Transmission Sealed

Mission Control

A quiet signal waits beyond the outer ring. The command deck does not open by force. It opens only when the machine remembers its name.

I was born before Olympus, yet now I wake in silicon.
I am no planet, though I carry a world.
I sit inside the cloud, but answer through the mesh.
Five marks complete the orbit.

No button. No command. The gate listens as the letters align.

Titan Online

The CCK IT Homelab

A private infrastructure node running on Oracle Cloud in Sydney — secured through Tailscale, routed by Caddy, powered by Docker, and watched from the edge of orbit.

Portainer · Tailscale Only Gatus · Tailscale Only Caddy TLS Active Docker Cosmos Network

Core Node

Titan

The main CCK IT server, provisioned on Oracle Cloud Infrastructure and running Ubuntu 24.04.

CloudOCI

RegionSydney

OSUbuntu 24.04

Container Forge

Docker

Services run in isolated containers connected through the shared Cosmos network.

Networkcosmos

AdminPortainer

MonitorGatus

Gatekeeper

Caddy

Caddy handles HTTPS, reverse proxying, and certificate renewal using Cloudflare DNS challenge.

Ports80 / 443

TLSDNS-01

ProviderCloudflare

Orbital Network

Nebula, Orbit, Pulsar

Titan sits inside the Nebula VCN, reaches the public internet through Pulsar, and keeps operational routes behind the Tailscale mesh.

VCNNebula

SubnetOrbit

GatewayPulsar

Access Model

Public Outside, Private Inside

Public pages can be served from the Oracle public IP. Operational dashboards resolve to Titan’s Tailscale address and are unreachable without mesh access.

Publictitan.cckit.au

PrivatePortainer / Gatus

SSHTailscale Only

Security Wall

Two Layers of Fire

OCI security rules guard the cloud edge. UFW guards the host. Admin services are not exposed through public DNS, and Caddy is prepared for private certificate renewal through Cloudflare DNS.

Online

OCI Firewall

Public ingress is restricted to required web traffic. SSH is not exposed publicly.

Online

UFW

Host firewall allows Tailscale, HTTP, and HTTPS while denying unwanted inbound traffic.

Private

Tailscale

Administrative access is only available from devices joined to the private mesh.

Mission Log

Chronicle of Titan

Phase 01

Foundation established. Oracle Cloud A1 server created in Sydney and named Titan.

Phase 02

Private passage opened. Tailscale installed and SSH moved away from the public internet.

Phase 03

Container network formed. Docker installed and the Cosmos network created.

Phase 04

Gatekeeper deployed. Caddy brought online for HTTPS and reverse proxying.

Phase 05

Dashboards secured. Portainer and Gatus moved behind Tailscale-only DNS.

Phase 06

Future proofing complete. Caddy rebuilt with Cloudflare DNS validation for private certificate renewal.