doc 32: wipe jellyfin-dev container + config (200MB)
This commit is contained in:
parent
4ab8c277da
commit
c391447a9f
2 changed files with 105 additions and 0 deletions
9
.gitleaksignore
Normal file
9
.gitleaksignore
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
# Gitleaks allowlist — false-positive fingerprints with justification.
|
||||
# Each entry: <relative-path>:<rule-id>:<line>
|
||||
# Justify why each entry is safe to ignore.
|
||||
|
||||
# LAN IP (RFC1918) for nullstone in a Pi-hole local-DNS-pin description.
|
||||
# Same IP appears openly in docs/00-overview.md (Topology table), 21-*,
|
||||
# 22-*, etc. — internal LAN only, never routed publicly. Rule itself
|
||||
# is tagged low-confidence and explicitly suggests allowlisting docs.
|
||||
docs/32-dev-container-wipe-2026-05-11.md:lan-ip-rfc1918:71
|
||||
96
docs/32-dev-container-wipe-2026-05-11.md
Normal file
96
docs/32-dev-container-wipe-2026-05-11.md
Normal file
|
|
@ -0,0 +1,96 @@
|
|||
# 32 — `jellyfin-dev` container wipe (2026-05-11)
|
||||
|
||||
Cleanup of the idle `jellyfin-dev` instance on nullstone. This was the
|
||||
scratch container used for the scyfin theme experiment + the 10.11.8 dev
|
||||
upgrade documented in `docs/29-jellyfin-10.11-upgrade-and-scyfin-migration.md`.
|
||||
The experiment is concluded; prod is being upgraded by a parallel agent
|
||||
and `jellyfin-stock` (tv.s8n.ru) covers the stock build, so dev has no
|
||||
remaining role.
|
||||
|
||||
## Pre-wipe state
|
||||
|
||||
```
|
||||
$ docker ps -a --filter name=jellyfin-dev
|
||||
CONTAINER ID IMAGE STATUS NAMES
|
||||
ecf97cddba6c jellyfin/jellyfin:10.11.8 Up 14 hours (healthy) jellyfin-dev
|
||||
|
||||
$ ls -la /opt/docker/jellyfin-dev/
|
||||
-rw-r--r-- 1 user user 1898 docker-compose.yml
|
||||
-rw-r--r-- 1 user user 1799 docker-compose.yml.bak.1778243059
|
||||
drwxrwxr-x 3 user user 4096 web-overrides/
|
||||
|
||||
$ ls -la /home/docker/jellyfin-dev/ (via privileged alpine, userns=host)
|
||||
drwxr-xr-x 5 1000 1000 cache/
|
||||
drwxr-xr-x 8 1000 1000 config/
|
||||
total: 200 MB
|
||||
|
||||
$ grep -lr "jellyfin-dev\|dev.arrflix" /opt/docker/traefik/config/
|
||||
(no matches — routing was via docker-provider labels only)
|
||||
|
||||
$ df -h /home
|
||||
/dev/mapper/keystone--vg-home 399G 284G 96G 75%
|
||||
```
|
||||
|
||||
## Actions
|
||||
|
||||
1. `docker stop jellyfin-dev && docker rm jellyfin-dev` — container removed.
|
||||
2. Privileged-alpine wipe of `/home/docker/jellyfin-dev/` (uid 1000 inside
|
||||
userns-remap, owner `100000:100000` on host — host `user` can't `rm` it
|
||||
directly, hence the `--userns=host` container):
|
||||
```
|
||||
docker run --rm --userns=host -v /home/docker:/d alpine \
|
||||
rm -rf /d/jellyfin-dev
|
||||
```
|
||||
3. `rm -rf /opt/docker/jellyfin-dev/` — compose file + web-overrides gone
|
||||
(owned by `user`, plain rm sufficient).
|
||||
4. Traefik docker-provider router vanished with the container — no
|
||||
file-provider yaml to clean up (verified via grep).
|
||||
|
||||
## Post-wipe verification
|
||||
|
||||
```
|
||||
$ docker ps -a --filter name=jellyfin-dev # empty
|
||||
$ ls /opt/docker/jellyfin-dev # ENOENT
|
||||
$ ls /d/jellyfin-dev (in alpine) # ENOENT
|
||||
$ curl -sk -o /dev/null -w "%{http_code}\n" \
|
||||
https://dev.arrflix.s8n.ru/ # 404 (Traefik, no backend)
|
||||
$ ls /home/docker | grep jellyfin # jellyfin, jellyfin-stock only
|
||||
$ ls /opt/docker | grep jellyfin # jellyfin, jellyfin-stock only
|
||||
```
|
||||
|
||||
Prod (`jellyfin` at `arrflix.s8n.ru`) and stock (`jellyfin-stock` at
|
||||
`tv.s8n.ru`) were both untouched and continue to serve traffic.
|
||||
|
||||
## What was kept
|
||||
|
||||
- `/home/user/snapshots/jellyfin-dev-pre-1011-upgrade-20260511-033309.tar.zst`
|
||||
(143 MB) — pre-upgrade rollback point.
|
||||
- `/home/user/snapshots/jellyfin-dev-post-10107-20260511-033839.tar.zst`
|
||||
(144 MB) — post-rollback snapshot from earlier today.
|
||||
Both stay in place as historical artefacts.
|
||||
- Pi-hole local-DNS pin `dev.arrflix.s8n.ru -> 192.168.0.100` — harmless,
|
||||
resolves to Traefik which now 404s. Left alone.
|
||||
- LE certificate for `dev.arrflix.s8n.ru` in `traefik/acme.json` — left
|
||||
alone; reusable if dev is ever rebuilt.
|
||||
|
||||
## Disk reclaimed
|
||||
|
||||
```
|
||||
before: 96G avail
|
||||
after: 96G avail (200 MB freed; below `df -h` rounding granularity
|
||||
on a 399 GB volume)
|
||||
```
|
||||
|
||||
`du -sh /home/docker/jellyfin-dev` reported 200 MB pre-wipe, so the
|
||||
freed-space figure is exact even though `df -h` can't resolve it.
|
||||
|
||||
## Rebuild path (if ever needed)
|
||||
|
||||
1. Restore `/home/docker/jellyfin-dev/` from one of the snapshots in
|
||||
`/home/user/snapshots/`.
|
||||
2. Recreate `/opt/docker/jellyfin-dev/docker-compose.yml` from
|
||||
`docs/29-jellyfin-10.11-upgrade-and-scyfin-migration.md` (compose
|
||||
block is inline in that doc).
|
||||
3. `docker compose up -d` — Traefik docker-provider re-attaches the
|
||||
router automatically, LE cert is already in acme.json so no fresh
|
||||
challenge needed.
|
||||
Loading…
Reference in a new issue