Decom-pending 2026-05-04 — Alle 7 hosted Services migriert. Nur noch
portainer-agentaktiv. Nach ≥ 7 Tage Karenz wird die Seite ins Archive verschoben.
Migrations-Ziele: Wiki.js → vm-rz-svc-prod-01, Authentik → vm-rz-svc-prod-01, GitLab-Runner → vm-rz-app-prod-01, postgres_production → vm-rz-db-01, pgAdmin → vm-rz-svc-prod-01, business-apps → vm-rz-app-prod-01.
| Property | Value |
|---|---|
| Site | Rz |
| Hypervisor host | ESXi-RZ |
| Role | Multi-service Linux host — public-facing workhorse (Authentik, Wiki, Postgres, Traefik, GitLab apps) |
| OS | Debian |
| Primary IP | 10.200.0.200 (public-facing) / 10.100.0.200 (LAN, reachable from Home over VPN) |
| SSH alias | vm-sl-00 |
| vCPU | — (TBD) |
| Memory | — (TBD) |
| Storage | — (TBD) |
| Backup | PBS VM-image-level + per-app dumps (Postgres, Authentik, GitLab, Mailcow). Full coverage every 24h. |
postgres_production Postgres instance.reg.git.blackreset.com.traefik_backend (172.18.0.0/16) — shared ingress + cross-app DB.wiki-int (172.20.0.0/24) — legacy from BookStack era; only wiki_wiki_app_data and wiki_wiki_db_data volumes still attached for rollback safety.reg.git.blackreset.com:443 — see Services / Business apps.authentik-ldap-outpost (added 2026-04-30) — host ports 389:3389 (clear) + 636:6636 (TLS); container runs unprivileged on the internal Authentik compose network. See Migration / Authentik LDAP outpost 2026.| Property | Value |
|---|---|
| SSH user | alexander |
| SSH key (local) | E:/Workspace/Repositories/Clean Up/.secrets/ssh/blackreset_admin_ed25519 |
| Listening ports (notable) | 22 (SSH), 443/80 (Traefik), 5432 (Postgres on 0.0.0.0), 389/636 (Authentik LDAP outpost) |
| Notes | Postgres listens on 0.0.0.0:5432 — internal access only via VPN tunnel + LAN; no public NAT forward. Authentik LDAP outpost listens on host 0.0.0.0:389 (cleartext) and 0.0.0.0:636 (TLS); served by container authentik-ldap-outpost (image ghcr.io/goauthentik/ldap:2025.8.4) under /opt/authentik/docker-compose.override.yml. Outpost token at .secrets/.ldap-outpost-token; bind service-account password at .secrets/.ldap-bind-password. |
admin exists. Add alexander and lena.