๐Ÿ›๏ธ

Hades

Infrastructure of the Underworld

"Abandon all spaghetti, ye who enter here."
โ€” Dante, probably, if he'd been a sysadmin

โ†“ Cross the River Styx โ†“
Gate I

โš’๏ธThe Foundation

The bedrock upon which the Underworld rests

Before any soul could be judged, the earth itself had to be shaped. An Oracle Cloud citadel was raised from silicon and wire โ€” ARM-forged, Ubuntu-tempered, built to endure.

Citadel
OCI ARM A1.Flex
Soul
Ubuntu 24.04 LTS
True Name
hades-vnic
Realm Address
152.69.172.49
Gate II

๐Ÿ•ณ๏ธThe Passage

Tailscale โ€” the secret tunnel between realms

Hermes had his winged sandals; we have Tailscale. A mesh of encrypted tunnels that lets the worthy pass between worlds unseen. No mortal port is exposed โ€” only those on the tailnet may enter.

Underworld IP
100.107.149.72
SSH
Tailscale only
Tailnet
kpkevpat@
Gate III

โš™๏ธThe Engine Room

Docker โ€” the container forge of the Underworld

Deep in the belly of Hades, the forges burn eternal. Each soul is bound to its own container โ€” isolated, restartable, unable to corrupt its neighbours. The homelab network connects them all, a river of packets flowing between the damned.

SoulPurposePort
caddy The Gatekeeper โ€” reverse proxy, TLS terminator 80, 443
dice-signaling The Oracle โ€” WebSocket signaling for P2P dice 8080
deploy-webhook The Ferryman โ€” carries new code across the river 9000
gatus The Watchtower โ€” monitors all 6 vital signs 3001
portainer The Scribe โ€” container management UI 9443
Gate IV

๐Ÿ›ก๏ธThe Gatekeeper

Caddy โ€” guardian of all who seek entry

Cerberus had three heads; Caddy has four route handlers. Every request that arrives at the gates is inspected, sorted, and sent to its rightful destination โ€” or cast into the void with a 404.

dice.kevinpaul.au
  โ”œโ”€โ”€ /deploy โ†’ deploy-webhook:9000 (the ferryman)
  โ”œโ”€โ”€ /ws*   โ†’ dice-signaling:8080 (WebSocket)
  โ”œโ”€โ”€ /health โ†’ dice-signaling:8080 (pulse check)
  โ””โ”€โ”€ /*     โ†’ /srv/dice (static frontend)
Gate V

๐Ÿ‘๏ธThe Watchtower

Gatus โ€” the all-seeing eye

Argus Panoptes had a hundred eyes; Gatus has six monitors. Every 60 seconds, it peers into the darkness and reports what it finds. If a soul goes silent, the watchtower knows.

Dice Frontend
โ— every 60s
Signaling Health
โ— every 60s
WS Health
โ— every 60s
Portainer
โ— every 120s
Deploy Webhook
โ— every 300s
Signaling Internal
โ— every 60s
Gate VI

๐ŸŽฒThe Archive

p2p-switchboard-js โ€” the game that started it all

In the Fields of Asphodel, the shades gather to roll dice for eternity. A P2P signaling server routes their WebSocket whispers, connecting host to player through ephemeral rooms that vanish like morning mist. No database. No persistence. Just the eternal now.

Protocol
v0.5
Architecture
Stateless switchboard
Dependencies
ws@^8.16.0
Max Players
10 per host
git push โ†’ GitHub webhook โ†’ deploy-webhook โ†’ git pull โ†’ restart
// Charon ferries the code across in ~5 seconds
Gate VII

โ˜๏ธThe Cloudflare Gate

The outermost veil between mortals and the Underworld

Before any mortal's request can reach Hades, it must pass through the orange clouds of Cloudflare โ€” DNS resolved, SSL terminated, cached and proxied. But no Workers toil here. We learned that lesson the hard way. The clouds are for routing only. All thinking happens in the depths.

Zone
kevinpaul.au
SSL Mode
Full
Workers
None (by decree)
WebSockets
Passthrough
Gate VIII

๐Ÿ”ฅThe Wall

Two layers of fire โ€” OCI Security List & UFW

The walls of Tartarus are said to be impenetrable. Ours come close: a double firewall โ€” the OCI Security List blocks at the cloud, UFW blocks at the host. SSH from the public internet? Cast into the pit. fail2ban watches for those who try the gates too many times.

Layer 1 โ€” OCI
TCP 80/443 only
Layer 2 โ€” UFW
tailscale0 + 80/443
Public SSH
Denied
fail2ban
3 strikes, 24h ban
The Chronicle

๐Ÿ“œWhat Was Done This Day

16 March 2026 โ€” The Founding of Hades

In a single session, a barren Oracle Cloud instance was transformed into a fully operational underworld. These are the deeds recorded by the Fates.

The Foundation was laid โ€” system packages installed, the ground prepared
The Passage was opened โ€” Tailscale mesh VPN established, SSH secured through the tunnel
The Forges were lit โ€” Docker installed, the homelab network woven between containers
The Gatekeeper took position โ€” Caddy reverse proxy with automatic TLS via Let's Encrypt
The Archive was migrated โ€” dice.kevinpaul.au moved from cPanel to Hades, served through Cloudflare
The Ferryman was summoned โ€” GitHub webhook auto-deploys on every push to main
The Watchtower was raised โ€” Gatus monitors 6 endpoints, replacing Uptime Kuma
The Wall was sealed โ€” double firewall (OCI + UFW), fail2ban, Tailscale-only SSH
The Cloudflare Gate was raised โ€” DNS migrated from VentraIP, orange cloud proxy, WebSocket passthrough
The scrolls were written โ€” GATES.md, CLAUDE.md, memory files, and this very page
Log rotation was decreed โ€” 10MB max, 3 files per container, no soul may fill the disk
The backup ritual was established โ€” daily at 3 AM UTC, 7 days retained, the Fates preserve the configs
The broken runes were mended โ€” emoji encoding fixed, .htaccess banished to the void