fred/homelab-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge homelab infrastructure documentation with existing homelab-docs

Browse Source
This commit is contained in:
Funky (OpenClaw)
2026-02-23 03:42:42 +00:00
parent 0682c79580 ee211b6e7f
commit 1a67a01928
11 changed files with 2485 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
MAINTENANCE-SCHEDULE.md Normal file
View File

@@ -0,0 +1,83 @@
# Homelab Maintenance Schedule
**Automated reminders managed by OpenClaw cron jobs**
## Weekly Tasks
### Sunday 9:00 AM - UCG Ultra Backup
- Download configuration backup from UCG Ultra
- Save to `homelab-docs/backups/ucg-ultra/`
- Commit to Git
- **Why:** Protect against factory resets and config loss
### Monday 8:00 AM - External Service Check
- Automated verification of all external domains
- Tests VPN tunnel connectivity
- Reports any issues
- **Why:** Early detection of service outages
## Monthly Tasks
### 1st of Month, 10:00 AM - Firmware Updates
- Check UCG Ultra for updates
- Check Proxmox hosts (apt update)
- Review container template updates
- **Why:** Security patches and bug fixes
## Quarterly Tasks
### Jan/Apr/Jul/Oct 1st, 10:00 AM - Firewall Review
- Audit UCG Ultra firewall rules
- Verify VPN → LAN access still needed
- Remove unused rules
- Document changes
- **Why:** Security hygiene and cleanup
## Ad-Hoc Maintenance
**Before any major change:**
- [ ] Take UCG Ultra backup
- [ ] Create Proxmox snapshots
- [ ] Document in homelab-docs
- [ ] Test in isolated environment if possible
**After infrastructure changes:**
- [ ] Update DHCP reservations if needed
- [ ] Update firewall rules
- [ ] Test external access
- [ ] Commit changes to Git
- [ ] Take fresh backup
## Emergency Contacts
**If something breaks:**
1. Check recent memory files in workspace
2. Review homelab-docs for current config
3. Check Gitea for recent changes
4. Restore from UCG Ultra backup if needed
**Backup locations:**
- Local: `/root/.openclaw/workspace/homelab-docs/backups/`
- Gitea: http://10.0.10.2:3000/fred/homelab-docs
- Cloud: (Add your cloud storage location)
## Cron Job Status
View all scheduled jobs:
```bash
openclaw cron list
```
Disable a job:
```bash
openclaw cron update <job-id> --disable
```
Run a job manually:
```bash
openclaw cron run <job-id>
```
---
**Last updated:** 2026-02-11 (post-incident recovery)

315
README.md
View File

@@ -1,265 +1,50 @@
# Fred's Projects - Source of Truth # Fred's Homelab Documentation
This is the master directory for all active projects. It serves as the "source of truth" for Claude Code sessions. **Infrastructure documentation and configuration for Fred's homelab**
--- ## What's Here
## Quick Start with VS Code Insiders - **docs/** - Infrastructure audits, guides, and documentation
- **infrastructure/** - Current infrastructure notes and configs
**Open the workspace**: - **docker-compose/** - Docker Compose files for services
``` - **scripts/** - Automation and maintenance scripts
Double-click: fred-workspace.code-workspace
``` ## Quick Reference
Or from VS Code: `File → Open Workspace → fred-workspace.code-workspace` **Gitea:** http://10.0.10.2:3000
**Proxmox Hosts:** 10.0.10.2, 10.0.10.3, 10.0.10.4
**Start Claude Code**: **OMV Storage:** 10.0.10.5
```bash **OpenClaw:** 10.0.10.28
cd C:\Users\Fred\projects
claude ## Key Documents
```
- [Complete Infrastructure Audit (2026-02-05)](docs/INFRASTRUCTURE-AUDIT-COMPLETE-2026-02-05.md)
**Tell Claude to load context**: - [2026 Homelab Best Practices Guide](docs/homelab-2026-guide.md)
``` - [Infrastructure Notes (TOOLS.md)](infrastructure/TOOLS.md)
"Read .claude-context.md to understand my project structure"
``` ## Proxmox Services
--- | Service | IP | Container/VM | Purpose |
|---------|-----|--------------|---------|
## Projects Overview | Home Assistant | 10.0.10.24 | VM 104 | Smart home automation |
| n8n | 10.0.10.22 | CT 106 | Workflow automation |
### 🎯 [claude-workflows](claude-workflows/) | Uptime Kuma | 10.0.10.26 | CT 128 | Monitoring |
**ADHD-friendly productivity tools for Claude Code** | OpenClaw | 10.0.10.28 | CT 130 | AI agent |
- Slash commands (`/push`, `/eod`) | Step-CA | 10.0.10.15 | CT 115 | Internal CA |
- ADHD assistant with sidequest detection | Twingate | router-pve | CT 101 | VPN connector |
- Auto-discovery for cross-project setup | Gitea | 10.0.10.2 | Docker | Git repository |
**Start here when**: Working on Claude Code tooling, productivity features ## Updating Documentation
--- This repository is the **source of truth** for infrastructure knowledge.
### 🏥 [VA-Strategy](VA-Strategy/) When making changes to the homelab:
**VA disability claims management system** 1. Document the change in the relevant file
- Goal: 100% VA rating via TDIU 2. Commit with descriptive message
- Current: 60% combined (30% highest single) 3. Push to Gitea
- Tracking, evidence, statements, forms
OpenClaw (Funky) reads this repo to answer infrastructure questions!
**Start here when**: Working on VA claims, medical documentation
---
**Quick commands**:
```bash *Maintained by Fred Book with assistance from Funky (OpenClaw AI agent)*
cd VA-Strategy
git status # Check what's changed
cat tracking/master-tracking.md # See current status
```
---
### 🏠 [infrastructure](infrastructure/)
**Home network, Home Assistant, smart home**
- Home Assistant configuration
- ESPHome devices (garage controller, furnace)
- Voice assistant system (GPU-accelerated, local)
- Network infrastructure (MQTT, DNS-over-TLS)
**Start here when**: Working on home automation, voice assistant, ESPHome
**Active subprojects**:
- Voice Assistant: Gaming PC + Surface Go
- Furnace Control: ESP32 planning phase
- Home Assistant: Main config
---
### ⚙️ [config](config/)
**Shared configuration files**
Minimal/placeholder for cross-project configs.
---
### 📚 [claude-code-history](claude-code-history/)
**Background: Claude Code session history**
Session transcripts, state files, stats. Mostly hidden from searches.
---
## Key Files
| File | Purpose |
|------|---------|
| `.claude-context.md` | Master context file - tells Claude about all projects |
| `fred-workspace.code-workspace` | VS Code multi-root workspace |
| `VSCODE-SETUP.md` | Detailed setup guide for VS Code + Claude |
| `README.md` | This file - quick reference |
---
## ADHD-Friendly Workflow
### How Sidequest Detection Works
1. You're working in one project (e.g., VA-Strategy)
2. You start exploring something related to another project (e.g., ESP32 for infrastructure)
3. Claude detects the context shift
4. Claude offers to:
- Track it as a side quest
- Switch projects formally
- Create a new project
- Return to original work
### Example
```
You: [Working in VA-Strategy on headache log]
You: "I wonder if I could automate headache tracking with Home Assistant"
Claude: 🤔 Side quest detected!
Current: VA-Strategy (headache log)
New idea: HA automation (infrastructure)
Options:
1. Continue exploring (I'll track it)
2. Switch to infrastructure project
3. Create new "health-automation" project
4. Return to headache log
```
---
## Common Workflows
### Start Working on a Project
```bash
cd C:\Users\Fred\projects\VA-Strategy
claude
# Tell Claude what you want to work on
```
### Switch Projects Mid-Session
Just tell Claude:
```
"I want to switch to working on infrastructure now"
```
Claude will track the context switch.
### Explore a Side Quest
```
"This is a side quest - I want to explore X for 20 minutes"
```
Claude will set a timer and check in.
### End of Day
```
/eod
```
Claude will:
- Commit your changes
- Show what you accomplished
- Prepare for tomorrow
---
## Setup Checklist
- [x] `.claude-context.md` created
- [x] Workspace file created
- [ ] Open workspace in VS Code Insiders
- [ ] Create ADHD assistant state directory:
```powershell
New-Item -ItemType Directory -Path "$env:USERPROFILE\.claude-assistant" -Force
Copy-Item "claude-workflows\.assistant\state.json.template" "$env:USERPROFILE\.claude-assistant\state.json"
```
- [ ] Start Claude Code session
- [ ] Test sidequest detection
---
## Files You Should Know About
### Global Context
- **`.claude-context.md`** - Tells Claude about all your projects
- **`fred-workspace.code-workspace`** - Multi-root workspace for VS Code
- **`VSCODE-SETUP.md`** - Detailed setup instructions
### ADHD Assistant
- **`claude-workflows/.assistant/personality.md`** - How Claude should behave
- **`claude-workflows/.assistant/state.json.template`** - Session state template
- **`~/.claude-assistant/state.json`** - Your active state file (to be created)
### Project-Specific
- **`VA-Strategy/CLAUDE.md`** - VA project context
- **`VA-Strategy/README.md`** - VA project overview
- **`infrastructure/README.md`** - Infrastructure overview
- **`claude-workflows/README.md`** - Workflows overview
---
## Customization
### Adjust ADHD Assistant Behavior
Edit: `~/.claude-assistant/state.json`
```json
{
"user": {
"preferences": {
"intervention_style": "gentle", // gentle | assertive | minimal
"stuck_threshold": 3, // How many times before intervention
"sidequest_time_limit_minutes": 30, // Check-in time
"celebrates_completions": true // Celebrate wins
}
}
}
```
### Add More Projects
Edit: `fred-workspace.code-workspace`
Add new folder:
```json
{
"path": "new-project",
"name": "📦 New Project"
}
```
---
## Getting Help
### Claude Code
- `/help` - Claude Code help
- Ask Claude: "How does sidequest detection work?"
### Project-Specific
- Each project has a README.md
- VA-Strategy and infrastructure have CLAUDE.md files
### Issues
Report at: https://github.com/anthropics/claude-code/issues
---
## Philosophy
This setup is designed to work **with** ADHD, not against it:
✓ Side quests are valid exploration
✓ Context switching is supported
✓ Progress is celebrated
✓ No judgment on workflow
✓ Gentle nudging, not rigid control
Claude is here to help you stay aware of what you're working on, not to police your focus.
---
**Ready?** Open `fred-workspace.code-workspace` and start a Claude session!

51
backups/README.md Normal file
View File

@@ -0,0 +1,51 @@
# UCG Ultra Backups
Store UCG Ultra configuration backups here.
## How to Restore
1. Factory reset UCG Ultra (or start fresh)
2. Go through initial setup wizard
3. Settings → System → Backup → Restore from Backup
4. Upload the .unf file
5. Wait for restore to complete (~5 minutes)
6. Device will reboot with full config restored
## Backup Schedule
- **After any major config change**
- **Weekly automated backup** (set reminder)
- **Before firmware updates**
## Current Backups
| Date | Filename | Size | Notes |
|------|----------|------|-------|
| 2026-02-11 | network_backup_10.02.2026_20-36_v10.0.162.unf | (see below) | ✅ Post-incident restoration - All DHCP reservations + WireGuard VPN + Firewall rules |
## What's Included in This Backup
**Network Configuration:**
- All DHCP reservations (Proxmox hosts, services, devices)
- Network settings (10.0.10.0/24)
**VPN Configuration:**
- WireGuard VPN client to VPS (10.0.9.0/24)
- Private keys preserved
**Firewall Rules:**
- VPN → LAN traffic allowed (10.0.9.0/24 → 10.0.10.0/24)
- Zone-based firewall policies
**WiFi Settings:**
- SSID configurations
- Security settings
**Device Configs:**
- All known clients
- Network topology
## Recovery Tested
This backup was created immediately after a successful recovery from a UCG Ultra factory reset on 2026-02-11. All services verified working after restoration.

BIN
backups/ucg-ultra/network_backup_10.02.2026_20-36_v10.0.162.unf Normal file
View File

Binary file not shown.

382
docs/COMPLETE-HOMELAB-INVENTORY-2026-02-05.md Normal file
View File

@@ -0,0 +1,382 @@
# Complete Homelab Infrastructure Inventory
**Date:** 2026-02-05 16:22 UTC
**Audited by:** Funky (OpenClaw AI Agent)
**Method:** Direct SSH access + verification
**Status:** ✅ All hosts accessible and audited
---
## Network Overview
**Main Network:** 10.0.10.0/24
**VPN Network:** 10.0.9.0/24 (WireGuard)
**External VPS:** 51.222.12.162 (vps.nianticbooks.com)
**Proxmox Hosts:** 3 active
**Total LXC Containers:** 16 (15 running, 1 stopped)
**Total VMs:** 2
**Docker Containers:** 1 (Gitea on router-pve)
---
## Proxmox Host 1: router-pve (10.0.10.2)
### Hardware & System
- **Hostname:** pve-router
- **Role:** Network router + lightweight virtualization
- **Proxmox Version:** 9.1.4 (latest)
- **Kernel:** 6.17.4-2-pve
- **Uptime:** 37 minutes (freshly rebooted)
- **CPU:** 6 cores
- **RAM:** 15 GiB
- **Primary Storage:** 3.6TB ZFS pool (nas1) - 99.99% free!
### LXC Containers
| VMID | Name | Status | Purpose |
|------|------|--------|---------|
| 101 | twingate-connector | Running | VPN/Zero-trust network access |
### Virtual Machines
| VMID | Name | Status | RAM | Disk | Purpose |
|------|------|--------|-----|------|---------|
| 104 | haos16.2 | Running | 4GB | 32GB | Home Assistant OS (smart home) |
### Docker Containers
| Name | Image | Status | Ports | Purpose |
|------|-------|--------|-------|---------|
| gitea | gitea/gitea:latest | Running | 3000, 222 | Git repository server (deployed today!) |
### Storage Breakdown
- **local:** 236GB (18% used) - Proxmox system + CT storage
- **nas1 (ZFS):** 3.6TB (0.01% used) - 4TB HDD, hosts Gitea data
- **omv-shared (NFS):** 7.3TB (5% used) - Mounted from OMV
### Network
- **vmbr0:** 10.0.10.2/24 (main bridge)
- **vmbr1:** DOWN (unused)
- **docker0:** 172.17.0.1/16 (Docker bridge)
---
## Proxmox Host 2: main-pve (10.0.10.3)
### Hardware & System
- **Hostname:** main-pve
- **Role:** Primary virtualization host (POWERHOUSE!)
- **Proxmox Version:** 9.1.4 (latest)
- **Kernel:** 6.17.4-2-pve
- **Uptime:** 1 week, 5 days, 15 hours
- **CPU:** 32 cores (!!!)
- **RAM:** 94 GiB (!!)
- **Primary Storage:** 478GB LVMthin (nvme-fast) - 5% used
### LXC Containers (14 running + 1 stopped)
| VMID | Name | Status | Purpose | IP (likely) |
|------|------|--------|---------|-------------|
| 102 | postgresql | Running | Database server | TBD |
| 103 | bar-assistant | Running | Cocktail recipe manager? | TBD |
| 105 | pterodactyl-panel | Running | Game server management panel | TBD |
| 106 | n8n | Running | **Workflow automation** | 10.0.10.22 |
| 107 | pterodactyl-wings | Running | Pterodactyl wings daemon | TBD |
| 115 | ca-server | Running | **Step-CA (Certificate Authority)** | 10.0.10.15 |
| 121 | authentik | Running | Authentication/SSO provider | TBD |
| 123 | rustdesk | Running | Remote desktop server | TBD |
| 125 | prometheus | Running | Monitoring & metrics | TBD |
| 127 | dockge | Running | Docker management UI | TBD |
| 128 | uptime-kuma | Running | **Uptime monitoring** | 10.0.10.26 |
| 130 | openclaw | Running | **ME! OpenClaw AI Agent** | 10.0.10.28 |
| 132 | jellyfin | Running | Media server | TBD |
| 199 | migration-test | Stopped | Test container (inactive) | - |
| 200 | obsidian-livesync | Running | Obsidian sync server | TBD |
### Virtual Machines
None (all workloads containerized)
### Storage Breakdown
- **local:** 482GB (17% used) - Proxmox system storage
- **nvme-fast (LVMthin):** 478GB (5% used) - Fast NVMe storage for containers
- **omv-shared (NFS):** 7.3TB (5% used) - Mounted from OMV
- **nas1 (ZFS):** Disabled on this host
### Network
- **vmbr0:** 10.0.10.3/24 (main bridge)
- **14 veth interfaces** (one per running container)
---
## Proxmox Host 3: pve-storage / wallpocket (10.0.10.4)
### Hardware & System
- **Hostname:** wallpocket
- **Role:** Storage-focused host (likely hosts OMV)
- **Proxmox Version:** 9.1.4 (latest)
- **Kernel:** 6.17.4-2-pve
- **Uptime:** 1 week, 6 days, 20 hours
- **CPU:** 4 cores
- **RAM:** 15 GiB
- **Primary Storage:** 113GB local (17% used)
### LXC Containers
None (all workloads in VM)
### Virtual Machines
| VMID | Name | Status | RAM | Disk | Purpose |
|------|------|--------|-----|------|---------|
| 400 | OMV | Running | 4GB | 32GB | **OpenMediaVault (OMV)** - Primary NAS |
### Storage Breakdown
- **local:** 113GB (17% used) - Proxmox system + VM storage
- **omv-shared (NFS):** 7.3TB (5% used) - Exported FROM this VM
- **nas1 (ZFS):** Disabled
- **nvme-fast (LVMthin):** Inactive
### Network
- **vmbr0:** 10.0.10.4/24 (main bridge)
- **tap400i0:** VM network tap device
### Notes
- This host exports the NFS share that other hosts mount
- VM 400 (OMV) provides 7.3TB of shared storage
- OMV likely manages multiple physical disks in RAID
---
## External Infrastructure
### VPS (51.222.12.162 - vps.nianticbooks.com)
- **SSH Access:** ❌ Not configured (no public key)
- **WireGuard IP:** 10.0.9.1
- **Known Services:**
- Caddy reverse proxy (*.nianticbooks.com, *.deadeyeg4ming.vip)
- WireGuard VPN server (10.0.9.0/24)
- Routes traffic to UCG Ultra (10.0.9.2) → homelab (10.0.10.0/24)
- LetsEncrypt SSL certificates
- **Estimated Role:** Public-facing gateway for homelab services
---
## Network Appliances & Services
### Known Services (from TOOLS.md)
| Service | IP | Host | Container/VM | Purpose |
|---------|-----|------|--------------|---------|
| **Home Assistant** | 10.0.10.24 | router-pve | VM 104 | Smart home automation |
| **n8n** | 10.0.10.22 | main-pve | CT 106 | Workflow automation |
| **Uptime Kuma** | 10.0.10.26 | main-pve | CT 128 | Service monitoring |
| **OpenClaw** | 10.0.10.28 | main-pve | CT 130 | AI agent (me!) |
| **Step-CA** | 10.0.10.15 | main-pve | CT 115 | Internal certificate authority |
| **Gitea** | 10.0.10.2:3000 | router-pve | Docker | Git repository (NEW!) |
| **Twingate** | router-pve | router-pve | CT 101 | Zero-trust VPN |
| **OMV** | 10.0.10.4 | pve-storage | VM 400 | NAS / File server |
### Additional Services Discovered
| Service | Host | Container | Purpose (estimated) |
|---------|------|-----------|---------------------|
| PostgreSQL | main-pve | CT 102 | Database for various services |
| Bar Assistant | main-pve | CT 103 | Cocktail recipe app? |
| Pterodactyl Panel | main-pve | CT 105 | Game server management |
| Pterodactyl Wings | main-pve | CT 107 | Game server daemon |
| Authentik | main-pve | CT 121 | SSO/Authentication |
| RustDesk | main-pve | CT 123 | Self-hosted remote desktop |
| Prometheus | main-pve | CT 125 | Metrics collection |
| Dockge | main-pve | CT 127 | Docker management UI |
| Jellyfin | main-pve | CT 132 | Media streaming |
| Obsidian LiveSync | main-pve | CT 200 | Obsidian sync (CouchDB) |
---
## Storage Architecture
### Shared Storage (NFS)
- **omv-shared:** 7.3TB NFS export from pve-storage (VM 400 - OMV)
- **Mounted on:** router-pve, main-pve, pve-storage
- **Usage:** 419GB used (5.4%) - **6.9TB free**
- **Purpose:** Shared storage for backups, data, media
### Local Storage per Host
**router-pve:**
- 236GB local (Proxmox + VMs)
- 3.6TB nas1 ZFS pool (4TB HDD - NOW HOSTING GITEA!)
**main-pve:**
- 482GB local (Proxmox system)
- 478GB nvme-fast LVMthin (container storage)
**pve-storage (wallpocket):**
- 113GB local (Proxmox + OMV VM)
- OMV VM manages large storage pool (likely multiple disks)
---
## Network Configuration
### Bridges
| Bridge | Host | IP | Purpose |
|--------|------|----|---------|
| vmbr0 | router-pve | 10.0.10.2/24 | Main network bridge |
| vmbr0 | main-pve | 10.0.10.3/24 | Main network bridge |
| vmbr0 | pve-storage | 10.0.10.4/24 | Main network bridge |
### External Access
- **VPS Caddy** (10.0.9.1) → WireGuard VPN (10.0.9.0/24) → UCG Ultra (10.0.9.2) → Internal services (10.0.10.0/24)
- **LetsEncrypt SSL** on VPS for public services (*.nianticbooks.com, *.deadeyeg4ming.vip)
- **Step-CA** (10.0.10.15) for internal certificates
---
## Container/VM IP Mapping (Verified)
| IP | Service | Host | CT/VM | Verified |
|----|---------|------|-------|----------|
| 10.0.10.2 | router-pve | router-pve | Host | ✅ |
| 10.0.10.3 | main-pve | main-pve | Host | ✅ |
| 10.0.10.4 | pve-storage (wallpocket) | pve-storage | Host | ✅ |
| 10.0.10.11 | Fred's iMac | - | Node | ✅ |
| 10.0.10.15 | Step-CA | main-pve | CT 115 | ✅ (from TOOLS.md) |
| 10.0.10.22 | n8n | main-pve | CT 106 | ✅ (from TOOLS.md) |
| 10.0.10.24 | Home Assistant | router-pve | VM 104 | ✅ (from TOOLS.md) |
| 10.0.10.26 | Uptime Kuma | main-pve | CT 128 | ✅ (from TOOLS.md) |
| 10.0.10.28 | OpenClaw | main-pve | CT 130 | ✅ (I'm running here!) |
### IPs to Verify
| Service | Host | CT | Likely IP | Need Verification |
|---------|------|----|-----------|--------------------|
| PostgreSQL | main-pve | CT 102 | Unknown | ⚠️ |
| Bar Assistant | main-pve | CT 103 | Unknown | ⚠️ |
| Pterodactyl Panel | main-pve | CT 105 | Unknown | ⚠️ |
| Pterodactyl Wings | main-pve | CT 107 | Unknown | ⚠️ |
| Authentik | main-pve | CT 121 | Unknown | ⚠️ |
| RustDesk | main-pve | CT 123 | Unknown | ⚠️ |
| Prometheus | main-pve | CT 125 | Unknown | ⚠️ |
| Dockge | main-pve | CT 127 | Unknown | ⚠️ |
| Jellyfin | main-pve | CT 132 | Unknown | ⚠️ |
| Obsidian LiveSync | main-pve | CT 200 | Unknown | ⚠️ |
---
## Summary Statistics
### Total Resources
- **3 Proxmox Hosts** (all running 9.1.4 - latest!)
- **42 CPU cores total** (6 + 32 + 4)
- **124 GiB RAM total** (15 + 94 + 15)
- **~12TB+ storage** across all hosts
### Workload Distribution
- **router-pve:** 1 CT + 1 VM + 1 Docker (lightweight router/gateway)
- **main-pve:** 15 CTs (0 VMs) - PRIMARY WORKHORSE
- **pve-storage:** 0 CTs + 1 VM (OMV) - STORAGE FOCUS
### Container/VM Count
- **16 LXC containers** (15 running, 1 stopped)
- **2 VMs** (both running)
- **1 Docker container** (Gitea, deployed today)
- **Total workloads:** 19
### Services by Category
**Infrastructure:**
- Step-CA (certificates)
- Twingate (VPN)
- OMV (storage)
- Prometheus (monitoring)
- Uptime Kuma (uptime monitoring)
**Automation & Management:**
- n8n (workflow automation)
- Dockge (Docker management)
- OpenClaw (AI agent - that's me!)
**Media & Entertainment:**
- Jellyfin (media streaming)
- Bar Assistant (cocktail recipes?)
**Game Servers:**
- Pterodactyl Panel (management)
- Pterodactyl Wings (game server daemon)
**Productivity:**
- Obsidian LiveSync (note sync)
- Gitea (git hosting - NEW!)
**Security & Access:**
- Authentik (SSO)
- RustDesk (remote desktop)
**Smart Home:**
- Home Assistant (automation)
**Database:**
- PostgreSQL (backend for services)
---
## Observations & Recommendations
### ✅ Strengths
1. **All hosts on latest Proxmox 9.1.4** - Well maintained!
2. **main-pve is a BEAST** - 32 cores, 94GB RAM, plenty of capacity
3. **Good uptime** - main-pve and pve-storage over a week without restart
4. **Shared NFS storage** - Good architecture for backup/data sharing
5. **Modern 6.17.4-2-pve kernel** on all hosts
6. **Gitea now deployed** - Source of truth for infrastructure docs ✅
### ⚠️ Areas for Improvement
1. **Underutilized 4TB HDD on router-pve**
- NOW FIXED: Hosting Gitea (3.6TB still available for backups!)
- **Recommendation:** Use for Proxmox Backup Server
2. **Many containers without documented IPs**
- **Action needed:** Get into each CT and verify IP addresses
3. **No documented backup system**
- n8n "backup verification" workflow exists but unclear what it checks
- **Recommendation:** Deploy PBS, test restores
4. **VPS access not configured**
- Cannot audit Caddy configuration directly
- **Recommendation:** Add SSH key for VPS
5. **One stopped container** (CT 199 - migration-test)
- **Recommendation:** Delete if no longer needed
### 💡 Next Actions
1.**Gitea deployed** - Infrastructure docs now in Git
2.**Get IP addresses** for all containers (CT 102, 103, 105, etc.)
3.**Document backup system** in detail
4.**Deploy Proxmox Backup Server** on router-pve using 4TB HDD
5.**Add VPS SSH key** for full infrastructure access
6.**Clean up** stopped CT 199 if no longer needed
---
## Changes Made Today (2026-02-05)
### Infrastructure Additions
-**Gitea deployed** on router-pve (Docker container)
- Storage: /nas1/gitea/ (on 4TB HDD)
- Access: http://10.0.10.2:3000
- Repos created: homelab-docs, 3d-print-farm, obsidian-vault
### Access Improvements
-**SSH key added** for OpenClaw → router-pve access
-**SSH key added** for OpenClaw → main-pve access (was already there)
-**SSH key added** for OpenClaw → pve-storage access (was already there)
### Documentation
-**Complete infrastructure audit** created and committed to Git
-**This inventory** will be committed to homelab-docs repo
---
**Inventory complete!**
**Method:** Direct SSH verification of all 3 Proxmox hosts
**Accuracy:** High (all data from live systems)
**Next:** Get IP addresses for remaining containers
---
*Generated by Funky (OpenClaw AI Agent) on 2026-02-05 16:22 UTC*
*Committed to: http://10.0.10.2:3000/fred/homelab-docs*

788
docs/INFRASTRUCTURE-AUDIT-COMPLETE-2026-02-05.md Normal file
View File

@@ -0,0 +1,788 @@
# Complete Infrastructure Audit Report
## Fred Book's Homelab - February 5, 2026
**Audited by:** Funky (OpenClaw Agent) + Claude Code (previous audit)
**Audit Period:** January 2026 - February 5, 2026
**Last Updated:** 2026-02-05 15:24 UTC
---
## Executive Summary
Fred's homelab is a well-structured Proxmox-based infrastructure supporting smart home automation, workflow automation, monitoring, and emerging 3D printing business operations. The system demonstrates good security practices (internal CA, VPN) and automation (n8n workflows, monitoring).
**Key Strengths:**
- ✅ Multiple Proxmox hosts providing redundancy
- ✅ Internal certificate authority (Step-CA)
- ✅ WireGuard VPN for secure remote access
- ✅ Comprehensive monitoring (Uptime Kuma, n8n workflows)
- ✅ External reverse proxy (Caddy on VPS)
**Areas for Improvement:**
- ⚠️ Backup system needs documentation and verification
- ⚠️ SSH connectivity issues between some containers
- ⚠️ No centralized infrastructure documentation (Gitea needed)
- ⚠️ 4TB HDD on router-pve underutilized
---
## Network Architecture
### Network Segments
**Primary Network:** 10.0.10.0/24
- Main homelab services
- Proxmox management interfaces
- LXC containers and VMs
**VPN Network:** 10.0.9.0/24
- WireGuard tunnel
- VPS: 10.0.9.1 (WireGuard server)
- UCG Ultra: 10.0.9.2 (WireGuard client mode)
- Secure remote access to homelab
**External Access:**
- VPS: 51.222.12.162 (vps.nianticbooks.com)
- Caddy reverse proxy handling public access
- Routes to internal services via WireGuard
---
## Proxmox Infrastructure
### Proxmox Hosts
**1. main-pve (10.0.10.3)**
- Role: Primary virtualization host
- Running: Multiple LXC containers
- Notes: Likely running Home Assistant, n8n, other core services
**2. pve-router (10.0.10.2) / router-pve**
- Role: Router/gateway + Proxmox host
- Currently running: Home Assistant (confirmed by Fred)
- Storage: **4TB HDD - Currently underutilized** ⚠️
- Notes: Lightly loaded, good candidate for additional services
- SSH Access: Working from external clients, hanging from 10.0.10.28
**3. pve-storage (10.0.10.4)**
- Role: Storage-focused Proxmox host
- May also be OMV (OpenMediaVault) server
**4. HP DL380 (Proxmox host)**
- Running: OpenClaw Gateway container (10.0.10.28)
- Notes: Enterprise-grade hardware
### Proxmox Version
- Multiple hosts, versions not yet confirmed
- Recommended: Upgrade to Proxmox VE 9.1 (latest as of 2026)
---
## Storage Infrastructure
### OMV (OpenMediaVault) Servers
**OMV 10.0.10.4**
- Old storage server
- Status: Active but possibly being phased out
**OMV 10.0.10.5** (Primary)
- Main data share: `\\10.0.10.5\data`
- Stores: Backups, VA documents, research, infrastructure docs
- Access: SMB/CIFS shares
**Known Files on 10.0.10.5:**
- `/data/INFRASTRUCTURE-AUDIT-REPORT.md` (Claude Code audit)
- `/data/VA-Strategy/` (Fred's VA claim documents)
- `/data/backups/` (backup destination)
- Various project and research files
**Storage Recommendations:**
- Consolidate OMV instances if redundant
- Use router-pve 4TB HDD for backup target
- Consider TrueNAS SCALE for future storage needs
---
## Key Services & Applications
### LXC Containers
**Home Assistant (10.0.10.24)**
- Platform: LXC container
- Purpose: Smart home automation
- Running on: Confirmed on router-pve, possibly on other hosts too
- Access: http://10.0.10.24:8123
**n8n Workflow Automation (10.0.10.22) - CT 106**
- Platform: LXC container
- Purpose: Workflow automation and orchestration
- Web UI: http://10.0.10.22:5678
- API Access: Available with key
- User: OpenClaw (API access granted Feb 3, 2026)
- API Key: `eyJhbGci...` (stored in TOOLS.md)
**Active n8n Workflows:**
- Prometheus alerts → Discord/Email/Pushover
- Backup verification (daily @ 6 AM) ⚠️ **Needs documentation**
- SSL certificate expiration monitor
- Service health monitor (every 5 min via Uptime Kuma)
- Task overdue alerts (every 4 hours)
- Uptime Kuma webhook → alerts
**Uptime Kuma (10.0.10.26) - CT 128**
- Platform: LXC container
- Purpose: Service monitoring and uptime tracking
- Integration: Feeds into n8n for alerting
**OpenClaw Gateway (10.0.10.28) - CT 130** (Me!)
- Platform: LXC container on HP DL380
- Purpose: AI agent coordination and automation
- Running: OpenClaw 2026.2.1+
- Model: anthropic/claude-sonnet-4-5
- Limitations: No sound card/audio output
- SSH Access: Can reach external hosts, cannot reach router-pve (10.0.10.2) ⚠️
**Step-CA (10.0.10.15) - CT 115**
- Platform: LXC container
- Purpose: Internal certificate authority
- Function: Issues TLS certificates for internal services
- Integration: Works with internal Caddy instances
---
## External Infrastructure
### VPS (51.222.12.162 - vps.nianticbooks.com)
**Platform:** Cloud VPS
**Purpose:** External reverse proxy and public access point
**WireGuard IP:** 10.0.9.1
**Services Running:**
- Caddy reverse proxy (*.nianticbooks.com, *.deadeyeg4ming.vip)
- Handles public DNS and routing
- WireGuard VPN server (10.0.9.0/24)
- Routes traffic via WireGuard (10.0.9.1) → UCG Ultra (10.0.9.2) → homelab (10.0.10.0/24)
**Configuration:**
- SSL certificates via LetsEncrypt (managed by Caddy)
- Routes to internal services via WireGuard tunnel
- Provides secure external access without exposing homelab
---
## Security Infrastructure
### Certificate Management
**Internal CA: Step-CA (10.0.10.15)**
- Issues certificates for internal services
- Trusted by internal clients
- Good separation: Internal CA for private, LetsEncrypt for public
**External: LetsEncrypt (via Caddy)**
- VPS Caddy handles public-facing certificates
- Automatic renewal
- No conflicts with internal CA
**Recommendation:** ✅ Current setup is solid, no changes needed
### VPN Access
**WireGuard VPN**
- Network: 10.0.9.0/24
- VPS: 10.0.9.1 (51.222.12.162 - vps.nianticbooks.com)
- UCG Ultra: 10.0.9.2 (client mode, routes to 10.0.10.0/24)
- Provides secure remote access to homelab
- Used by VPS Caddy to route traffic internally
- Properly segregated from main network
### Firewall & Access Control
- Status: Assumed configured on router-pve
- Needs: Documentation of firewall rules
- **TODO:** Audit firewall configuration
---
## Paired Nodes
### Fred's iMac (10.0.10.11)
**Platform:** macOS with OpenClaw desktop app node
**Version:** OpenClaw 2026.2.1 (build 8650)
**Mode:** Remote
**Status:** Connected (last seen Feb 5, 2026 07:04 UTC, 12:10 UTC)
**Capabilities:**
- Camera access (for snapshots/video)
- Screen recording
- Canvas display
- Notifications
- Potential audio output for TTS
**Known Issues:**
- `nodes screen_record` fails with "Operation could not be completed" (OpenClaw 2026.2.1 bug)
- Workaround: Use native `screencapture` command instead
- No remote command execution (system.run not supported on desktop app)
**Usage:**
- Near Fred but screen visibility limited
- Good for notifications and quick captures
- Cannot run CLI tools remotely
---
## Backup System
**Current Status:** ⚠️ **Partially documented**
**Known Components:**
- n8n workflow: "Backup verification (daily @ 6 AM)"
- Likely backing up to OMV (10.0.10.5) `/data/backups/`
- Verification running automatically
**Questions to Answer:**
1. What exactly is being backed up?
- Proxmox VMs/containers?
- OMV data shares?
- Specific service configs?
2. Where are backups stored?
- OMV 10.0.10.5?
- Router-pve 4TB HDD?
- External drive?
3. How are backups performed?
- Proxmox built-in backup (vzdump)?
- rsync scripts?
- n8n workflows?
- Proxmox Backup Server?
4. Can backups be restored?
- Last restore test: Unknown
- Restore documentation: None found
**Immediate Actions Needed:**
1. ✅ Document current backup system
2. ✅ Test restore procedure
3. ✅ Utilize router-pve 4TB HDD for backup target
4. ✅ Consider deploying Proxmox Backup Server (PBS)
**Recommendation:** Deploy PBS on router-pve using 4TB HDD
---
## Documentation System
**Current State:** ⚠️ **Fragmented**
**Existing Documentation:**
- INFRASTRUCTURE-AUDIT-REPORT.md (Claude Code, on OMV)
- TOOLS.md (OpenClaw workspace)
- Various files scattered across OMV shares
- No centralized version control
**Planned Solution: Gitea**
- Self-hosted Git repository
- Will serve as infrastructure knowledge base
- Accessible to AI agents for queries
- Version-controlled documentation
- **Status:** To be deployed on router-pve (this session)
**Obsidian Vault:**
- Git-backed Obsidian vault in progress
- Location: `/root/.openclaw/workspace/obsidian-vault/`
- Includes: Infrastructure docs, VA strategy, Kobe VA docs, business plans
- **Status:** Awaiting Fred to set up central git repo on OMV
---
## Current Projects
### 3D Printing Business
- Planning 3D print farm with Fred's son
- Need for CAD/slicing software
- Considering GPU passthrough for Windows VM on Proxmox
- Target: Bambu Lab A1 printer(s)
- **Files needed:** Printer profiles, production 3MF files
### Truck Carputer/Android Head Unit
- Android-based head unit for truck
- Status: Research/planning phase
- Homelab integration potential
### VA Disability Claims
- Fred's claim: Sleep apnea + hypersomnia secondary to PTSD
- Kobe's claim: VA dependent benefits for disabled child
- Documentation: Extensive templates and checklists created
- Storage: OMV 10.0.10.5 `/data/VA-Strategy/`
---
## Changes Made During This Session (2026-02-05)
### Apple Calendar/Reminders Integration ✅
- **Time:** 02:48 UTC (8:48 PM CST Feb 4)
- **Action:** Configured CalDAV connection to iCloud
- **Result:** Created 10 calendar events for VA claims and 3D printing tasks
- **Access:** fredbook@gmail.com via app-specific password
- **Location:** Events created in "Lenard Farms" calendar
- **Status:** ✅ Working (Fred confirmed seeing events)
### Obsidian Git Vault Created ✅
- **Time:** 02:54 UTC
- **Action:** Created git-based Obsidian vault with all VA documents
- **Location:** `/root/.openclaw/workspace/obsidian-vault/`
- **Contents:** 18 files including VA strategy, Kobe VA docs, infrastructure docs
- **Status:** ⏳ Awaiting Fred to create central repo on OMV
### SSH Key Generated ✅
- **Time:** 15:13 UTC
- **Action:** Generated SSH key for accessing router-pve
- **Key:** ed25519, stored at `/root/.ssh/id_ed25519_router-pve`
- **Public Key:** Added to router-pve `/root/.ssh/authorized_keys`
- **Status:** ⚠️ Key installed but connection hangs (network routing issue)
### Infrastructure Documentation Created ✅
- **Files Created:**
- `homelab-2026-guide.md` - Comprehensive homelab + GPU passthrough guide (13.8KB)
- `INFRASTRUCTURE-AUDIT-COMPLETE-2026-02-05.md` - This document
- **Status:** Committed to Obsidian vault
---
## Recommendations & Action Plan
### Immediate (This Week)
**1. Deploy Gitea on router-pve** 🎯 **In Progress**
- Install as Docker container or LXC
- Use as infrastructure documentation source of truth
- Store: Docker Compose files, scripts, infrastructure docs, 3D printing configs
- Make accessible to AI agents for queries
- **Priority:** HIGH
**2. Document Backup System**
- What: Inventory what's being backed up
- Where: Confirm backup destinations
- How: Document backup procedures
- Test: Perform restore test
- **Priority:** HIGH
**3. Utilize Router-PVE 4TB HDD**
- Check if formatted and mounted
- Configure as backup target
- Consider deploying Proxmox Backup Server (PBS)
- **Priority:** HIGH
**4. Fix SSH Access to router-pve from OpenClaw**
- Troubleshoot network routing
- Check firewall rules on router-pve
- Alternative: Use `nodes run` via Fred's iMac as proxy
- **Priority:** MEDIUM (workarounds available)
### Short Term (Next 2 Weeks)
**5. Complete Obsidian Vault Setup**
- Fred creates git repo on OMV
- Sync vault to Windows
- Install Obsidian Git plugin
- Begin using for daily documentation
- **Priority:** HIGH
**6. Vaultwarden Deployment**
- Already planned for 10.0.10.27
- Week 1 priority
- Replace cloud Bitwarden with self-hosted
- **Priority:** HIGH (security + family access)
**7. Log Aggregation (Loki + Grafana)**
- Centralize logs from all containers
- Easier troubleshooting
- Better visibility
- **Priority:** MEDIUM
**8. Pi-hole DNS**
- Ad blocking at DNS level
- Already planned
- Can run on router-pve (light load)
- **Priority:** MEDIUM
### Medium Term (Month 1-2)
**9. GPU Passthrough for 3D Printing**
- Research GPU options (RTX 3060 recommended)
- Check which Proxmox host has free PCIe slot
- Set up Windows VM with GPU passthrough
- Install CAD software (Fusion 360, Bambu Studio, etc.)
- Configure remote access (RDP or Parsec)
- **Priority:** MEDIUM (business-critical when 3D farm launches)
**10. Consolidate Storage**
- Evaluate whether to keep both OMV instances
- Consider TrueNAS SCALE for future storage
- Plan migration if needed
- **Priority:** LOW (current setup works)
**11. Monitoring Improvements**
- Add Netdata for system monitoring
- Add Dozzle for real-time container logs
- Integrate with existing Uptime Kuma + n8n
- **Priority:** LOW (nice-to-have)
### Long Term (3-6 Months)
**12. HomelabHub.AI Business Infrastructure**
- Separate network segment for client services?
- Additional security hardening
- Documentation and runbooks
- Client management tools
- **Priority:** MEDIUM (business launch timeline)
**13. Remote Access Improvements**
- Evaluate exposing Gitea via Caddy HTTPS
- Consider Obsidian Sync vs self-hosted sync
- Tailscale as alternative to WireGuard?
- **Priority:** LOW (current VPN works)
---
## Network Diagram
```
Internet
|
[VPS - Caddy]
(51.222.12.162)
|
[WireGuard VPN]
|
+-----------------+------------------+
| |
[Router-PVE] Internal Network
10.0.10.2 10.0.10.0/24
| |
[Home Assistant] +----------------+----------------+
| | |
main-pve pve-storage HP DL380
(10.0.10.3) (10.0.10.4) |
| | |
+---------+---------+ | [OpenClaw]
| | | | 10.0.10.28
HA n8n Uptime OMV
10.0.10.24 .22 Kuma 10.0.10.5
.26
External Nodes:
- Fred's iMac (10.0.10.11) - OpenClaw desktop app
- Fred's iPhone - OpenClaw mobile (via VPN when remote)
- Fred's Windows PC - SSH access, Obsidian client
```
---
## Service Inventory
### Core Infrastructure
| Service | IP | Port | Purpose | Status |
|---------|-----|------|---------|--------|
| Proxmox main-pve | 10.0.10.3 | 8006 | Primary virtualization | ✅ Running |
| Proxmox router-pve | 10.0.10.2 | 8006 | Router + virtualization | ✅ Running |
| Proxmox pve-storage | 10.0.10.4 | 8006 | Storage virtualization | ✅ Running |
| OMV Storage | 10.0.10.5 | 445 | SMB/CIFS file shares | ✅ Running |
| Step-CA | 10.0.10.15 | 443 | Internal CA | ✅ Running |
### Application Services
| Service | IP | Port | Purpose | Status |
|---------|-----|------|---------|--------|
| Home Assistant | 10.0.10.24 | 8123 | Smart home | ✅ Running |
| n8n | 10.0.10.22 | 5678 | Workflow automation | ✅ Running |
| Uptime Kuma | 10.0.10.26 | 3001 | Monitoring | ✅ Running |
| OpenClaw | 10.0.10.28 | 3000 | AI agent | ✅ Running |
### Planned Services
| Service | IP | Port | Purpose | Status |
|---------|-----|------|---------|--------|
| Gitea | 10.0.10.2 | TBD | Git repository | ⏳ Deploying |
| Vaultwarden | 10.0.10.27 | TBD | Password manager | 📅 Week 1 |
| Pi-hole | TBD | 53/80 | DNS/Ad blocking | 📅 Month 1 |
| PBS | 10.0.10.2 | 8007 | Proxmox backups | 📅 Month 1 |
### External Services
| Service | IP | Port | Purpose | Status |
|---------|-----|------|---------|--------|
| VPS Caddy | 51.222.12.162 | 443 | Reverse proxy | ✅ Running |
---
## Known Issues
### Critical Issues
None currently
### Important Issues
**1. SSH Connectivity: OpenClaw → router-pve**
- **Symptom:** SSH connections hang/timeout
- **Affected:** OpenClaw container (10.0.10.28) cannot SSH to router-pve (10.0.10.2)
- **Workarounds:** Fred can SSH from Windows, key is properly installed
- **Impact:** Medium (workarounds available)
- **Next Steps:** Investigate network routing, check firewall rules
**2. Backup System Documentation**
- **Symptom:** Backup verification workflow exists but details unclear
- **Impact:** Medium (backups might be working, just not documented)
- **Next Steps:** Inventory backup jobs, test restores
**3. 4TB HDD on router-pve Underutilized**
- **Symptom:** Large storage capacity sitting idle
- **Impact:** Low (opportunity cost, not a failure)
- **Next Steps:** Format/mount if needed, configure as backup target
### Minor Issues
**4. Node Screen Recording (Fred's iMac)**
- **Symptom:** `nodes screen_record` fails on OpenClaw 2026.2.1
- **Workaround:** Use native `screencapture` command
- **Impact:** Low (workaround available)
- **Status:** Known OpenClaw bug
**5. BlueBubbles Delivery Failures**
- **Symptom:** Morning brief cannot deliver via BlueBubbles (iMac 10.0.10.11:1234)
- **Impact:** Low (can read briefs from files)
- **Notes:** iMac may be offline/sleeping, or BlueBubbles server not running
---
## Resource Utilization
**Needs Assessment:**
- router-pve: **Underutilized** (only running Home Assistant)
- Good candidate for: Gitea, PBS, Pi-hole, Vaultwarden
- 4TB HDD available for backups
- main-pve: Likely well-utilized with multiple containers
- pve-storage: Storage-focused, appropriate load
- HP DL380: Running OpenClaw, room for more?
**Power Consumption:**
- Older servers (HP DL380) likely draw 100+ watts
- Mini PC approach would reduce power (20-50W)
- Consider consolidation if power cost is concern
---
## Security Assessment
### Strengths ✅
- Internal CA (Step-CA) for service certificates
- WireGuard VPN for secure remote access
- Separation of internal and external certificates
- External reverse proxy isolates homelab from internet
- SSH key authentication in use
### Recommendations 🔒
- Document firewall rules
- Regular security updates (automate with `unattended-upgrades`)
- Consider fail2ban for SSH brute-force protection
- Audit user accounts and permissions
- Regular review of exposed services
- Consider network segmentation (VLANs) for business services
---
## Compliance & Best Practices
### Documentation ✅ In Progress
- Infrastructure audit (this document)
- Obsidian vault for technical docs
- Gitea deployment planned for version control
### Backup & Recovery ⚠️ Needs Work
- Backup verification exists but needs documentation
- No documented restore procedures
- No tested restore (as far as we know)
- 3-2-1 rule partially implemented (need offsite backup)
### Monitoring ✅ Good
- Uptime Kuma monitoring services
- n8n workflows for alerting
- Multiple notification channels (Discord, Email, Pushover)
### Change Management ⚠️ Needs Improvement
- No formal change tracking
- Gitea will help with this
- Recommend tagging infrastructure changes with `#infrastructure` `#business`
---
## Budget & Hardware Considerations
### Existing Hardware
- 3+ Proxmox hosts (good)
- HP DL380 (enterprise-grade but power-hungry)
- 4TB HDD on router-pve (good for backups)
- OMV storage servers (functional)
### Planned Hardware
- GPU for 3D printing VM (budget: $200-300)
- RTX 3060 recommended
- Need to verify PCIe slot availability
### 2026 Trends
- Mini PCs: Ryzen-based, 32-64GB RAM, 20-50W power draw
- NVMe storage: Prices stable
- RAM: Expensive in late 2025/2026
- GPUs: Prices normalized after crypto crash
---
## Lessons Learned & Best Practices
### What's Working Well
1. **Separation of concerns**: Internal CA + External LetsEncrypt
2. **VPN-first approach**: Secure remote access without exposing services
3. **Monitoring**: Uptime Kuma + n8n provides good visibility
4. **Automation**: n8n workflows automate repetitive tasks
### What Needs Improvement
1. **Documentation**: Scattered, needs centralization (Gitea will help)
2. **Backup testing**: Backups exist but restore procedures untested
3. **Resource utilization**: router-pve and 4TB HDD underused
4. **Change tracking**: No formal process for documenting infrastructure changes
### Recommendations for Future
1. **Infrastructure as Code**: Use Terraform or Ansible for reproducibility
2. **Gitea**: Single source of truth for infrastructure knowledge
3. **Regular Audits**: Quarterly infrastructure reviews
4. **Capacity Planning**: Monitor growth trends, plan upgrades proactively
---
## AI Agent Access & Integration
### Current Integration
- OpenClaw Gateway (10.0.10.28) has access to:
- ✅ n8n API (workflow triggering, status checks)
- ✅ Uptime Kuma data (via n8n webhooks)
- ✅ Apple Calendar/Reminders (CalDAV)
- ✅ TOOLS.md (local infrastructure notes)
- ⏳ Gitea (planned - will serve as knowledge base)
### Planned Integration
- **Gitea as Source of Truth**:
- AI agents can read infrastructure docs
- Search for configurations
- Update documentation automatically
- Query printer profiles, Docker Compose files, scripts
- **Example Use Cases**:
- "What port does Home Assistant run on?" → Query Gitea infrastructure/service-inventory.md
- "What's the Bambu A1 nozzle temp for PLA?" → Query 3d-print-farm/printer-profiles/bambu-a1.ini
- "Show me the n8n backup workflow" → Query homelab-repo/docker-compose/n8n.yml
### Agent Capabilities
- **Read**: Configuration files, documentation, scripts
- **Search**: Git history, grep for specific settings
- **Update**: Commit documentation changes
- **Notify**: Alert Fred to infrastructure changes or issues
---
## Appendix A: Quick Reference
### Common Commands
**SSH to Proxmox hosts:**
```bash
ssh root@10.0.10.2 # router-pve
ssh root@10.0.10.3 # main-pve
ssh root@10.0.10.4 # pve-storage
```
**Access Web UIs:**
```
Proxmox: https://10.0.10.2:8006
Home Assistant: http://10.0.10.24:8123
n8n: http://10.0.10.22:5678
Uptime Kuma: http://10.0.10.26:3001
OpenClaw: http://10.0.10.28:3000
```
**OMV Shares:**
```bash
# From Windows
\\10.0.10.5\data
# From Linux
mount.cifs //10.0.10.5/data /mnt/omv -o guest,vers=3.0
```
### Key Files
**OpenClaw Workspace:**
- `/root/.openclaw/workspace/TOOLS.md` - Infrastructure notes
- `/root/.openclaw/workspace/obsidian-vault/` - Documentation vault
- `/root/.openclaw/workspace/.caldav-config.json` - Apple Calendar config
**OMV Storage:**
- `\\10.0.10.5\data\VA-Strategy\` - Fred's VA claim documents
- `\\10.0.10.5\data\backups\` - Backup destination
- `\\10.0.10.5\data\INFRASTRUCTURE-AUDIT-REPORT.md` - Claude Code audit
### Important Credentials
**Stored in workspace:**
- n8n API key: TOOLS.md
- Apple CalDAV: `.caldav-config.json`
- SSH keys: `/root/.ssh/`
**Not stored (need to retrieve):**
- Proxmox root passwords
- OMV admin password
- Step-CA admin credentials
---
## Appendix B: Session Changelog
**2026-02-04 (Previous Session):**
- Created VA strategy documents for Fred
- Created Kobe VA dependent benefits documents
- Set up morning brief cron job
- Infrastructure discussions
**2026-02-05 (This Session):**
- 02:48 UTC: CalDAV integration with Apple Calendar ✅
- 02:54 UTC: Obsidian vault created ✅
- 14:23 UTC: Research on 2026 homelab best practices ✅
- 14:23 UTC: Research on GPU passthrough for 3D printing ✅
- 15:13 UTC: SSH key generated for router-pve ✅
- 15:17 UTC: SSH key added to router-pve (confirmed by Fred) ✅
- 15:23 UTC: SSH connection issue discovered (hanging) ⚠️
- 15:24 UTC: This comprehensive audit completed ✅
---
## Next Steps (Prioritized)
1. **Deploy Gitea on router-pve** (IN PROGRESS - this session)
2. Fred to copy Claude Code audit report for comparison
3. Document current backup system in detail
4. Configure router-pve 4TB HDD as backup target
5. Test backup restore procedure
6. Troubleshoot SSH connectivity issue (OpenClaw → router-pve)
7. Complete Obsidian vault setup (Fred's side)
8. Deploy Vaultwarden (Week 1)
9. Begin 3D printing business infrastructure planning
10. Research GPU options for CAD workstation
---
**End of Audit Report**
*This audit will be updated regularly as infrastructure changes are made.*
*For questions or clarifications, contact:*
- **Funky (OpenClaw Agent)** - Available in OpenClaw chat
- **Fred Book** - Infrastructure owner

175
docs/INVENTORY-SUMMARY.md Normal file
View File

@@ -0,0 +1,175 @@
# Homelab Inventory Complete! 📊
**Hey Fred!** While you were getting your sleep study records, I completed a comprehensive inventory of your entire homelab. Here's what I found:
---
## Summary Stats
**3 Proxmox Hosts** - All accessible via SSH
**16 LXC Containers** (15 running, 1 stopped)
**2 Virtual Machines**
**1 Docker Container** (Gitea - deployed today!)
**42 CPU cores total**
**124 GB RAM total**
**~12TB storage** across all hosts
---
## All Services Mapped
I verified ALL IP addresses by SSHing into every container. Here's the complete list:
### Your Main Services (that you already knew about)
-**Home Assistant** - 10.0.10.24 (VM 104 on router-pve)
-**n8n** - 10.0.10.22 (CT 106 on main-pve)
-**Uptime Kuma** - 10.0.10.26 (CT 128 on main-pve)
-**OpenClaw (me!)** - 10.0.10.28 (CT 130 on main-pve)
-**Step-CA** - 10.0.10.15 (CT 115 on main-pve)
-**Gitea** - 10.0.10.2:3000 (Docker on router-pve) **NEW!**
### Additional Services I Discovered
- **PostgreSQL** - 10.0.10.20 (CT 102) - Database server
- **Bar Assistant** - 10.0.10.40 (CT 103) - Cocktail recipes
- **Pterodactyl Panel** - 10.0.10.45 (CT 105) - Game server mgmt
- **Pterodactyl Wings** - 10.0.10.46 (CT 107) - Game server daemon
- **Authentik** - 10.0.10.21 (CT 121) - SSO provider
- **RustDesk** - 10.0.10.23 (CT 123) - Remote desktop
- **Prometheus** - 10.0.10.25 (CT 125) - Metrics collection
- **Dockge** - 10.0.10.27 (CT 127) - Docker management
- **Jellyfin** - 10.0.10.32 (CT 132) - Media server
- **Obsidian LiveSync** - 10.0.10.50 (CT 200) - Note sync server
**Total:** 19 active workloads!
---
## Key Findings
### 🎉 Good News
1. **All hosts on latest Proxmox 9.1.4** - You're up to date!
2. **main-pve is a beast** - 32 cores, 94GB RAM (plenty of capacity)
3. **Shared NFS storage working well** - 7.3TB with 6.9TB free
4. **4TB HDD on router-pve now in use** - Hosting Gitea (3.6TB still available!)
5. **Good uptime** - main-pve: 1 week+, pve-storage: 1 week+
### ⚠️ Things to Address
1. **One stopped container** - CT 199 (migration-test) - Can probably delete
2. **VPS SSH access** - I don't have a key for 51.222.12.162 (can't audit Caddy)
3. **Backup system undocumented** - n8n has "backup verification" but unclear what it checks
4. **Many services I didn't know about** - Pterodactyl, RustDesk, Bar Assistant, etc.
---
## What's Now in Gitea
I committed THREE documents to your homelab-docs repo:
1. **COMPLETE-HOMELAB-INVENTORY-2026-02-05.md** (large, comprehensive)
- Every detail about each host
- Storage breakdown
- Network configuration
- Recommendations
2. **SERVICE-MAP.md** (quick reference)
- All 19 services with IPs
- Organized by category
- Port reference guide
- IP allocation tracking
3. **INFRASTRUCTURE-AUDIT-COMPLETE-2026-02-05.md** (from earlier today)
- Complete infrastructure audit
- Session changelog
- Action plan
**Access them at:** http://10.0.10.2:3000/fred/homelab-docs
---
## Host Breakdown
### router-pve (10.0.10.2) - "The Gateway"
- **Resources:** 6 cores, 15GB RAM, 3.6TB ZFS pool
- **Running:** 1 LXC + 1 VM + 1 Docker
- CT 101: Twingate (VPN)
- VM 104: Home Assistant (smart home)
- Docker: Gitea (NEW!)
- **Role:** Network router + lightweight services
### main-pve (10.0.10.3) - "The Beast"
- **Resources:** 32 cores, 94GB RAM, 478GB NVMe
- **Running:** 15 LXC containers (14 active + 1 stopped)
- **Role:** PRIMARY WORKHORSE - runs almost everything!
- **Note:** This is where I (OpenClaw) live!
### pve-storage (10.0.10.4 / wallpocket) - "The Vault"
- **Resources:** 4 cores, 15GB RAM
- **Running:** 1 VM (OMV)
- VM 400: OpenMediaVault (provides 7.3TB NFS share)
- **Role:** Storage server for the homelab
---
## Recommendations
### Immediate
1.**Gitea deployed** - Done!
2. **Review stopped CT 199** - Delete if not needed
3. **Document backup system** - What does n8n verify?
### This Week
4. **Deploy Proxmox Backup Server** - Use router-pve 4TB HDD
5. **Add VPS SSH key** - So I can audit Caddy
6. **Clean up** any unused services
### Month 1
7. **Consider consolidation** - Do you need Pterodactyl if not gaming?
8. **Vaultwarden deployment** - Already planned (10.0.10.27)
9. **Pi-hole** - Already planned
---
## What I Can Do Now
With this complete inventory in Gitea, I can now:
**Answer infrastructure questions accurately** - "What's running on main-pve?"
**Track changes over time** - Git history shows everything
**Plan capacity** - Know what resources are available
**Troubleshoot faster** - Know exactly where everything is
**Suggest optimizations** - Based on actual usage data
---
## Questions for You
When you get back, let me know:
1. **What are Pterodactyl Panel/Wings for?** Game servers? Still needed?
2. **Bar Assistant?** Is that actually cocktail recipes? 😄
3. **RustDesk** - Using this for remote access?
4. **CT 199 (migration-test)** - Safe to delete?
5. **Should I have VPS access?** Want me to audit Caddy config?
---
## Browse Your Infrastructure
**Gitea:** http://10.0.10.2:3000/fred/homelab-docs
**Key files:**
- `docs/SERVICE-MAP.md` - Quick reference (START HERE!)
- `docs/COMPLETE-HOMELAB-INVENTORY-2026-02-05.md` - Full details
- `infrastructure/TOOLS.md` - Your existing notes (updated)
---
**Great homelab, Fred!** You've got a solid setup. main-pve is a beast, storage is well-organized, and everything is running smoothly.
The 4TB HDD that was sitting mostly empty is now hosting Gitea and still has 3.6TB available for Proxmox Backup Server when you're ready.
Let me know if you have questions about anything I found! 🚀
—Funky ✨

205
docs/NETWORK-ARCHITECTURE.md Normal file
View File

@@ -0,0 +1,205 @@
# Network Architecture - Fred's Homelab
**Last Updated:** 2026-02-06 02:17 UTC
**Documented by:** Funky (OpenClaw)
---
## Network Overview
Fred's homelab uses a multi-layer network architecture with WireGuard VPN connecting the external VPS to the internal network via a UniFi Cloud Gateway Ultra.
---
## Network Subnets
### 10.0.10.0/24 - Main Homelab Network
**Gateway:** UCG Ultra (UniFi Cloud Gateway)
**Purpose:** Internal services, Proxmox hosts, LXC containers, VMs
**Key IPs:**
- 10.0.10.2 - router-pve (Proxmox host)
- 10.0.10.3 - main-pve (Proxmox host)
- 10.0.10.4 - pve-storage (Proxmox host)
- 10.0.10.5 - OMV (OpenMediaVault NAS)
- 10.0.10.11 - Fred's iMac (OpenClaw node)
- 10.0.10.15-50 - Services (see SERVICE-MAP.md)
### 10.0.9.0/24 - WireGuard VPN
**Purpose:** Secure tunnel between VPS and homelab
**Peers:**
- **10.0.9.1** - VPS (vps.nianticbooks.com, 51.222.12.162)
- WireGuard server
- Runs Caddy for *.nianticbooks.com and *.deadeyeg4ming.vip
- **10.0.9.2** - UCG Ultra (UniFi Cloud Gateway)
- WireGuard client mode
- Routes traffic between 10.0.9.0/24 ↔ 10.0.10.0/24
---
## Traffic Flow
### External Request to Internal Service
```
Internet User
DNS Resolution (*.nianticbooks.com or *.deadeyeg4ming.vip)
VPS: 51.222.12.162 (Caddy reverse proxy)
↓ WireGuard tunnel
10.0.9.1 (VPS) → 10.0.9.2 (UCG Ultra)
↓ Internal routing
10.0.10.x (Internal service - Proxmox LXC/VM)
↓ Response back through same path
Internet User
```
### Example: Minecraft Server (atmons.deadeyeg4ming.vip)
```
Player connects to atmons.deadeyeg4ming.vip
DNS → 51.222.12.162
VPS Caddy reverse_proxy 10.0.10.46:25567
↓ WireGuard
10.0.9.1 → 10.0.9.2 (UCG Ultra)
10.0.10.46:25567 (Pterodactyl Wings - Minecraft server)
```
---
## Network Equipment
### UCG Ultra (UniFi Cloud Gateway)
- **Model:** UniFi Cloud Gateway Ultra
- **Role:** Primary gateway/router for homelab
- **WireGuard:** Client mode connecting to VPS (10.0.9.1)
- **Internal IP:** 10.0.10.1 (assumed gateway)
- **WireGuard IP:** 10.0.9.2
- **Routing:** Bridges 10.0.9.0/24 ↔ 10.0.10.0/24
### VPS (vps.nianticbooks.com)
- **Public IP:** 51.222.12.162
- **Provider:** (Unknown - document later)
- **WireGuard IP:** 10.0.9.1
- **Services:**
- Caddy reverse proxy
- WireGuard VPN server
- LetsEncrypt SSL termination
---
## Caddy Reverse Proxy Configuration
### Current Domains
- ***.nianticbooks.com** - Fred's primary domain
- ***.deadeyeg4ming.vip** - Gaming/personal domain
### Known Subdomains
*(Document as they're added)*
Example configuration for new subdomain:
```caddy
atmons.deadeyeg4ming.vip {
reverse_proxy 10.0.10.46:25567
}
```
**Note:** VPS can reach any IP on 10.0.10.0/24 via WireGuard → UCG Ultra routing.
---
## Security Notes
### WireGuard VPN
- ✅ Traffic between VPS and homelab is encrypted
- ✅ Only authorized WireGuard peers can access homelab
- ✅ Proper network segmentation (10.0.9.x separate from 10.0.10.x)
### SSL/TLS
- **External:** LetsEncrypt via Caddy on VPS (automatic renewal)
- **Internal:** Step-CA (10.0.10.15) provides internal certificates
### Access Control
- UCG Ultra manages firewall rules (document separately)
- WireGuard provides authentication via public/private keys
- No direct port forwarding on public IP (all via VPN tunnel)
---
## Deprecated Networks (DO NOT USE)
### ❌ 10.0.8.0/24
- **Old VPN network** from previous VPS setup
- **Status:** DEPRECATED
- **Reason:** Migrated to 10.0.9.0/24 with current VPS
### ❌ Old VPS (55.XX.X.X)
- **Old peer:** 10.0.9.3
- **Status:** DECOMMISSIONED
- **Reason:** Replaced with current VPS (51.222.12.162)
**Action:** Remove any references to 10.0.8.0/24 or old VPS from documentation and configs.
---
## Future Considerations
### Potential Improvements
1. **Document Caddy configuration** - SSH into VPS and document current Caddyfile
2. **UCG Ultra firewall rules** - Document current rules for reference
3. **Additional VPN peers** - If adding more WireGuard clients, use 10.0.9.3+
4. **IPv6** - Consider if needed for future services
### Monitoring
- Monitor WireGuard tunnel health
- Alert if VPN connection drops
- Track bandwidth usage on VPN tunnel
---
## Quick Reference
**VPS Caddy adds new subdomain:**
1. SSH to VPS (need to set up SSH key first!)
2. Edit Caddyfile
3. Add reverse_proxy to internal IP (10.0.10.x)
4. Reload Caddy
5. Update this documentation
**Internal service IPs:** See [SERVICE-MAP.md](SERVICE-MAP.md)
---
*Maintained by: Funky (OpenClaw AI Agent)*
*Source: http://10.0.10.2:3000/fred/homelab-docs*
---
## Port Forwarding (Added 2026-02-06)
### Minecraft Server - ATM10
- **External:** 51.222.12.162:25568
- **Internal:** 10.0.10.46:25568
- **Protocol:** TCP + UDP
- **Method:** iptables DNAT + MASQUERADE
- **SRV Record:** `_minecraft._tcp.atmons.deadeyeg4ming.vip``51.222.12.162:25568`
**Players connect to:** `atmons.deadeyeg4ming.vip` (SRV record handles port automatically)
**iptables rules:**
```bash
# Forward incoming traffic
iptables -t nat -A PREROUTING -p tcp --dport 25568 -j DNAT --to-destination 10.0.10.46:25568
iptables -t nat -A PREROUTING -p udp --dport 25568 -j DNAT --to-destination 10.0.10.46:25568
# Masquerade for return traffic
iptables -t nat -A POSTROUTING -d 10.0.10.46 -p tcp --dport 25568 -j MASQUERADE
iptables -t nat -A POSTROUTING -d 10.0.10.46 -p udp --dport 25568 -j MASQUERADE
```
**Rules saved to:** `/etc/iptables/rules.v4` (persists across reboots)

216
docs/SERVICE-MAP.md Normal file
View File

@@ -0,0 +1,216 @@
# Complete Service Map - Fred's Homelab
**Last Updated:** 2026-02-05 16:27 UTC
**Verified by:** Funky (OpenClaw) via direct SSH access
---
## Quick Reference
| IP | Service | Host | CT/VM | Purpose |
|----|---------|------|-------|---------|
| 10.0.10.2 | **router-pve** | router-pve | Host | Proxmox host (router/gateway) |
| 10.0.10.3 | **main-pve** | main-pve | Host | Proxmox host (primary workload) |
| 10.0.10.4 | **pve-storage** | pve-storage | Host | Proxmox host (storage) |
| 10.0.10.11 | **Fred's iMac** | - | Node | OpenClaw desktop app |
| 10.0.10.15 | **Step-CA** | main-pve | CT 115 | Internal certificate authority |
| 10.0.10.20 | **PostgreSQL** | main-pve | CT 102 | Database server |
| 10.0.10.21 | **Authentik** | main-pve | CT 121 | SSO/Authentication provider |
| 10.0.10.22 | **n8n** | main-pve | CT 106 | Workflow automation |
| 10.0.10.23 | **RustDesk** | main-pve | CT 123 | Self-hosted remote desktop |
| 10.0.10.24 | **Home Assistant** | router-pve | VM 104 | Smart home automation |
| 10.0.10.25 | **Prometheus** | main-pve | CT 125 | Metrics collection |
| 10.0.10.26 | **Uptime Kuma** | main-pve | CT 128 | Service monitoring |
| 10.0.10.27 | **Dockge** | main-pve | CT 127 | Docker management UI |
| 10.0.10.28 | **OpenClaw** | main-pve | CT 130 | AI agent (Funky!) |
| 10.0.10.32 | **Jellyfin** | main-pve | CT 132 | Media streaming server |
| 10.0.10.40 | **Bar Assistant** | main-pve | CT 103 | Cocktail recipe manager |
| 10.0.10.45 | **Pterodactyl Panel** | main-pve | CT 105 | Game server management |
| 10.0.10.46 | **Pterodactyl Wings** | main-pve | CT 107 | Game server daemon |
| 10.0.10.50 | **Obsidian LiveSync** | main-pve | CT 200 | Obsidian sync (CouchDB) |
---
## router-pve (10.0.10.2)
**Role:** Network router + lightweight virtualization
**Resources:** 6 cores, 15GB RAM, 3.6TB ZFS pool (nas1)
| IP | Service | Type | VMID | Purpose | URL |
|----|---------|------|------|---------|-----|
| 10.0.10.2 | router-pve | Host | - | Proxmox host | https://10.0.10.2:8006 |
| - | Twingate | LXC | 101 | Zero-trust VPN connector | - |
| 10.0.10.24 | Home Assistant | VM | 104 | Smart home automation | http://10.0.10.24:8123 |
| 10.0.10.2:3000 | Gitea | Docker | - | Git repository server | http://10.0.10.2:3000 |
---
## main-pve (10.0.10.3)
**Role:** Primary virtualization workhorse
**Resources:** 32 cores, 94GB RAM, 478GB NVMe storage
| IP | Service | Type | VMID | Purpose | URL |
|----|---------|------|------|---------|-----|
| 10.0.10.3 | main-pve | Host | - | Proxmox host | https://10.0.10.3:8006 |
| 10.0.10.20 | PostgreSQL | LXC | 102 | Database backend | - |
| 10.0.10.40 | Bar Assistant | LXC | 103 | Cocktail recipe manager | http://10.0.10.40 |
| 10.0.10.45 | Pterodactyl Panel | LXC | 105 | Game server management | http://10.0.10.45 |
| 10.0.10.22 | n8n | LXC | 106 | Workflow automation | http://10.0.10.22:5678 |
| 10.0.10.46 | Pterodactyl Wings | LXC | 107 | Game server daemon | - |
| 10.0.10.15 | Step-CA | LXC | 115 | Certificate authority | https://10.0.10.15 |
| 10.0.10.21 | Authentik | LXC | 121 | SSO/Authentication | http://10.0.10.21 |
| 10.0.10.23 | RustDesk | LXC | 123 | Remote desktop server | http://10.0.10.23 |
| 10.0.10.25 | Prometheus | LXC | 125 | Metrics collection | http://10.0.10.25:9090 |
| 10.0.10.27 | Dockge | LXC | 127 | Docker management | http://10.0.10.27:5001 |
| 10.0.10.26 | Uptime Kuma | LXC | 128 | Service monitoring | http://10.0.10.26:3001 |
| 10.0.10.28 | OpenClaw | LXC | 130 | AI agent (Funky) | http://10.0.10.28:3000 |
| 10.0.10.32 | Jellyfin | LXC | 132 | Media streaming | http://10.0.10.32:8096 |
| - | migration-test | LXC | 199 | **STOPPED** - Unused test CT | - |
| 10.0.10.50 | Obsidian LiveSync | LXC | 200 | Obsidian sync server | http://10.0.10.50:5984 |
---
## pve-storage / wallpocket (10.0.10.4)
**Role:** Storage server
**Resources:** 4 cores, 15GB RAM, NFS export (7.3TB)
| IP | Service | Type | VMID | Purpose | URL |
|----|---------|------|------|---------|-----|
| 10.0.10.4 | pve-storage | Host | - | Proxmox host | https://10.0.10.4:8006 |
| 10.0.10.4 | OMV | VM | 400 | OpenMediaVault NAS | http://10.0.10.4 |
---
## External
| IP | Service | Purpose | Access |
|----|---------|---------|--------|
| 51.222.12.162 | VPS (vps.nianticbooks.com) | Caddy reverse proxy, WireGuard VPN | ❌ No SSH |
| 10.0.10.11 | Fred's iMac | OpenClaw desktop node | ✅ Node access |
---
## Services by Category
### Infrastructure & Core Services
- **router-pve** (10.0.10.2) - Network gateway
- **main-pve** (10.0.10.3) - Primary host
- **pve-storage** (10.0.10.4) - Storage host
- **OMV** (VM 400) - NAS / File server
- **PostgreSQL** (10.0.10.20) - Database backend
- **Step-CA** (10.0.10.15) - Certificate authority
### Automation & Monitoring
- **n8n** (10.0.10.22) - Workflow automation
- **OpenClaw** (10.0.10.28) - AI agent
- **Uptime Kuma** (10.0.10.26) - Service monitoring
- **Prometheus** (10.0.10.25) - Metrics collection
### Security & Access
- **Twingate** (CT 101) - Zero-trust VPN
- **Authentik** (10.0.10.21) - SSO provider
- **RustDesk** (10.0.10.23) - Remote desktop
- **VPS Caddy** (51.222.12.162) - External proxy
### Management Tools
- **Dockge** (10.0.10.27) - Docker management
- **Gitea** (10.0.10.2:3000) - Git server **NEW!**
- **Pterodactyl Panel** (10.0.10.45) - Game server mgmt
- **Pterodactyl Wings** (10.0.10.46) - Game server daemon
### Media & Entertainment
- **Jellyfin** (10.0.10.32) - Media streaming
- **Bar Assistant** (10.0.10.40) - Cocktail recipes
### Productivity
- **Obsidian LiveSync** (10.0.10.50) - Note sync
- **Home Assistant** (10.0.10.24) - Smart home
---
## IP Address Allocation
### Used IPs (10.0.10.0/24)
- .2 - router-pve (host)
- .3 - main-pve (host)
- .4 - pve-storage (host)
- .11 - Fred's iMac (node)
- .15 - Step-CA (CT 115)
- .20 - PostgreSQL (CT 102)
- .21 - Authentik (CT 121)
- .22 - n8n (CT 106)
- .23 - RustDesk (CT 123)
- .24 - Home Assistant (VM 104)
- .25 - Prometheus (CT 125)
- .26 - Uptime Kuma (CT 128)
- .27 - Dockge (CT 127)
- .28 - OpenClaw (CT 130)
- .32 - Jellyfin (CT 132)
- .40 - Bar Assistant (CT 103)
- .45 - Pterodactyl Panel (CT 105)
- .46 - Pterodactyl Wings (CT 107)
- .50 - Obsidian LiveSync (CT 200)
### Reserved/Planned
- .5 - OMV (old instance?) - Check if this exists
- .27 - **Reserved for Vaultwarden** (planned Week 1)
### Available Range
- .6-.9, .10, .12-.14, .16-.19, .29-.31, .33-.39, .41-.44, .47-.49, .51-.254
---
## Port Reference
### Web Services
| Service | Port | Protocol | URL |
|---------|------|----------|-----|
| Proxmox hosts | 8006 | HTTPS | https://10.0.10.x:8006 |
| Home Assistant | 8123 | HTTP | http://10.0.10.24:8123 |
| n8n | 5678 | HTTP | http://10.0.10.22:5678 |
| Uptime Kuma | 3001 | HTTP | http://10.0.10.26:3001 |
| OpenClaw | 3000 | HTTP | http://10.0.10.28:3000 |
| Gitea | 3000 | HTTP | http://10.0.10.2:3000 |
| Gitea SSH | 222 | SSH | ssh://10.0.10.2:222 |
| Dockge | 5001 | HTTP | http://10.0.10.27:5001 |
| Jellyfin | 8096 | HTTP | http://10.0.10.32:8096 |
| Prometheus | 9090 | HTTP | http://10.0.10.25:9090 |
| Obsidian Sync | 5984 | HTTP | http://10.0.10.50:5984 |
### System Services
| Service | Port | Protocol |
|---------|------|----------|
| SSH | 22 | SSH |
| PostgreSQL | 5432 | TCP |
| Step-CA | 443 | HTTPS |
---
## Storage NFS Mounts
**omv-shared** - Exported from pve-storage (VM 400)
**Mount path:** `/mnt/pve/omv-shared` or `/mnt/omv-shared`
**Size:** 7.3TB (419GB used, 6.9TB free)
**Mounted on:**
- router-pve
- main-pve
- pve-storage (loopback)
---
## Notes
- **All Proxmox hosts running 9.1.4** (latest stable)
- **All hosts running kernel 6.17.4-2-pve**
- **main-pve is the workhorse** (32 cores, 94GB RAM)
- **router-pve 4TB HDD now hosting Gitea** (3.6TB still available)
- **CT 199 (migration-test) is stopped** - candidate for deletion
- **VPS SSH access not configured** - cannot audit Caddy directly
---
*Last verified: 2026-02-05 16:27 UTC via direct SSH*
*Maintained by: Funky (OpenClaw AI Agent)*
*Source: http://10.0.10.2:3000/fred/homelab-docs*

455
docs/homelab-2026-guide.md Normal file
View File

@@ -0,0 +1,455 @@
# Homelab 2026 Starter Stack + 3D Printing GPU Passthrough
**Research compiled for Fred's homelab and 3D print farm business**
*Source: VirtualizationHowTo.com + Reddit r/Proxmox community*
---
## 🎯 Why This Matters for You
**Your situation:**
- Already running Proxmox (10.0.10.3, 10.0.10.2, 10.0.10.4)
- Planning 3D print farm business with your son
- Need CAD/slicing software for 3D printing
- Want modern, efficient homelab stack
**What you'll learn:**
1. **2026 best practices** for homelab hardware and software
2. **GPU passthrough** to run Windows VM with CAD software (Fusion 360, PrusaSlicer, etc.)
3. **How this fits your 3D print farm** business needs
---
## Part 1: Ultimate Homelab Stack for 2026
### Hardware Recommendations
**The Modern Mini PC Approach** (you already have Proxmox servers, but good to know for expansion):
**Ideal Specs:**
- **CPU:** Ryzen 7 or Ryzen 9 (uniform, efficient)
- **RAM:** 32-64GB DDR5 (sweet spot despite high 2025/2026 prices)
- **Storage:** Two NVMe drives (mirrored or separate workloads)
- **Network:** 2.5Gb or 10Gb
- **Power draw:** 20-50 watts (vs. your older servers drawing 100+ watts idle)
**Why mini PCs are trending:**
- Quiet, compact, efficient
- Enterprise-grade performance
- Great models: Minisforum MS-A2, MS-02, MS-01; Beelink SER9 Max
**Your setup:** You already have Proxmox hosts, but this is good to know if you want to add a dedicated node for 3D printing/CAD work later.
---
### Software Stack - The 2026 Essentials
#### 1. **Proxmox VE 9.1** (Foundation) ✅ You already have this!
**What's new in 9.1:**
- **OCI container image support** (NEW) - More efficient than traditional containers
- **vTPM support** for VMs
- **Better SDN (software-defined networking)**
- **Improved backup features**
- No license shenanigans
- Huge community, tons of scripts
**Why it's still #1:** Best balance of power and simplicity for home labs
---
#### 2. **Container Management: Komodo or Portainer**
**Komodo** (New kid on the block - 2025/2026 favorite):
- **Free and fast**
- Modern UI
- Easy Docker deployment and monitoring
- Lighter weight than Portainer
- Perfect for your n8n + container stack
**Portainer** (The 800lb gorilla):
- More features, more complex
- GitOps built-in
- Like "VMware vCenter for containers"
- You already know Docker/containers, so either works
**Recommendation for you:** Try Komodo - it's simpler and you said n8n node definitions are problematic. Komodo might be easier.
---
#### 3. **Nginx Proxy Manager** (Reverse Proxy) ✅ You should add this!
**Why you need this:**
- Manages all your services behind one IP
- **Auto LetsEncrypt SSL certificates** (no more manual cert renewals!)
- GUI-based (way easier than editing Nginx configs)
- Perfect for exposing services safely
**What it does:**
- HTTPS termination
- Automatic renewals
- Domain/subdomain routing (homeassistant.nianticbooks.com, n8n.nianticbooks.com, etc.)
- Access lists and authentication
- Organizes internal vs external access
**Your use case:**
- Right now you probably access services by IP:port (10.0.10.24:8123, etc.)
- With NPM: nice URLs (homeassistant.local or via your Caddy VPS)
- Combined with your Caddy VPS = secure remote access to everything
---
#### 4. **Gitea** (Self-hosted Git) - You need this!
**Why:**
- Store your Docker Compose files in Git (you said you lose track of configs)
- Version control for infrastructure
- Backup your n8n workflows as code
- Store 3D printing business documentation
**Lightweight and fast:**
- Runs as a container
- Looks like GitHub
- Supports issues, pull requests, branches
- **Gitea Actions** = CI/CD built-in (run automation on git push)
**Your use case:**
- Store Obsidian vault in Gitea (private repo on your network)
- Document infrastructure changes
- Track 3D print farm business code (if you automate anything)
---
#### 5. **Proxmox Backup Server (PBS)** ✅ Critical!
**You need this running ASAP:**
- Free, from Proxmox team
- Deduplication, compression, incremental backups
- Fast restores
- Can run on same host (separate disk) or dedicated mini PC/NAS
**Your setup idea:**
- Install PBS on one of your Proxmox nodes
- Point to OMV storage (10.0.10.5) for backup target
- Schedule automated backups of all VMs/containers
- **INCLUDES backing up your OpenClaw container!**
**3-2-1-1-0 rule:**
- 3 copies of data
- 2 different media
- 1 offsite (your VPS? Backblaze B2?)
- 1 offline (USB drive, fireproof safe)
- **0 errors** after verification ← Most important!
---
#### 6. **Core Containers to Run**
**From the "15 containers that make home lab better" list, here's the essentials:**
**Monitoring & Logging:**
- **Dozzle** - Real-time container log viewer (one screen, all logs)
- **Netdata** - System monitoring (CPU, RAM, disk, network)
- **Uptime Kuma** ✅ You already have this (10.0.10.26)
**Management:**
- **Komodo** - Container stack management
- **Nginx Proxy Manager** - Reverse proxy with SSL
- **Gitea** - Git repository
**Security & Services:**
- **Vaultwarden** ✅ You already planned this (10.0.10.27 Week 1)
- **Pi-hole** - DNS-level ad blocking (also planned)
- **Mailrise** - Unified notification bridge (emails become push notifications)
**Automation:**
- **n8n** ✅ You already have this (10.0.10.22)
---
## Part 2: GPU Passthrough for 3D Printing Lab
### The Use Case (From Reddit)
**What someone built:**
- Proxmox host
- Windows 10 VM with GPU passthrough
- GPU: NVIDIA card (prices dropped in late 2024/2025)
- Purpose: Run CAD software (Fusion 360, SolidWorks, etc.) and slicing software (PrusaSlicer, Cura, etc.)
**Why GPU passthrough matters:**
- CAD software needs GPU acceleration
- 3D rendering and complex models
- Slicing large files with previews
- Remote access to Windows VM = access CAD from anywhere
---
### How It Works
**The Setup:**
1. **Proxmox host** with dedicated GPU (not the iGPU used for Proxmox console)
2. **Windows 10/11 VM** with GPU passed through
3. **RDP or remote desktop** to access VM
4. Install CAD software, slicers, 3D printing tools
5. Access from any device (your PC, iPhone, Mac)
**The Result:**
- Full GPU acceleration for CAD
- Can run multiple 3D printing tools
- Centralized 3D printing workstation
- Your son can access the VM too (collaborative design work)
---
### Requirements
**Hardware:**
- Dedicated GPU (NVIDIA or AMD)
- Don't use iGPU (Proxmox needs it for console)
- Budget options: GTX 1060, 1660, RTX 3060
- Pro options: RTX 4060, 4070 (better CAD performance)
- CPU with VT-d / AMD-Vi (virtualization extensions) ✅ Your Ryzen CPUs support this
- Motherboard with IOMMU support ✅ Your Proxmox hosts likely support this
**Software:**
- Proxmox with IOMMU enabled in BIOS
- GPU drivers inside Windows VM
- Remote desktop software (built-in RDP or Parsec for better performance)
---
### Configuration Steps (High-Level)
**1. Enable IOMMU in BIOS:**
- Boot into BIOS on Proxmox host
- Enable VT-d (Intel) or AMD-Vi (AMD)
- Save and reboot
**2. Enable IOMMU in Proxmox:**
Edit `/etc/default/grub`:
```bash
# For Intel
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt"
# For AMD
GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on iommu=pt"
```
Update grub: `update-grub && reboot`
**3. Load VFIO modules:**
Edit `/etc/modules`:
```
vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd
```
**4. Blacklist GPU drivers on host:**
(So Proxmox doesn't try to use the GPU)
```bash
echo "blacklist nouveau" >> /etc/modprobe.d/blacklist.conf
echo "blacklist nvidia" >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
```
**5. Create Windows VM in Proxmox:**
- Machine: q35
- BIOS: OVMF (UEFI)
- Add EFI disk
- **Add PCI device** (your GPU)
- Set CPU type to "host" (important for passthrough)
- Enable "PCIe" checkbox on GPU device
**6. Install Windows + GPU drivers:**
- Install Windows normally
- Install NVIDIA/AMD drivers inside Windows
- Verify GPU is recognized (Device Manager)
**7. Remote Access:**
- Enable RDP in Windows
- Or install Parsec (better for CAD/gaming performance)
- Access VM from anywhere on your network
---
### For Your 3D Print Farm Business
**Use cases:**
1. **Centralized CAD workstation** - You and your son access same VM
2. **Slicing station** - Queue up print jobs, generate G-code
3. **Design library** - Store all STL files, designs in one place
4. **Remote access** - Work on designs from your bus route (when parked, obviously!)
5. **Backup everything** - VM backups = CAD software + settings + files all backed up together
**Software you'd run:**
- **Fusion 360** (free for hobbyists/small business)
- **PrusaSlicer** or **Cura** (slicing)
- **Blender** (if doing custom modeling)
- **Bambu Studio** (for your Bambu A1)
- **OctoPrint / Mainsail** web UIs (manage printers remotely)
**Workflow:**
1. Design in Fusion 360 (with GPU acceleration)
2. Export STL
3. Slice in PrusaSlicer/Bambu Studio
4. Send to printer (via OctoPrint or direct USB)
5. Monitor prints via webcam + OctoPrint
---
### Budget GPU Options (2026 Prices)
**Entry Level ($150-250 used):**
- GTX 1060 6GB - Good for basic CAD
- GTX 1660 Super - Better performance, still affordable
**Mid-Range ($250-400):**
- RTX 3060 12GB - Excellent CAD performance, good value
- RTX 4060 - Newer, more efficient
**Pro Level ($500+):**
- RTX 4070 - Great for complex CAD assemblies
- RTX 4080 - Overkill for most home use
**Recommendation for you:** RTX 3060 or RTX 4060 - sweet spot for price/performance for CAD work.
---
## How This Fits Your Current Setup
### Your Proxmox Infrastructure
**Current hosts:**
- main-pve (10.0.10.3)
- pve-router (10.0.10.2)
- pve-storage (10.0.10.4)
**Option 1: Add GPU to existing host**
- Install GPU in main-pve (if there's a PCIe slot)
- Pass through to Windows VM
- Use for CAD/3D printing workstation
**Option 2: Dedicated 3D printing node**
- Buy a mini PC with PCIe slot OR desktop with GPU
- Install Proxmox
- Cluster it with your existing nodes
- Dedicated to 3D print farm workloads
**Option 3: Use iMac (10.0.10.11)**
- Your iMac already has GPU
- Install Windows via Boot Camp or Parallels
- Not ideal (macOS CAD apps are limited), but works short-term
---
### Immediate Action Plan
**This Week:**
1.**Install Nginx Proxy Manager** container
- Makes all services accessible via nice URLs
- Auto SSL certificates
- 30-minute setup
2.**Install Gitea** container
- Start version-controlling your infrastructure
- Store Docker Compose files, n8n workflows, notes
- 15-minute setup
3.**Set up Proxmox Backup Server**
- Install on one of your Proxmox nodes
- Point to OMV (10.0.10.5) for storage
- Schedule backups of all VMs/containers
- 1-hour setup
**Next Week:**
4. **Research GPU options**
- Check if main-pve has free PCIe slot
- Look at used GPU market (Facebook Marketplace, eBay)
- Budget: $200-300 for RTX 3060 used
5. **Test GPU passthrough** (once GPU acquired)
- Follow configuration steps above
- Create Windows 10 VM
- Install Fusion 360, PrusaSlicer, Bambu Studio
- Test remote access via RDP
**Month 1:**
6. **Centralize 3D printing workstation**
- Move all CAD/slicing to Windows VM
- Set up file sharing (SMB) to OMV for STL library
- Configure remote access (VPN or Caddy reverse proxy)
7. **Document workflow for your son**
- How to access VM
- How to use CAD software
- How to slice and send prints
- Collaborative design process
---
## Key Takeaways
### What You Should Implement Now
**High Priority (This Week):**
1. **Nginx Proxy Manager** - Makes everything easier to access
2. **Gitea** - Version control for your infrastructure
3. **Proxmox Backup Server** - Protect your work (VA docs, business plans, everything!)
**Medium Priority (Next Week):**
4. **Komodo** - Replace or augment Portainer, simpler UI
5. **Dozzle** - Real-time log viewer (helps with debugging n8n, containers)
6. **Pi-hole** - DNS ad blocking (already planned, but bump up priority)
**Lower Priority (Month 1-2):**
7. **GPU passthrough setup** (once you buy GPU)
8. **Netdata** - System monitoring
9. **Mailrise** - Unified notifications
---
### Why This Matters for Your Business
**3D Print Farm Business:**
- **Centralized workstation** = you + your son collaborate on designs
- **GPU acceleration** = faster CAD, complex models, better workflow
- **Remote access** = work from anywhere (bus parking lot, home, vacation)
- **Professional setup** = looks good if you show clients your process
**Homelab Improvements:**
- **Better organization** (Gitea for code, Nginx Proxy Manager for access)
- **Better backups** (PBS protects your VA docs, business plans, everything)
- **Better monitoring** (Uptime Kuma + Netdata + Dozzle)
- **Professional skills** = you learn modern DevOps tools (good for HomelabHub.AI business too!)
---
## Resources
**Setup Guides:**
- [Proxmox PCI Passthrough (Official Wiki)](https://pve.proxmox.com/wiki/PCI_Passthrough)
- [Nginx Proxy Manager Docker Setup](https://www.virtualizationhowto.com/2023/10/setting-up-nginx-proxy-manager-on-docker-with-easy-letsencrypt-ssl/)
- [Gitea Installation Guide](https://docs.gitea.io/en-us/install-with-docker/)
- [Proxmox Backup Server Documentation](https://pbs.proxmox.com/docs/)
**Communities:**
- r/Proxmox on Reddit
- r/homelab on Reddit
- r/3Dprinting on Reddit
- Proxmox forums (forum.proxmox.com)
**Your existing resources:**
- Your Proxmox infrastructure (already solid foundation)
- Your Caddy VPS (already handling reverse proxy externally)
- Your OMV storage (great for backup target)
- Your son's 3D printing interest (built-in business partner!)
---
**Questions? Want me to help you install any of these? Just ask!** 🚀
*Saved to Obsidian vault: infrastructure/homelab-2026-guide.md*

80
infrastructure/TOOLS.md Normal file
View File

@@ -0,0 +1,80 @@
# TOOLS.md - Local Notes
Skills define *how* tools work. This file is for *your* specifics — the stuff that's unique to your setup.
## Fred's Homelab Infrastructure
### Network
- Main Network: 10.0.10.0/24
- VPN: WireGuard tunnel at 10.0.9.0/24
- VPS WireGuard IP: 10.0.9.1 (51.222.12.162 - vps.nianticbooks.com)
- UCG Ultra WireGuard IP: 10.0.9.2 (WireGuard client mode)
- VPS: 51.222.12.162 (vps.nianticbooks.com) running Caddy reverse proxy
- Handles: *.nianticbooks.com and *.deadeyeg4ming.vip
### Proxmox Hosts
- Main Proxmox host: 10.0.10.3 (main-pve)
- HP DL380: Proxmox host running my container
### Key Services (LXC Containers)
- Home Assistant: 10.0.10.24 - Smart home automation
- n8n: 10.0.10.22 (CT 106) - Workflow automation
- Uptime Kuma: 10.0.10.26 (CT 128) - Service monitoring
- OpenClaw Gateway: 10.0.10.28 (CT 130) - AI agent coordination (that's me!)
- Running as LXC container on HP DL380
- No sound card/audio output on this container
- Step-CA: 10.0.10.15 (CT 115) - Internal certificate authority
### Paired Nodes
- **Fred's iMac**: 10.0.10.11 - OpenClaw desktop app node
- Provides: Camera, screen recording, canvas display, notifications
- Potential audio output for TTS
- Near Fred but screen visibility limited
- **Known Issue:** `nodes screen_record` fails with "The operation could not be completed" (OpenClaw 2026.2.1 bug)
- **Workaround:** Use native `screencapture` command instead:
```bash
# Record 3 seconds of screen
screencapture -T 3 -V 3 /tmp/screen-recording.mp4
```
### Current Projects
- Homelab infrastructure management
- 3D printing projects
- Android head unit/carputer for truck
## Location
- Weather location: Niantic, IL 62551
## Tasks & Organization
- Wants to use Apple Reminders/Tasks on iPhone
- Need to explore integration options
## n8n Workflow Automation
**Instance:** http://10.0.10.22:5678
**API Key:** `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZTVjZTQ2Zi1iNmUyLTQyMGEtYmUzMC1iYzQzYThlMDA1YjMiLCJpc3MiOiJuOG4iLCJhdWQiOiJwdWJsaWMtYXBpIiwiaWF0IjoxNzcwMDk3NDEwfQ.7NBimIPNlVH_Jif-3FU-9MSPfPUP1ILSznKGR1JzpE8`
**User:** OpenClaw (API access granted Feb 3, 2026)
**Active Workflows:**
- Prometheus alerts → Discord/Email/Pushover
- Backup verification (daily @ 6 AM)
- SSL certificate expiration monitor
- Service health monitor (every 5 min via Uptime Kuma)
- Task overdue alerts (every 4 hours)
- Uptime Kuma webhook → alerts
**API Usage:**
```bash
# List all workflows
curl -H "X-N8N-API-KEY: <key>" http://10.0.10.22:5678/api/v1/workflows
# Get specific workflow
curl -H "X-N8N-API-KEY: <key>" http://10.0.10.22:5678/api/v1/workflows/{id}
# Trigger workflow
curl -X POST -H "X-N8N-API-KEY: <key>" http://10.0.10.22:5678/api/v1/workflows/{id}/execute
```
---
Add whatever helps you do your job. This is your cheat sheet.