Table of Contents
App-01
Purpose
app-01.hackeriet.no is a Docker-based application host for Hackeriet services. It runs the upstream applications that are exposed through ingress.
Observed applications include:
- LibreNMS / nms.hackeriet.no
- Mobilizon / events.hackeriet.no
- HedgeDoc / pad.hackeriet.no and pad2.hackeriet.no
- ownCloud / docs.hackeriet.no
- Smokeping / ping.hackeriet.no
Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and hosting information.
Access
Normal access:
ssh <your-hacker-id-username>@app-01.hackeriet.no
Access is managed through Hacker-ID / Kanidm. The relevant group is documented on Hacker-ID:
service-apphost-sysops- SSH + sudo + docker forapp-01
Application layout
Observed service directory root:
/storage/services
Observed service directories:
/storage/services/docker-mobilizon/storage/services/hedgedoc/storage/services/librenms-docker/storage/services/netbox-docker/storage/services/owncloud/storage/services/smokeping
Docker data is stored under:
/storage/var-lib-docker
Nginx configuration
Main observed configuration directory:
/etc/nginx/conf.d
Observed hostname-to-local-port mappings:
ip.hackeriet.no→http://localhost:8000nms.hackeriet.no→http://localhost:8001docs.hackeriet.no→http://localhost:8002pad.hackeriet.no→http://localhost:8003events.hackeriet.no→http://localhost:4000ping.hackeriet.no→http://localhost:8005
Credentials
Relevant hackeriet/pass entries:
root@app-01.hackeriet.no.gpg
Checks during incidents
Basic host checks:
hostname -f id systemctl --failed --no-pager df -h -x tmpfs -x devtmpfs ip -br addr show scope global
Service checks:
systemctl status docker nginx firewalld kanidm-unixd sshd docker ps nginx -t grep -R "server_name\|proxy_pass" -n /etc/nginx/conf.d journalctl -u docker -u nginx --since "1 hour ago"
Storage checks:
df -h /storage du -sh /storage/services/* /storage/var-lib-docker 2>/dev/null
If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth.