + exit node	100.123.74.19 (Tailnet)	N/A

Docker:

Structure:

/opt/
├── dads/                     # DADS static site git clone (used to build image)
├── deploy-hook/              # Webhook listener for rpbot auto-deploy
│   └── index.js
├── fail2ban/                 # Stores fail2ban configs
├── forgejo/  
│   ├── docker-compose.yml  
│   ├── .env  
│   ├── data/                # Forgejo repos & config  
│   └── postgres/            # Database files  
├── kiwix/  
│   ├── data/                # Wikipedia .zim archives  
│   └── kiwix-zim-updater/   # Updater script repo  
├── openwebui/               # Persistent OpenWebUI data  
├── portainer/               # Portainer's various thingstuffs  
├── rpbot/                   # Discord bot (arc/rpbot on Forgejo)
│   └── deploy.sh            # Pull, npm install, pm2 restart
├── searxng/                 # (not yet needed) SearXNG config if not using defaults  
└── ...

/home/(ssh-user)
├── docker-zulip/            # Stores configs and tools for Zulip stack management
├── Sync                     # Core Syncthing directory (used as central storage for me)
└── ...

Services:

Service	Container Image	Host Port -> Container Port	ArcsNet Subdomain	Persistent Directory	Notes
Watchtower	`nickfedor/watchtower`	— (socket mount)	N/A	N/A	Used via cron job (03:00 daily) to update images
Forgejo Git Host	`codeberg.org/forgejo/forgejo:13` + `postgres:15`	4000 -> 3000 (HTTP), 2222 -> 22 (SSH)	git.arcsnet.dev	`/opt/forgejo/data`,`/opt/forgejo/postgres`	Docker Compose
OpenWebUI	`ghcr.io/open-webui/open-webui:latest`	3000 -> 8080	gpt.arcsnet.dev	`/opt/openwebui`	None
SearXNG	`ghcr.io/searxng/searxng:latest`	8082 -> 8080	search.arcsnet.dev	`/opt/searxng`	SearX instance
Kiwix Wiki Mirror	`ghcr.io/kiwix/kiwix-serve:latest`	8081 -> 8080	wiki.arcsnet.dev	`/opt/kiwix/`	Wiki ZIM file server
Portainer	`portainer/portainer-ce:lts`	9000 -> 9000	docker.arcsnet.dev	`/opt/portainer`	Might be hogging other ports?
Fail2Ban	`lscr.io/linuxserver/fail2ban:latest`	— (socket mount)	N/A	`/opt/fail2ban`	Didn't mess with any cloudflared stuff
Zulip Docker	`ghcr.io/zulip/zulip-server:11.5-2` + `redis:alpine` + `rabbitmq:4.2` + `memcached:alpine` + `zulip/zulip-postgresql:14`	25 -> 25, 443 -> 443, 80 -> 80	zulip.arcsnet.dev	`/home/(ssh-user)/docker-zulip`, kind of all over the different dockers otherwise	Docker Compose + only partly via tunnel (port 80)
DADS	local build (`arc/dads`)	8080 -> 80	dads.arcsnet.dev	N/A (fully static, built into image)	NIST dictionary of algorithms & data structures; preserved after nist.gov went offline. Not updated by Watchtower.

PM2 Processes:

Managed via PM2 under the SSH user. Persisted across reboots via pm2 startup (systemd unit: pm2-(user).service).

Process	Entry Point	Description
rpbot	`npm start` in `/opt/rpbot`	Discord bot; calls local LLM at `10.0.0.66:5001`
deploy-hook	`/opt/deploy-hook/index.js`	Listens on `127.0.0.1:9001`; triggered by Forgejo webhook on push to `arc/rpbot`, runs `/opt/rpbot/deploy.sh`

Useful commands:

pm2 status
pm2 logs rpbot
pm2 restart rpbot
/opt/rpbot/deploy.sh   # manual deploy

Crontab Entries:

0 3 * * * /usr/bin/docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nickfedor/watchtower --run-once >> /var/log/watchtower.log 2>&1  
0 4 * * 1 /opt/kiwix/kiwix-zim-updater/kiwix-zim-updater.sh -d -w /opt/kiwix/data >> /var/log/kiwix-update.log 2>&1 && docker restart kiwix

At 3AM daily, Watchtower (nickfedor fork -- containrrr is deprecated) runs docker updates.
At 4AM weekly (I think?), Kiwix update script checks for new maxi EN mirror.

Notes:

To-Do will be cleared... eventually.
Services lists should be in order of when they were added.
Structure should be alphabetical (and as deep as needed).