Container Deployment#
Server Allocation#
flowchart TB
subgraph Hydrogen["Hydrogen (Gateway)"]
h_traefik[Traefik]
h_fail2ban[Fail2Ban]
end
subgraph Helium["Helium (GPU + Containers)"]
he_auth[Authentik]
he_drone[Drone CI]
he_portainer[Portainer]
he_n8n[n8n]
he_kuma[Uptime Kuma]
he_monitor[Prometheus/Grafana]
he_unifi[UniFi Controller]
he_llama[llama.cpp Server]
he_postgres[PostgreSQL]
he_redis[Redis]
he_minio[MinIO]
end
subgraph Lithium["Lithium (Inference Only)"]
l_llama[llama.cpp Server]
l_postgres[PostgreSQL]
end
h_traefik -->|Reverse Proxy| he_auth
h_traefik -->|Reverse Proxy| he_drone
h_traefik -->|Reverse Proxy| he_portainer
h_traefik -->|Reverse Proxy| he_n8n
h_traefik -->|Reverse Proxy| he_kuma
h_traefik -->|Reverse Proxy| he_monitor
h_traefik -->|Reverse Proxy| he_unifi
h_traefik -->|API| he_llama
h_traefik -->|API| l_llama
he_llama -->|GPU Inference| he_postgres
l_llama -->|CPU Inference| l_postgresDeployment Matrix#
| Service | Primary Server | Secondary | Notes |
|---|---|---|---|
| Traefik | Hydrogen | - | Reverse proxy, SSL termination |
| Authentik | Helium | - | Authentication provider |
| Drone CI | Helium | - | CI/CD (GitHub integration) |
| Portainer | Helium | - | Docker container management |
| n8n | Helium | - | Workflow automation |
| Uptime Kuma | Helium | - | Uptime monitoring |
| Prometheus/Grafana | Helium | - | Monitoring stack |
| UniFi Controller | Helium | - | Network management |
| llama.cpp | Helium + Lithium | - | GPU on helium, CPU on lithium |
| PostgreSQL | Helium + Lithium | - | Separate instances per server |
| Redis | Helium | - | Caching for authentik |
| MinIO | Helium | - | S3-compatible object storage |
| Coolify | Helium | - | PaaS for app deployment (optional) |
| Fail2Ban | Hydrogen | - | Security/IDS |
Docker Compose Stacks#
Core Services (helium)#
docker-compose.yml:
version: '3.8'
services:
# Authentication
authentik:
image: ghcr.io/goauthentik/server:latest
ports:
- "9000:9000"
- "9443:9443"
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgres
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=changeme
- AUTHENTIK_POSTGRESQL__NAME=authentik
volumes:
- ./authentik/media:/media
- ./authentik/custom-templates:/templates
depends_on:
- redis
- postgres
redis:
image: redis:alpine
volumes:
- redis_data:/data
postgres:
image: postgres:15-alpine
environment:
- POSTGRES_USER=authentik
- POSTGRES_PASSWORD=changeme
- POSTGRES_DB=authentik
volumes:
- postgres_data:/var/lib/postgresql/data
# CI/CD
drone:
image: drone:latest
ports:
- "8000:80"
volumes:
- drone_data:/data
environment:
- DRONE_SERVER=http://drone.mrzk.io
- DRONE_GITHUB_SERVER=https://github.com
- DRONE_GITHUB_CLIENT_ID=your-client-id
- DRONE_GITHUB_CLIENT_SECRET=your-client-secret
depends_on:
- postgres
drone-runner:
image: drone/drone-runner-docker:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone
- DRONE_RPC_SECRET=your-rpc-secret
depends_on:
- drone
# Container management
portainer:
image: portainer/portainer-ce:latest
ports:
- "9000:9000"
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock
# Workflow automation
n8n:
image: n8nio/n8n:latest
ports:
- "5678:5678"
volumes:
- n8n_data:/home/node/.n8n
environment:
- N8N_BASIC_AUTH_USER=admin
- N8N_BASIC_AUTH_PASSWORD=changeme
- N8N_HOST=n8n.mrzk.io
- WEBHOOK_URL=https://n8n.mrzk.io
# Uptime monitoring
uptime-kuma:
image: louislam/uptime-kuma:latest
ports:
- "3001:3001"
volumes:
- uptime_kuma_data:/app/data
volumes:
redis_data:
postgres_data:
drone_data:
portainer_data:
n8n_data:
uptime_kuma_data:NVIDIA Container Toolkit#
Install on helium:
# Add repository
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit.gpg
curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit.gpg] https://#g' | \
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
sudo apt update
sudo apt install nvidia-container-toolkit
# Configure Docker
sudo nvidia-ctk runtime configure --runtime=docker
sudo systemctl restart dockerUse in containers:
services:
llama-cpp-server:
image: ghcr.io/ggerganov/llama.cpp:server
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]
volumes:
- ./models:/models
environment:
- NVIDIA_VISIBLE_DEVICES=allBackup Strategy#
Container configs:
# Weekly backup of all docker-compose.yml and configs
tar -czf /mnt/backup/docker-configs-$(date +%Y%m%d).tar.gz \
~/docker/*/docker-compose.yml \
~/docker/*/config/Database dumps:
# Daily postgres backup
pg_dump -U authentik authentik > /mnt/backup/authentik-$(date +%Y%m%d).sql