NAS Docker Apps

App	Port	Compose Directory	External Access
Immich	2283	`/volume1/docker/immich/`	LAN only
Vaultwarden	8843	`/volume1/docker/vaultwarden/`	`https://vault.vyanh.uk` (via MikroTik cloudflared tunnel)
Uptime Kuma	3001	`/volume1/docker/uptime-kuma/`	`https://status.vyanh.uk` (via K8s cloudflared tunnel)
Portainer	9443	`/volume1/docker/portainer/`	LAN only (manually deployed, not a Git stack)
Watchtower	8080	`/volume1/docker/portainer/`	Monitor-only mode
Homepage	3000	`homepage/` in `nas-stacks` repo	LAN only
Paperless-ngx	8010	`/volume1/docker/paperless/`	LAN only
Node Exporter	9100	`/volume1/docker/node-exporter/`	Scraped by K8s vmagent
SNMP Exporter	9116	`/volume1/docker/snmp-exporter/`	Scraped by K8s vmagent
UPS API	host	`/volume1/docker/ups-api/`	LAN only, host network
Peanut	8080	`/volume1/docker/peanut/`	LAN only, NUT web dashboard
Syncthing	8384	`syncthing/` in `nas-stacks` repo	LAN only — receives Proxmox backups from K8s
Syncthing Pruner	—	`syncthing/` (same stack)	Sidecar — deletes files >14 days from dump dir
ntfy	2586	`/volume1/docker/ntfy/`	`https://ntfy.vyanh.uk` and `https://ntfy.homelab.vyanh.uk`
IT Tools	8765	`/volume1/docker/it-tools/`	LAN only
vault-watcher	—	`/volume1/docker/vault-watcher/`	LAN only — Vault seal monitoring
MinIO	9000/9001	`/volume1/docker/minio/`	LAN only — S3-compatible object storage
WikiJS	3080	`/volume1/docker/wikijs/`	LAN only — this wiki
Memos	5230	`/volume1/docker/memos/`	LAN only — notes
GitLab CE	3400 (web), 2222 (SSH)	`/volume1/docker/gitlab/`	LAN only — Git server (primary, GitHub mirror)

Variable	Value
`SMTP_PASSWORD`	Gmail app password
`MINIO_ACCESS_KEY`	`db-backup`
`MINIO_SECRET_KEY`	MinIO secret for `db-backup` user

Group	Monitors
Infrastructure	K8s node pings, router, core infrastructure
NAS Apps	All Docker apps on the NAS
Kubernetes Services	All K8s services via Traefik IP

Setting	Value
Image	`brandawg93/peanut:latest`
Port	8080 (host network)
NUT Host	`127.0.0.1:3493` (local NUT daemon)

Setting	Value
Image	`syncthing/syncthing:latest`
GUI port	`8384` → `http://192.168.88.19:8384`
Sync port	`22000` TCP+UDP
Config	`/volume1/docker/syncthing/config` (bind mount, owned by 1026:100)
Data	`/volume1/docker/proxmox-backup/dump` (bind mount)
Folder mode	Receive Only + Ignore Deletes
PUID/PGID	1026 / 100 (andy user)

Setting	Value
Image	`alpine:latest`
Schedule	`30 6 * * *` (06:30 daily)
Deletes	`.vma.zst`, `.vma.zst.notes`, `.log`, `.tar` older than 14 days
Directory	`/volume1/docker/proxmox-backup/dump`

Setting	Value
Port	2586
Public URL	`https://ntfy.vyanh.uk`
LAN URL	`https://ntfy.homelab.vyanh.uk`
Auth	`deny-all` — Bearer token authentication required
FCM relay	Upstream `https://ntfy.sh` for mobile push (Firebase Cloud Messaging)
Admin user	`andy`

Topic	Used By	Priority
`homelab-alerts`	vmalert/alertmanager (K8s), Uptime Kuma	high/critical
`homelab-ops`	MikroTik backup scripts, general operations	low/default
`homelab-security`	CrowdSec security events	high
`homelab-ups`	UPS power events (UPS API)	high

Setting	Value
Image	`corentinth/it-tools:latest`
Port	8765
URL	`http://192.168.88.19:8765`
Data	Stateless — no persistent volume needed

Setting	Value
Image	`alpine:3.21`
Script	`/volume1/docker/vault-watcher/scripts/watch.sh` (bind mounted)
State	Named Docker volume `vault-watcher-state`
Check interval	30 seconds
Vault transit	`http://192.168.88.19:8201`
Vault K8s	`https://vault.homelab.vyanh.uk`
Alerts	ntfy via `NTFY_URL`/`NTFY_TOKEN` env vars
Memory limit	64m

Setting	Value
API Port	9000
Console Port	9001
Network mode	`host` (required for passive FTP on port 2121)
Data	`/volume1/docker/minio/data`
FTP	Port 2121, passive range 30000-30010 (MikroTik router backup uploads)

¶ NAS Docker Apps

¶ Overview

¶ Application Table

¶ Service Details

¶ Immich

¶ Vaultwarden

¶ Uptime Kuma

¶ Paperless-ngx

¶ Homepage

¶ Watchtower

¶ UPS API

¶ Peanut (NUT Web Dashboard)

¶ Syncthing (Backup Receiver)

¶ Syncthing Pruner (Sidecar)

¶ ntfy (Push Notifications)

¶ IT Tools

¶ vault-watcher

¶ MinIO