====== App-01 ======

===== Purpose =====

''app-01.hackeriet.no'' is a Docker-based application host for Hackeriet services. It runs the upstream applications that are exposed through [[infra:hosts:ingress|ingress]].

Observed applications include:

  * [[infra:services:netbox|NetBox / ip.hackeriet.no]]
  * LibreNMS / nms.hackeriet.no
  * Mobilizon / events.hackeriet.no
  * HedgeDoc / pad.hackeriet.no and pad2.hackeriet.no
  * ownCloud / docs.hackeriet.no
  * Smokeping / ping.hackeriet.no

Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and hosting information.

===== Access =====

Normal access:

  * ''ssh <your-hacker-id-username>@app-01.hackeriet.no''

Access is managed through Hacker-ID / Kanidm. The relevant group is documented on [[infra:services:hacker-id|Hacker-ID]]:

  * ''service-apphost-sysops'' - SSH + sudo + docker for ''app-01''

===== Application layout =====

Observed service directory root:

  * ''/storage/services''

Observed service directories:

  * ''/storage/services/docker-mobilizon''
  * ''/storage/services/hedgedoc''
  * ''/storage/services/librenms-docker''
  * ''/storage/services/netbox-docker''
  * ''/storage/services/owncloud''
  * ''/storage/services/smokeping''

Docker data is stored under:

  * ''/storage/var-lib-docker''

===== Nginx configuration =====

Main observed configuration directory:

  * ''/etc/nginx/conf.d''

Observed hostname-to-local-port mappings:

  * ''ip.hackeriet.no'' -> ''http://localhost:8000''
  * ''nms.hackeriet.no'' -> ''http://localhost:8001''
  * ''docs.hackeriet.no'' -> ''http://localhost:8002''
  * ''pad.hackeriet.no'' -> ''http://localhost:8003''
  * ''events.hackeriet.no'' -> ''http://localhost:4000''
  * ''ping.hackeriet.no'' -> ''http://localhost:8005''

===== Credentials =====

Relevant ''hackeriet/pass'' entries:

  * ''root@app-01.hackeriet.no.gpg''

===== Checks during incidents =====

Basic host checks:

<code>
hostname -f
id
systemctl --failed --no-pager
df -h -x tmpfs -x devtmpfs
ip -br addr show scope global
</code>

Service checks:

<code>
systemctl status docker nginx firewalld kanidm-unixd sshd
docker ps
nginx -t
grep -R "server_name\|proxy_pass" -n /etc/nginx/conf.d
journalctl -u docker -u nginx --since "1 hour ago"
</code>

Storage checks:

<code>
df -h /storage
du -sh /storage/services/* /storage/var-lib-docker 2>/dev/null
</code>

If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth.