Skip to content

migration.md

Latest commit

 

History

History
79 lines (57 loc) · 3.04 KB

migration.md

File metadata and controls

79 lines (57 loc) · 3.04 KB

Migration: Dokploy

Step-by-step guide for migrating from Dockge/Tugtainer to Dokploy.

Requirements: R1, R2, R3, R5, R6, R7 Decision: ADR-001 Status: ✅ Complete

What Was Done

Installation

  • Installed Dokploy manually (official script fails due to Tailscale on port 443)
  • Docker Swarm initialised with --advertise-addr on Tailscale IP
  • Dokploy dashboard accessible at http://beelink:3000 (Tailscale only)
  • No Traefik — not needed behind Tailscale

GitHub Integration

  • Connected GitHub account (Dokploy GitHub App installed)
  • Flight tracker builds from source (Dockerfile), not GHCR images

Service Migration

Flight Tracker Backend

  • Created as Dokploy application (GitHub source, dockerfile build)
  • CORS_ORIGINS env var configured
  • Cloudflared deployed as separate Dokploy app (docker image source)
  • Cloudflare tunnel routing updated to Dokploy service name
  • Public endpoint verified: https://api.colincheung.dev/docs
  • Auto-deploy via CI: Tailscale GitHub Action → Dokploy API (PR #50 on flight-tracker repo)

Flight Tracker Frontend

Frontend deploys to Cloudflare Pages (unchanged) — Dokploy doesn't manage it.

Home Assistant

  • Compose moved to ~/code/homelab/stacks/home-assistant/
  • Data moved from /opt/stacks/ to repo stacks directory
  • Optional: migrate to Dokploy-managed compose service

MQTT (Mosquitto)

  • Compose moved to ~/code/homelab/stacks/mqtt/
  • Data moved from /opt/stacks/ to repo stacks directory
  • Port bindings use ${TAILSCALE_IP} env var
  • Optional: migrate to Dokploy-managed compose service

Observability

  • Discord webhook configured for all alert types (build errors, deploys, restarts, thresholds)

Cleanup

  • Dockge stopped and removed (/opt/dockge/ deleted)
  • Tugtainer removed (container + volume deleted)
  • Old flight-tracker compose stopped
  • /opt/stacks/ removed entirely
  • All services verified healthy

Security Hardening (done alongside migration)

  • Tailscale ACLs tightened to least-privilege (desktop=full, mobile=HA only, CI=Dokploy only)
  • Git history squashed to remove leaked Tailscale IP
  • MQTT compose uses ${TAILSCALE_IP:?} (fails fast if unset)

Final State

Service Managed By How It Deploys
Flight tracker backend + cloudflared Dokploy (Compose) CI → Tailscale → Dokploy API
Home Assistant Docker Compose (repo) mise run deploy:all on server
MQTT Docker Compose (repo) mise run deploy:all on server
Observability (Grafana, Prometheus, Loki, Alloy) Docker Compose (repo) mise run deploy:all on server
CrowdSec Docker Compose (repo) mise run deploy:all on server
Dokploy + Postgres + Redis Docker Swarm Self-managed

Rollback Plan

HA and MQTT compose files are in stacks/ — run docker compose up -d to restore. Flight tracker can be redeployed from GHCR by reverting the CI workflow changes.