Initial infrastructure documentation - comprehensive homelab reference

2026-02-23 03:42:22 +00:00
commit 0682c79580
169 changed files with 63913 additions and 0 deletions
--- a/infrastructure/infrastructure-audit.md
+++ b/infrastructure/infrastructure-audit.md
@@ -0,0 +1,290 @@
+# Infrastructure Audit
+
+**Last Updated:** 2026-01-18
+**Status:** Active - Source of Truth
+
+This document provides a comprehensive inventory of all infrastructure components. For IP allocations, see `IP-ALLOCATION.md`.
+
+---
+
+## 1. VPS Configuration
+
+| Property | Value |
+|----------|-------|
+| Provider | Hudson Valley Host |
+| Public IP | 66.63.182.168 |
+| Hostname | vps.nianticbooks.com |
+| OS | Ubuntu 24.04 x86_64 |
+| Specs | 2 vCPUs, 4GB RAM, 100GB storage |
+
+### VPS Services
+
+| Service | Port | Status |
+|---------|------|--------|
+| Caddy Reverse Proxy | 80, 443 | Active |
+| WireGuard VPN Server | 51820/UDP | Active |
+| RustDesk Relay (hbbr) | 21117 | Active |
+
+### Caddy Routes (via WireGuard to home lab)
+
+| Domain | Backend | Status |
+|--------|---------|--------|
+| freddesk.nianticbooks.com | 10.0.10.3:8006 | Active |
+| ad5m.nianticbooks.com | 10.0.10.30:80 | Active |
+| bob.nianticbooks.com | 10.0.10.24:8123 | Active |
+| auth.nianticbooks.com | 10.0.10.21:9000 | Active |
+| cocktails.nianticbooks.com | 10.0.10.40 | Active |
+
+---
+
+## 2. WireGuard Tunnel
+
+| Property | Value |
+|----------|-------|
+| Status | Active |
+| Gaming VPS Endpoint | 51.222.12.162:51820 |
+| Gaming VPS Tunnel IP | 10.0.9.1 |
+| UCG Ultra Tunnel IP | 10.0.9.2 |
+| VPS Proxy Tunnel IP | 10.0.9.3 |
+| Home Lab Subnet | 10.0.10.0/24 |
+| Keepalive | 25 seconds |
+
+---
+
+## 3. Proxmox Cluster
+
+### main-pve (DL380p) - Production Workloads
+
+| Property | Value |
+|----------|-------|
+| IP Address | 10.0.10.3 (static) |
+| iLO Management | 10.0.10.13 |
+| Location | Remote |
+| CPU | 32 cores |
+| RAM | 96 GB |
+| Role | Primary production host |
+
+**Running Containers (14 total):**
+
+| CT ID | Name | IP | Service |
+|-------|------|-----|---------|
+| 102 | postgresql | 10.0.10.20 | Shared PostgreSQL database |
+| 103 | bar-assistant | 10.0.10.40 | Cocktail recipe manager |
+| 105 | pterodactyl-panel | 10.0.10.45 | Game server management panel |
+| 106 | n8n | 10.0.10.22 | Workflow automation |
+| 107 | pterodactyl-wings | 10.0.10.46 | Game server node |
+| 115 | ca-server | 10.0.10.15 | Step-CA certificate authority |
+| 121 | authentik | 10.0.10.21 | SSO/Identity provider |
+| 123 | rustdesk | 10.0.10.23 | RustDesk ID server (hbbs) |
+| 125 | prometheus | 10.0.10.25 | Monitoring (Prometheus + Grafana) |
+| 127 | dockge | 10.0.10.27 | Docker Compose mgmt + Media Stack (6 services) |
+| 128 | uptime-kuma | 10.0.10.26 | Uptime monitoring |
+| 130 | minecraft-forge | 10.0.10.41 | Minecraft Forge server |
+| 131 | minecraft-stoneblock4 | 10.0.10.42 | Minecraft Stoneblock 4 |
+| 135 | vehicle-tracker | 10.0.10.35 | Vehicle Maintenance Tracker (Planned) |
+
+### pve-router (i5) - Local/Light Workloads
+
+| Property | Value |
+|----------|-------|
+| IP Address | 10.0.10.2 (static) |
+| DNS | proxmox.nianticbooks.home |
+| Location | Office |
+| CPU | 8 cores |
+| RAM | 8 GB |
+| Role | Local development, Home Assistant |
+
+**Running VMs (1 total):**
+
+| VM ID | Name | IP | Service |
+|-------|------|-----|---------|
+| 104 | haos16.2 | 10.0.10.24 | Home Assistant OS |
+
+**Running Containers (1 total):**
+
+| CT ID | Name | IP | Service |
+|-------|------|-----|---------|
+| 101 | twingate-connector | 10.0.10.179 | Zero-trust remote access |
+
+### pve-storage - Storage Host
+
+| Property | Value |
+|----------|-------|
+| IP Address | 10.0.10.4 (static) |
+| Role | Storage host (3.5" drive support) |
+
+**Running VMs (1 total):**
+
+| VM ID | Name | IP | Service |
+|-------|------|-----|---------|
+| 400 | OMV | 10.0.10.5 | OpenMediaVault (12TB) |
+
+---
+
+## 4. Network Configuration
+
+| Property | Value |
+|----------|-------|
+| Subnet | 10.0.10.0/24 |
+| Gateway | 10.0.10.1 (UCG Ultra) |
+| DHCP Range | 10.0.10.50-254 |
+| Static Range | 10.0.10.1-49 |
+
+**Note:** All infrastructure IPs (.1-.49) use static configuration on devices, not DHCP reservations.
+
+See `IP-ALLOCATION.md` for complete IP assignments.
+
+---
+
+## 5. Key Services Summary
+
+### Authentication & Security
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| Authentik SSO | 10.0.10.21 | 9000 | OAuth2/OIDC, WebAuthn |
+| Step-CA | 10.0.10.15 | 8443 | Internal certificate authority |
+| Twingate | 10.0.10.179 | - | Zero-trust remote access |
+
+### Databases
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| PostgreSQL | 10.0.10.20 | 5432 | Shared DB (Authentik, n8n, RustDesk, Grafana) |
+
+### Monitoring
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| Prometheus | 10.0.10.25 | 9090 | Metrics collection |
+| Grafana | 10.0.10.25 | 3000 | Dashboards |
+| Uptime Kuma | 10.0.10.26 | 3001 | Uptime monitoring |
+
+### Automation
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| n8n | 10.0.10.22 | 5678 | Workflow automation |
+| Home Assistant | 10.0.10.24 | 8123 | Smart home |
+
+### Gaming
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| Pterodactyl Panel | 10.0.10.45 | 80 | Game server management |
+| Pterodactyl Wings | 10.0.10.46 | 8080 | Game server node |
+| Minecraft Forge | 10.0.10.41 | 25565 | CFMRPGU modpack |
+| Minecraft SB4 | 10.0.10.42 | 25566 | Stoneblock 4 modpack |
+
+### Remote Access
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| RustDesk ID (hbbs) | 10.0.10.23 | 21116 | Remote desktop ID server |
+| RustDesk Relay (hbbr) | VPS | 21117 | Remote desktop relay |
+
+### Storage
+
+| Service | IP | Purpose |
+|---------|-----|---------|
+| OpenMediaVault | 10.0.10.5 | 12TB NFS/SMB storage (media library for Arr stack) |
+| Dockge | 10.0.10.27 | Docker stack management |
+
+### Media Automation (Arr Stack)
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| Sonarr | 10.0.10.27 | 8989 | TV show monitoring & automation |
+| Radarr | 10.0.10.27 | 7878 | Movie monitoring & automation |
+| Prowlarr | 10.0.10.27 | 9696 | Indexer management for *arr apps |
+| Bazarr | 10.0.10.27 | 6767 | Subtitle download automation |
+| Deluge | 10.0.10.27 | 8112 | BitTorrent download client |
+| Calibre-Web | 10.0.10.27 | 8083 | eBook library management |
+| Caddy Internal Proxy | 10.0.10.27 | 443 | HTTPS reverse proxy (Caddy Internal PKI) |
+
+**Storage Paths:**
+- `/media/tv` - Sonarr TV library
+- `/media/movies` - Radarr movie library
+- `/media/downloads` - Deluge download directory
+- `/media/books` - Calibre library
+
+**Note:** All services run as Docker containers on CT 127 (Dockge), accessible via HTTPS at `https://<service>.nianticbooks.home`
+
+### Utility
+
+| Service | IP | Port | Purpose |
+|---------|-----|------|---------|
+| Bar Assistant | 10.0.10.40 | 80 | Cocktail recipe manager |
+| Vikunja | 10.0.10.27 | 3456 | Task management (no longer actively used) |
+
+---
+
+## 6. Backup System
+
+### Tier 1 - Local (OMV NFS)
+
+| Property | Value |
+|----------|-------|
+| Storage | 10.0.10.5:/export/backups |
+| Available | 7.3 TB |
+| Mount Point | /mnt/omv-backups (all Proxmox hosts) |
+
+**Automated Backups:**
+
+| Time | What | Retention |
+|------|------|-----------|
+| 2:00 AM | PostgreSQL (all databases) | 7 daily, 4 weekly, 3 monthly |
+| 2:30 AM | Proxmox VMs/containers | 7 daily, 4 weekly, 3 monthly |
+
+---
+
+## 7. Physical Devices
+
+### HOMELAB-COMMAND (10.0.10.10)
+
+| Property | Value |
+|----------|-------|
+| Type | Gaming PC |
+| GPU | RTX 5060 |
+| Services | Wyoming (Whisper STT, Piper TTS), Ollama LLM |
+| OS | Windows 11 |
+| Role | Claude Code host, voice assistant hub |
+
+### HP iLO (10.0.10.13)
+
+| Property | Value |
+|----------|-------|
+| Type | Server management |
+| Purpose | DL380p (main-pve) remote management |
+
+### 3D Printers
+
+| Device | IP | Status |
+|--------|-----|--------|
+| Flashforge AD5M | 10.0.10.30 | Active |
+| Bambu Lab A1 | 10.0.10.31 | Active |
+
+---
+
+## 8. Audit History
+
+| Date | Action | Notes |
+|------|--------|-------|
+| 2026-01-25 | Deployed Media Stack | Sonarr, Radarr, Prowlarr, Bazarr, Deluge, Calibre-Web on CT 127 via Docker |
+| 2026-01-25 | Deployed Caddy Internal Proxy | HTTPS reverse proxy for internal services on CT 127 |
+| 2026-01-25 | Deployed CA certificates | Homelab root CA distributed to all LXC containers and Proxmox hosts |
+| 2026-01-25 | Deprecated Vikunja | No longer actively used (Claude Code replaced n8n workflow use case) |
+| 2026-01-18 | Deployed Vikunja | Task management on Dockge (10.0.10.27:3456), tasks.nianticbooks.com |
+| 2026-01-13 | Full network audit | Compared UCG DHCP export vs docs, verified all services |
+| 2026-01-13 | Removed CT 100 | pve-scripts-local - unused, IP conflict with bar-assistant |
+| 2025-12-29 | Initial audit | Infrastructure audit template completed |
+
+---
+
+## 9. Outstanding Items
+
+- [ ] Fix Home Assistant public domain (Caddy HTTPS backend config)
+- [x] Move Bambu A1 to static IP 10.0.10.31 (done 2026-01-13)
+- [ ] Identify unknown Raspberry Pi devices (.81, .171, .246)
+- [ ] Document ESP devices purpose (.90, .207)
+- [ ] Cleanup deprecated VMs (Spoolman .71, Authelia .112)