maddox/silverbullet-notes

Fork 0

maddox 3dc0f4dacf Initial SilverBullet sync

2026-01-25 00:20:24 +00:00

13 KiB

Raw Blame History

Hetzner Server (192.168.12.3) - Database Documentation

Last updated: 2026-01-05

This document provides comprehensive documentation of all database systems running on the Hetzner server.

MariaDB/MySQL Databases
PostgreSQL Databases
Redis Instances
Database Access Methods
Backup Information

MariaDB/MySQL Databases

Primary MariaDB Instance (mariadb-secondary)

Instance Information:

Container: mariadb-secondary
Image: mariadb:latest
Host: 192.168.12.3
Port: 3306 (exposed on all interfaces)
Type: MariaDB (latest)
Role: Read-only replica
Server ID: 2
Replication Source: 192.168.1.251 (primary server)

Configuration:

Config File: /volume1/docker/mariadb/custom.cnf mounted as /etc/mysql/my.cnf
Data Directory: /volume1/docker/mariadb/databases → /var/lib/mysql
Log Directory: /volume1/docker/mariadb/log/mysql → /var/log/mysql
Backup Directory: /volume1/docker/backup → /backup
Character Set: utf8mb4
Collation: utf8mb4_general_ci
Timezone: America/New_York

Resource Limits:

Memory Reservation: 60M
CPU Limit: 0.4

Database List: The following databases are expected based on configuration:

node-staging: Used for transaction staging by financial bot
- Purpose: Isolated testing environment for financial automation
- Replication: Does NOT replicate from primary
- Used by: Node-RED financial automation flows
- Notes: Intentionally excluded from replication for isolation
traefik_config: Traefik configuration storage
- User: traefik_user
- Used by: traefik-mod container
- Purpose: Database-backed Traefik configuration with history/audit trail
Other databases: May include replicated databases from primary server at 192.168.1.251

Replication Configuration:

Configured as read-only replica (read_only=1)
Server ID: 2
Replicates all databases except node-staging
Custom configuration controls replication filters

Access Methods:

# Access MariaDB shell (requires root password)
docker exec -it mariadb-secondary mysql -u root -p

# Check specific database
docker exec -it mariadb-secondary mysql -u root -p -e "USE node_staging; SHOW TABLES;"

# Check replication status
docker exec -it mariadb-secondary mysql -u root -p -e "SHOW REPLICA STATUS\G"

# List all databases
docker exec -it mariadb-secondary mysql -u root -p -e "SHOW DATABASES;"

phpMyAdmin Access: User prefers phpMyAdmin for database management. MariaDB can be accessed via phpMyAdmin on the primary server (192.168.1.251) or local phpMyAdmin instance if configured.

Health Monitoring:

Healthcheck: TCP connection to localhost:3306
Interval: 72 seconds
Timeout: 3 seconds
Retries: 2
Start Period: 60 seconds
Autoheal: Enabled

Firefly MariaDB Instance (Firefly-DB)

Instance Information:

Container: Firefly-DB
Image: mariadb:11.3-jammy
Host: firefly-db (internal hostname)
Port: 3306 (internal only, not exposed)
Type: MariaDB 11.3
Role: Application database (standalone)
Network: firefly_default (isolated)

Configuration:

Data Directory: /volume1/docker/firefly/db → /var/lib/mysql
Timezone: America/New_York
InnoDB Buffer Pool Size: 128M

Database:

Database Name: firefly
Database User: fireflyuser
Root User: root
Used by: Firefly III personal finance application

Resource Limits:

Memory Limit: 384M
Memory Reservation: 128M
CPU Shares: 768

Access Methods:

# Access Firefly database
docker exec -it Firefly-DB mysql -u fireflyuser -p firefly

# Access as root
docker exec -it Firefly-DB mysql -u root -p

# Quick query
docker exec -it Firefly-DB mysql -u fireflyuser -p -e "USE firefly; SHOW TABLES;"

Health Monitoring:

Healthcheck: TCP connection to localhost:3306
Interval: 30 seconds
Timeout: 10 seconds
Retries: 3
Autoheal: Enabled

Notes:

Standalone database, not part of replication
Optimized for Firefly III workload
Reduced buffer pool size for memory efficiency
Isolated on firefly_default network

PostgreSQL Databases

Authentik PostgreSQL Instance

Instance Information:

Container: authentik-postgres
Image: postgres:16-alpine
Host: postgresql (internal hostname)
Port: 5432 (internal only, not exposed)
Type: PostgreSQL 16
Role: Application database (standalone)
Network: authentik-internal (isolated)

Configuration:

Data Directory: ${AUTHENTIK_DATA_PATH}/postgres → /var/lib/postgresql/data
Database Name: authentik (default)
Database User: authentik (default)

Database:

Database Name: authentik
Database User: authentik
Used by: Authentik identity provider (server + worker)

Access Methods:

# Access PostgreSQL shell
docker exec -it authentik-postgres psql -U authentik -d authentik

# List databases
docker exec -it authentik-postgres psql -U authentik -c "\l"

# List tables in authentik database
docker exec -it authentik-postgres psql -U authentik -d authentik -c "\dt"

Health Monitoring:

Healthcheck: pg_isready -d authentik -U authentik
Start Period: 20 seconds
Interval: 30 seconds
Timeout: 5 seconds
Retries: 5
Autoheal: Enabled

Notes:

Alpine-based image for smaller footprint
Isolated on authentik-internal network
Required by both authentik-server and authentik-worker
Dependency healthcheck ensures database is ready before starting dependent services

Matrix PostgreSQL Instance

Instance Information:

Container: matrix-postgres
Image: postgres:17.7-alpine
Host: (Matrix network)
Port: 5432 (internal only)
Type: PostgreSQL 17.7
Role: Matrix Synapse database
Network: matrix-postgres (isolated)

Notes:

Managed separately: This database is part of the Matrix/Synapse stack
Not documented in detail: Per instructions, Matrix components are listed but not deeply documented
Used by: matrix-synapse, matrix-bridges, matrix-bots
Backup container: matrix-postgres-backup (prodrigestivill/postgres-backup-local:18-alpine)

Redis Instances

Authentik Redis

Instance Information:

Container: authentik-redis
Image: redis:alpine
Host: redis (internal hostname)
Port: 6379 (internal only)
Network: authentik-internal (isolated)

Configuration:

Data Directory: ${AUTHENTIK_DATA_PATH}/redis → /data
Persistence: Enabled
Save Interval: 60 seconds (1 change)
Log Level: warning

Purpose:

Session storage for Authentik
Cache for Authentik server and worker
Used by: authentik-server, authentik-worker

Access Methods:

# Access Redis CLI
docker exec -it authentik-redis redis-cli

# Check connection
docker exec -it authentik-redis redis-cli ping

# Get info
docker exec -it authentik-redis redis-cli info

# Monitor commands
docker exec -it authentik-redis redis-cli monitor

Health Monitoring:

Healthcheck: redis-cli ping | grep PONG
Start Period: 20 seconds
Interval: 30 seconds
Timeout: 3 seconds
Retries: 5
Autoheal: Enabled

Authelia Redis (NOT CURRENTLY RUNNING)

Instance Information:

Container: authelia_redis
Image: redis:alpine
Network: traefik

Configuration:

Data Directory: ./redis_data → /data
Save Interval: 60 seconds (1 change)
Log Level: warning

Resource Limits:

CPU: 0.20
Memory Limit: 30M
Memory Reservation: 10M

Notes:

Container is configured but not currently running
Would be used for Authelia session storage if Authelia were active

Firefly Redis

Instance Information:

Container: Firefly-REDIS
Image: redis:latest
Host: firefly-redis (internal hostname)
Port: 6379 (internal only)
Network: firefly_default (isolated)

Configuration:

Data Directory: /volume1/docker/firefly/redis → /data
User: 1000:1000
Filesystem: Read-only (tmpfs for writes)

Purpose:

Cache for Firefly III application
Session storage
Queue backend

Resource Limits:

Memory Limit: 128M
Memory Reservation: 50M
CPU Shares: 512

Access Methods:

# Access Redis CLI
docker exec -it Firefly-REDIS redis-cli

# Check connection
docker exec -it Firefly-REDIS redis-cli ping

# Monitor cache usage
docker exec -it Firefly-REDIS redis-cli info memory

Health Monitoring:

Healthcheck: redis-cli ping || exit 1
Interval: 30 seconds
Timeout: 5 seconds
Retries: 3
Autoheal: Enabled

Security:

Read-only filesystem
Security opt: no-new-privileges
Runs as non-root user (1000:1000)

Database Access Methods

Recommended Access Method

User Preference: phpMyAdmin for MariaDB/MySQL management

For MariaDB databases (mariadb-secondary, Firefly-DB):

Access phpMyAdmin on primary server (192.168.1.251)
Connect to 192.168.12.3:3306 for mariadb-secondary
Use web interface for all database operations

Command-Line Access (Alternative)

MariaDB (mariadb-secondary):

# Interactive shell
docker exec -it mariadb-secondary mysql -u root -p

# Single query
docker exec -it mariadb-secondary mysql -u root -p -e "QUERY"

# Dump database
docker exec mariadb-secondary mysqldump -u root -p database_name > backup.sql

Firefly MariaDB:

# Interactive shell
docker exec -it Firefly-DB mysql -u fireflyuser -p firefly

# As root
docker exec -it Firefly-DB mysql -u root -p

Authentik PostgreSQL:

# Interactive shell
docker exec -it authentik-postgres psql -U authentik -d authentik

# Single query
docker exec -it authentik-postgres psql -U authentik -d authentik -c "QUERY"

Redis Instances:

# Authentik Redis
docker exec -it authentik-redis redis-cli

# Firefly Redis
docker exec -it Firefly-REDIS redis-cli

Backup Information

MariaDB Backup (mariadb-secondary)

Backup Directory: /volume1/docker/backup (mounted as /backup in container)

Replication as Backup:

Acts as live replica of primary server at 192.168.1.251
All databases (except node-staging) are real-time copies
Provides disaster recovery capability for primary server

Manual Backup:

# Backup specific database
docker exec mariadb-secondary mysqldump -u root -p database_name > /volume1/docker/backup/database_name_$(date +%Y%m%d).sql

# Backup all databases
docker exec mariadb-secondary mysqldump -u root -p --all-databases > /volume1/docker/backup/all_databases_$(date +%Y%m%d).sql

Firefly Database Backup

Backup Location: /volume1/docker/firefly/db (database data directory)

Manual Backup:

# Dump Firefly database
docker exec Firefly-DB mysqldump -u fireflyuser -p firefly > /volume1/docker/backup/firefly_$(date +%Y%m%d).sql

Authentik PostgreSQL Backup

Backup Location: ${AUTHENTIK_DATA_PATH}/postgres

Manual Backup:

# Dump authentik database
docker exec authentik-postgres pg_dump -U authentik authentik > /volume1/docker/backup/authentik_$(date +%Y%m%d).sql

Matrix PostgreSQL Backup

Automated Backup:

Container: matrix-postgres-backup
Image: prodrigestivill/postgres-backup-local:18-alpine
Status: Running (healthy)
Automated PostgreSQL backups for Matrix Synapse database

Database Summary

Total Database Instances: 5 active, 1 configured (not running)

Active Databases:

mariadb-secondary - MariaDB latest (read-only replica + node-staging)
Firefly-DB - MariaDB 11.3 (Firefly application database)
authentik-postgres - PostgreSQL 16 (Authentik identity provider)
matrix-postgres - PostgreSQL 17.7 (Matrix/Synapse, managed separately)
Firefly-REDIS - Redis (Firefly cache)
authentik-redis - Redis (Authentik sessions)

Configured but Not Running:

authelia_redis - Redis (Authelia sessions)

Key Databases by Purpose:

Database	Type	Purpose	Used By	Replication
node-staging	MariaDB	Financial bot testing	Node-RED	No (isolated)
traefik_config	MariaDB	Traefik config storage	traefik-mod	Yes (from primary)
firefly	MariaDB	Personal finance data	Firefly III	No (standalone)
authentik	PostgreSQL	Identity/SSO data	Authentik	No (standalone)

Notes:

All databases have healthchecks enabled
All active databases monitored by autoheal
mariadb-secondary serves dual role: replica + local databases
node-staging database intentionally isolated (no replication)

13 KiB Raw Blame History

Hetzner Server (192.168.12.3) - Database Documentation

Table of Contents

MariaDB/MySQL Databases

Primary MariaDB Instance (mariadb-secondary)

Firefly MariaDB Instance (Firefly-DB)

PostgreSQL Databases

Authentik PostgreSQL Instance

Matrix PostgreSQL Instance

Redis Instances

Authentik Redis

Authelia Redis (NOT CURRENTLY RUNNING)

Firefly Redis

Database Access Methods

Recommended Access Method

Command-Line Access (Alternative)

Backup Information

MariaDB Backup (mariadb-secondary)

Firefly Database Backup

Authentik PostgreSQL Backup

Matrix PostgreSQL Backup

Database Summary

13 KiB

Raw Blame History