# Plan: Migrate LXC Containers to Incus (COMPLETED) ## Summary ✅ All containers migrated from LXD (pragmatismo.com.br) to Incus (63.141.255.9) ✅ All data synced from host /opt/gbo/tenants/ to containers ✅ All binaries copied from source to containers ✅ All services configured and running ## Container & Service Status | Container | Service | Status | |-----------|---------|--------| | dns | coredns | ✅ RUNNING | | email | stalwart-mail | ✅ RUNNING | | webmail | php built-in server (:5252) | ✅ RUNNING | | alm | forgejo | ✅ RUNNING | | drive | minio | ✅ RUNNING | | tables | postgresql | ✅ RUNNING | | system | botserver | ✅ RUNNING | ## Service Files Location All service files in `/etc/systemd/system/` inside containers: - `dns.service` - coredns (User=root) - `email.service` - stalwart-mail (User=root) - `alm.service` - forgejo (User=alm, Group=alm) - `minio.service` - minio (User=root) ## Binary Locations | Service | Binary Path | |---------|-------------| | coredns | /opt/gbo/bin/coredns | | stalwart | /opt/gbo/bin/stalwart | | forgejo | /opt/gbo/bin/forgejo | | minio | /usr/local/bin/minio | ## Key Paths Inside Containers - **Binaries**: /opt/gbo/bin/ - **Data**: /opt/gbo/data/ - **Config**: /opt/gbo/conf/ - **Logs**: /opt/gbo/logs/ ## IPS (Destination) - dns: 10.107.115.155 - email: 10.107.115.200 - webmail: 10.107.115.208 - alm: 10.107.115.4 - drive: 10.107.115.114 - tables: 10.107.115.33 - system: 10.107.115.229 - alm-ci: 10.107.115.190 - table-editor: 10.107.115.73 ## Port Forwarding (iptables NAT) ``` # DNS sudo iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 10.107.115.155:53 sudo iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 10.107.115.155:53 # Email sudo iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.107.115.200:25 sudo iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 10.107.115.200:587 sudo iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 10.107.115.200:465 sudo iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 10.107.115.200:143 sudo iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 10.107.115.200:993 sudo iptables -t nat -A PREROUTING -p tcp --dport 110 -j DNAT --to-destination 10.107.115.200:110 sudo iptables -t nat -A PREROUTING -p tcp --dport 995 -j DNAT --to-destination 10.107.115.200:995 sudo iptables -t nat -A PREROUTING -p tcp --dport 4190 -j DNAT --to-destination 10.107.115.200:4190 # Webmail sudo iptables -t nat -A PREROUTING -p tcp --dport 5252 -j DNAT --to-destination 10.107.115.208:5252 # ALM (forgejo) sudo iptables -t nat -A PREROUTING -p tcp --dport 4747 -j DNAT --to-destination 10.107.115.4:4747 # Caddy (80, 443) - already exists for proxy container ``` ## Workflow (PRODUCTION TESTED) 1. Copy container: `incus copy --instance-only lxd-source: ` 2. Add eth0 network: `incus config device add eth0 nic name=eth0 network=PROD-GBO` 3. Sync data: `incus file push --recursive /opt/gbo/tenants/pragmatismo// /opt/gbo/` 4. Copy binaries: from source via `lxc file pull` → scp to dest → `incus file push` 5. Create service file: `cat > /tmp/.service && incus file push .service /etc/systemd/system/` 6. Enable/start: `incus exec -- systemctl enable && systemctl start `