From f236f7979463b5f4fef1b36831f9deb3821b9860 Mon Sep 17 00:00:00 2001
From: nathan <nathan@castaldifamily.com>
Date: Sat, 11 Apr 2026 21:36:29 -0400
Subject: [PATCH] initial folder structure with README's for placeholders

---
 ansible/README.md                |   1 +
 documentation/README.md          |   1 +
 nodes/heimdall/README.md         |   1 +
 nodes/heimdall/compose.core.yaml | 166 +++++++++++++++++++++++++++++++
 nodes/waldorf/README.md          |   1 +
 nodes/watchtower/README.md       |   1 +
 scripts/README.md                |   1 +
 7 files changed, 172 insertions(+)
 create mode 100644 ansible/README.md
 create mode 100644 documentation/README.md
 create mode 100644 nodes/heimdall/README.md
 create mode 100644 nodes/heimdall/compose.core.yaml
 create mode 100644 nodes/waldorf/README.md
 create mode 100644 nodes/watchtower/README.md
 create mode 100644 scripts/README.md

diff --git a/ansible/README.md b/ansible/README.md
new file mode 100644
index 0000000..5c14516
--- /dev/null
+++ b/ansible/README.md
@@ -0,0 +1 @@
+# ansible folder
diff --git a/documentation/README.md b/documentation/README.md
new file mode 100644
index 0000000..bb8fe05
--- /dev/null
+++ b/documentation/README.md
@@ -0,0 +1 @@
+# documenation folder
diff --git a/nodes/heimdall/README.md b/nodes/heimdall/README.md
new file mode 100644
index 0000000..f6b3c13
--- /dev/null
+++ b/nodes/heimdall/README.md
@@ -0,0 +1 @@
+# heimdall info
\ No newline at end of file
diff --git a/nodes/heimdall/compose.core.yaml b/nodes/heimdall/compose.core.yaml
new file mode 100644
index 0000000..0481b31
--- /dev/null
+++ b/nodes/heimdall/compose.core.yaml
@@ -0,0 +1,166 @@
+name: core
+services:
+  # --- SECURITY LAYER ---
+  docker-socket-proxy:
+    image: tecnativa/docker-socket-proxy:v0.4.2
+    container_name: docker-socket-proxy
+    restart: unless-stopped
+    userns_mode: "host"
+    user: "0:0"
+    security_opt:
+      - apparmor=unconfined
+    privileged: true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - proxy-net
+    group_add:
+      - "988" # Ensure this matches 'stat -c %g /var/run/docker.sock' on heimdall
+    environment:
+      # Read Access (for Traefik)
+      - CONTAINERS=1
+      - SERVICES=1
+      - NETWORKS=1
+      - VOLUMES=1
+      - IMAGES=1
+      - INFO=1
+      - VERSION=1
+      - EVENTS=1
+      - PING=1
+      # Write Access (Required for Komodo/Portainer to deploy)
+      - POST=1 
+      - ALLOW_START=1
+      - ALLOW_STOP=1
+      - ALLOW_RESTARTS=1
+  redis:
+    image: redis:7-alpine
+    container_name: redis
+    restart: unless-stopped
+    ports:
+      - "6379:6379"
+    networks:
+      - proxy-net
+    volumes:
+      - redis-data:/data
+    command: redis-server --appendonly yes
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  # --- NETWORKING ---
+  traefik:
+    image: traefik:v3.6.5
+    container_name: traefik
+    restart: unless-stopped
+    depends_on:
+      redis:
+        condition: service_healthy
+      docker-socket-proxy:
+        condition: service_started
+    networks:
+      - proxy-net
+    environment:
+      - DOCKER_HOST=tcp://docker-socket-proxy:2375
+      - CLOUDFLARE_DNS_API_TOKEN=${CF_API_TOKEN}
+      - CLOUDFLARE_ZONE_API_TOKEN=${CF_ZONE_TOKEN}
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /mnt/appdata/traefik/traefik.yml:/traefik.yml:ro
+      - /mnt/appdata/traefik/dynamic:/dynamic:ro
+      - /mnt/appdata/traefik/certs:/certs
+      - /mnt/appdata/traefik/access-logs:/var/log/traefik
+    labels:
+      - "traefik.enable=true"
+      # Router for the Dashboard
+      - "traefik.http.routers.traefik-secure.rule=Host(`proxy.castaldifamily.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
+      - "traefik.http.routers.traefik-secure.tls=true"
+      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
+      - "traefik.http.routers.traefik-secure.service=api@internal"
+      # Root Redirect (Optional but nice)
+      - "traefik.http.routers.traefik-root.rule=Host(`proxy.castaldifamily.com`) && Path(`/`)"
+      - "traefik.http.routers.traefik-root.entrypoints=websecure"
+      - "traefik.http.routers.traefik-root.tls=true"
+      - "traefik.http.routers.traefik-root.service=api@internal"
+      - "traefik.http.routers.traefik-root.middlewares=traefik-redir"
+      - "traefik.http.middlewares.traefik-redir.redirectregex.regex=^https?://proxy.castaldifamily.com/$$"
+      - "traefik.http.middlewares.traefik-redir.redirectregex.replacement=https://proxy.castaldifamily.com/dashboard/"
+
+  # --- MANAGEMENT ---
+  komodo-db:
+    image: mongo:8.2.6
+    container_name: komodo-db
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    command: --quiet --wiredTigerCacheSizeGB 0.25
+    restart: unless-stopped
+    networks:
+      - proxy-net
+    # ports:
+    #   - 27017:27017
+    volumes:
+      - /mnt/appdata/komodo/mongo/db:/data/db
+      - /mnt/appdata/komodo/mongo/config:/data/configdb
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DATABASE_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DATABASE_PASSWORD}
+
+  komodo-core:
+    image: ghcr.io/moghtech/komodo-core:2
+    init: true
+    container_name: komodo-core
+    restart: unless-stopped
+    depends_on:
+      - komodo-db
+    networks:
+      - proxy-net
+    ports:
+      - 9120:9120
+    env_file: .env
+    environment:
+      KOMODO_DATABASE_ADDRESS: komodo-db:27017
+    volumes:
+      - /mnt/appdata/komodo/keys:/config/keys
+      - /mnt/appdata/komodo/backups:/backups
+    labels:
+      - komodo.skip
+      - "traefik.enable=true"
+      - "traefik.http.routers.komodo.entrypoints=websecure"
+      - "traefik.http.routers.komodo.rule=Host(`komodo.castaldifamily.com`)"
+      - "traefik.http.routers.komodo.tls=true"
+      - "traefik.http.routers.komodo.tls.certresolver=cloudflare"
+      - "traefik.http.services.komodo.loadbalancer.server.port=9120"
+
+  periphery:
+    image: ghcr.io/moghtech/komodo-periphery:2
+    init: true
+    container_name: komodo-periphery-heimdall
+    restart: unless-stopped
+    depends_on:
+      - komodo-core
+      - docker-socket-proxy
+    networks:
+      - proxy-net
+    environment:
+      - DOCKER_HOST=tcp://docker-socket-proxy:2375
+      - PERIPHERY_CORE_ADDRESS=ws://komodo-core:9120
+      - PERIPHERY_CONNECT_AS=Heimdall
+      - PERIPHERY_ONBOARDING_KEY=${KOMODO_ONBOARDING_KEY_HEIMDALL}
+    volumes:
+      - /proc:/proc # Still needed for accurate system stats
+      # Map the internal /config/keys to a unique folder for this node
+      - /mnt/appdata/komodo/heimdall/keys:/config/keys 
+      # Map the internal /etc/komodo to a unique work folder for this node
+      - /mnt/appdata/komodo/heimdall/work:/etc/komodo
+
+networks:
+  proxy-net:
+    name: proxy-net
+    driver: bridge
+
+volumes:
+  redis-data:
\ No newline at end of file
diff --git a/nodes/waldorf/README.md b/nodes/waldorf/README.md
new file mode 100644
index 0000000..da9c7a2
--- /dev/null
+++ b/nodes/waldorf/README.md
@@ -0,0 +1 @@
+# waldorf info
diff --git a/nodes/watchtower/README.md b/nodes/watchtower/README.md
new file mode 100644
index 0000000..5aa759f
--- /dev/null
+++ b/nodes/watchtower/README.md
@@ -0,0 +1 @@
+# watchtower info
diff --git a/scripts/README.md b/scripts/README.md
new file mode 100644
index 0000000..458b3cc
--- /dev/null
+++ b/scripts/README.md
@@ -0,0 +1 @@
+# scripts