# cloud

The single central hub. One deployment, internet-facing.

## What runs here

nginx-proxy, wireguard-server, keycloak, portainer, influxdb, grafana, node-red, mqtt, postfix, gitea, jenkins, sql.

See [`../docs/architecture.md`](../docs/architecture.md) for the full network topology and ingress table.

## Run

```bash
cp .env.example .env     # fill in real secrets first
docker compose up -d
docker compose ps
```

## Ingress (host port bindings)

| Port | Container |
|---|---|
| tcp/80, 443 | nginx-proxy |
| tcp/8883 | nginx-proxy (MQTT-TLS via stream block) |
| udp/51820 | wireguard-server |

Everything else stays on the internal `app` / `data` / `mgmt` networks.

## Adding a new stack

1. Create `stacks/<name>/` with `compose.yml`, `.env.example`, `README.md`.
2. Uncomment (or add) the `include:` entry in `compose.yml`.
3. Add the stack's env vars to `.env.example`.
4. `docker compose pull && docker compose up -d`.