Portainer

All services running on intel01 are run via Docker Compose and orchestrated via Portainer. Portainer pulls in docker-compose files from the oobtel Github Organisation via a CI/CD action which validates the changes to a docker-compose file on a merge and if sucessful, sends the update action to Portainer via a webhook.

Portainer Access

Portainer can be accessed by:

• Github SSO - in order to login, a user needs to be added manually to Portainer first, not all oobtel users get access to Portainer.
• A build in admin account

Once authenticated, you should see a single box connected: intel01

---

Currently running services

This is the list of services Portainer is orchestrating and the associated Github repos:

Core Hyperion Services

The following are the core services of the Hyperion Platform.

HyperionDB (Neo4j)

• https://github.com/oobtel/docker-compose-neo4j
• Exposed ports:
  • 7474 - HTTP Neo4j protocol
  • 7687 - Bolt Neo4j protocol
  • 9009 - Prometheus monitoring
• Volumes:
  • /mnt/truenas/neo4j/docker_neo4j_data - Database storage
  • /mnt/truenas/neo4j/docker_neo4j_plugins - Storage for Neo4j plugins

Hyperion Data Pipeline (Windmill)

• https://github.com/oobtel/docker-compose-windmill
• Exposed ports:
  • 8008 - Windmill Frontend (this is actually a Caddy container which routes traffic to internal components of windmill. Traffic to Caddy routed to pipeline.oobtel.network via CF ZT)
• Volumes:
  • /mnt/truenas/windmill/docker_db_data/ - Postegres used by Windmill for general storage
  • /mnt/truenas/windmill/docker_lsp_cache/ - Cache files used for the language server
  • /mnt/truenas/windmill/docker_worker_cache/ - Cache files used by ETL workers
  • /mnt/truenas/windmill/docker_worker_data/ - Shared data directory for ETL workers
  • /mnt/truenas/windmill/Caddyfile - Caddyfile used by Caddy

Hyperion Data Pipeline (n8n)

• https://github.com/oobtel/docker-compose-n8n
• Exposed ports:
  • 5678 - n8n Frontend
• Volumes:
  • /mnt/truenas/n8n/n8n_data/ - Storage for all n8n logs/database/configs etc.
  • /mnt/truenas/n8n/n8n_files/ - Ephemeral storage for n8n workflows which handle binary data

Hyperion Binary Pipeline

• https://github.com/oobtel/docker-compose-binary-pipeline
• Still work in progress, check back when its deployed!

Minio

• https://github.com/oobtel/docker-compose-minio
• Exposed ports:
  • 9090 - S3 port
  • 9001 - Minio HTTP management interface
• Volumes:
  • /mnt/truenas/minio - Storage for all S3 buckets

---

Supplementary Services

The following are services deployed as part of the Hyperion project but not part of the Hyperion platform per se.

OpenCTI

• https://github.com/oobtel/docker-compose-opencti
• Exposed ports:
  • 8080 - OpenCTI Dashboard (forwarded to platform.oobtel.network/opencti via CF ZT)
  • 9000 - Minio for S3-compatible object storage
• Volumes:
  • /mnt/truenas/opencti/docker_es_data - ElasticSearch used by OpenCTI
  • /mnt/truenas/opencti/docker_s3_data - Minio storage
  • /mnt/truenas/opencti/docker_redis_data - Redis used by OpenCTI
  • /mnt/truenas/opencti/docker_amqp_data - RabbitMQ used by OpenCTI

Tyk API Gateway

• https://github.com/oobtel/docker-compose-tyk
• Exposed ports:
  • 8081 - all API endpoints (routed to api.oobtel.network via CF ZT)
  • 6379 - Redis used for Tyk request cache
  • 8083 & 8084 - ports used by Netdata to fetch metrics
• Volumes:
  • /mnt/truenas/tyk/apps - Config files for the API endpoints
  • /mnt/truenas/tyk/tyk.standalone.conf - Config file for the Tyk gateway itself