⚒️The Foundation
Before any soul could be judged, the earth itself had to be shaped. An Oracle Cloud citadel was raised from silicon and wire — ARM-forged, Ubuntu-tempered, built to endure.
🕳️The Passage
Once we relied on Tailscale's distant coordination servers. No longer. Headscale now runs within Hades itself — a self-hosted mesh that bends to no external authority. The iPhone and the server speak directly, through an encrypted tunnel only the worthy may traverse. DERP and STUN run from Sydney, never leaving the underworld.
⚙️The Engine Room
Deep in the belly of Hades, the forges burn eternal. Each soul is bound
to its own container — isolated, restartable, unable to corrupt its
neighbours. The homelab network connects them all, a river
of packets flowing between the damned.
| Soul | Purpose | Port |
|---|---|---|
| caddy | The Gatekeeper — reverse proxy, TLS terminator | 80, 443 |
| headscale | The Passage — self-hosted mesh VPN coordination | 3478/udp |
| dice-signaling | The Oracle — WebSocket signaling for P2P dice | 8080 |
| deploy-webhook | The Ferryman — carries new code across the river | 9000 |
| agora | The Meeting Place — Orthodox event finder for Sydney | 3000 |
| gorgon | The Scribe of Heaven — Byzantine chant notation writer | 3000 |
| haggle | The Marketplace — AI-assisted negotiation tool | 3000 |
| wikigame | The Race — speedrun Wikipedia to a target article | 3000 |
| mailserver | The Messenger — mail for the Underworld | 143, 465, 587, 993 |
| chromadb | The Memory — vector embeddings for Minthe's mind | 8000 |
| gatus | The Watchtower — monitors all vital signs | 3001 |
| portainer | The Scribe — container management UI | 9443 |
🛡️The Gatekeeper
Cerberus had three heads; Caddy has ten virtual hosts. Every request that arrives at the gates is inspected, sorted, and sent to its rightful destination — or cast into the void with a 404. TLS certificates are conjured automatically. No mortal need manage them.
dice.kevinpaul.au
├── /deploy → deploy-webhook:9000
├── /ws* → dice-signaling:8080
├── /health → dice-signaling:8080
└── /* → /srv/dice (SPA)
hades.kevinpaul.au → /srv/hades (this page)
styx.kevinpaul.au → /srv/styx
haggle.kevinpaul.au → haggle:3000
wiki.kevinpaul.au → wikigame:3000
japan.kevinpaul.au → /srv/japan (static)
orthodoxy.au → /srv/orthodoxy (static)
agora.orthodoxy.au → agora:3000
gorgon.orthodoxy.au → gorgon:3000
minthe.kevinpaul.au → minthe:3200 (Telegram AI OS)
mail.kevinpaul.au → TLS cert only (mail ports direct)
👁️The Watchtower
Argus Panoptes had a hundred eyes; Gatus has fifteen monitors. Every 60 seconds, it peers into the darkness and reports what it finds. If a soul goes silent, the watchtower knows. Its vigil is accessible only to those on the Headscale mesh.
🎲The Dice Halls
In the Fields of Asphodel, the shades gather to roll dice for eternity. A P2P signaling server routes their WebSocket whispers, connecting host to player through ephemeral rooms that vanish like morning mist. No database. No persistence. Just the eternal now.
// Charon ferries the code across in ~5 seconds
☦️The Sacred Arts
Not all souls in Hades are damned. Some are sanctified. Three projects serve the Orthodox Church of Sydney and Australia — a roster of events, a writer of ancient chant, and a gateway to the jurisdictions of this land.
| Name | Purpose | Domain |
|---|---|---|
| agora | Orthodox event finder for Sydney — AI-powered, sourced from parish websites | agora.orthodoxy.au |
| gorgon | Byzantine chant notation writer — compose and export Gorgon-notation scores | gorgon.orthodoxy.au |
| orthodoxy.au | iOS picker wheel launcher — choose your jurisdiction, open its website | orthodoxy.au |
⚔️The Arenas
The shades need entertainment. Two arenas were built within the walls of Hades — one for those who wish to haggle their way to a better deal, another for those who race through the labyrinth of human knowledge.
| Name | Purpose | Domain |
|---|---|---|
| haggle | AI negotiation practice — roleplay price negotiations against Claude | haggle.kevinpaul.au |
| wikigame | Wikipedia speedrun — navigate from a random article to a target using only links | wiki.kevinpaul.au |
🌿The Nymph
In the old myths, Minthe was a nymph of the river Cocytus — beautiful, sharp-tongued, and close to the lord of the Underworld. Now she is reborn as an intelligence: a Telegram presence that routes natural language through a court of agents, each with their own domain. Ask her what's running, and Crow will answer. Tell her to restart a service, and Scarecrow will obey. Ask her to write code, and Golem will descend into the repositories. She thinks with Ollama on ARM silicon, remembers with ChromaDB, and reasons with Claude when the question demands it.
| Agent | Domain | Runtime |
|---|---|---|
| lucienne | Triage — classifies intent and routes to the right agent | Ollama (gemma3:1b) |
| crow | Read-only queries — containers, disk, memory, logs, health | Ollama (gemma3:1b) |
| scarecrow | Bounded operations — restart, deploy, git pull, reload | Ollama (gemma3:1b) |
| golem | Development work — writes code, fixes bugs, commits | Claude Code CLI |
| anthropica | Complex reasoning, vision, and long analysis | Claude API |
// One conversation to rule them all
✉️The Messenger
Even the dead must correspond. A mail server was raised within Hades, but the Oracle's walls block port 25 — the ancient tongue of SMTP. So a pact was struck: a distant cPanel server in Sydney receives the scrolls on behalf of Hades, and a fetchmail daemon pulls them through a secret tunnel every two minutes. Outbound letters are relayed through the same ally, disguised under its proper name and reputation. A split soul — two bodies, one mailbox.
Internet → VentraIP:25 (MX) → cPanel mailbox → fetchmail pulls via IMAPS → Hades Dovecot
// Outbound
Hades:587 → VentraIP:587 (relay) → Internet
// Why split: OCI blocks port 25 & PTR records (anti-spam)
☁️The Cloudflare Gate
Before any mortal's request can reach Hades, it must pass through the orange clouds of Cloudflare — DNS resolved, SSL terminated, cached and proxied. But no Workers toil here. We learned that lesson the hard way. The clouds are for routing only. All thinking happens in the depths.
🔥The Wall
The walls of Tartarus are said to be impenetrable. Ours come close: a double firewall — the OCI Security List blocks at the cloud, UFW blocks at the host. SSH from the public internet? Cast into the pit. fail2ban watches for those who try the gates too many times.
📜What Was Done
From a barren Oracle Cloud instance to a fully operational underworld — these are the events inscribed upon the walls of Tartarus.
homelab network woven between containers