FIX: Correct RustDesk configuration (both ID+Relay on VPS 51.222.12.162)

- Updated ID Server: 51.222.12.162:21116 (was 10.0.10.23)
- Updated Relay Server: 51.222.12.162:21117 (was 66.63.182.168)
- Updated Public Key: EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk=
- Marked CT 123 (10.0.10.23) as deprecated - RustDesk now VPS-only
- Source: Screenshot from 2026-02-22

infrastructure/AGENT-REFERENCE.md

@@ -7,7 +7,7 @@
 ## HOSTS & HARDWARE
 
 ### VPS
-- **Primary:** 66.63.182.168 (vps.nianticbooks.com) | 2vCPU/4GB | Caddy, WireGuard, RustDesk relay
+- **Primary:** 51.222.12.162 (vps.nianticbooks.com) | 2vCPU/4GB | Caddy, WireGuard, RustDesk (ID+Relay)
 - **Gaming:** 51.222.12.162 (deadeyeg4ming.vip) | WireGuard VPN (10.0.9.1)
 
 ### Proxmox
@@ -30,7 +30,7 @@
 | 10.0.10.20 | PostgreSQL | 102 | 5432 | Shared DB (n8n, rustdesk, grafana, authentik) |
 | 10.0.10.21 | Authentik | 121 | 9000 | SSO (admin: akadmin), OAuth2/OIDC |
 | 10.0.10.22 | n8n | 106 | 5678 | Workflow automation |
-| 10.0.10.23 | RustDesk | 123 | 21115-18 | ID server, pubkey: sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0= |
+| 51.222.12.162 | RustDesk | VPS | 21116-17 | ID+Relay, pubkey: EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk= |
 | 10.0.10.25 | Prometheus/Grafana | 125 | 9090/3000 | Monitoring |
 | 10.0.10.26 | Uptime Kuma | 128 | 3001 | Status monitoring |
 
@@ -91,9 +91,10 @@ ssh root@10.0.10.4          # pve-storage
 - ACME: `https://10.0.10.15:8443/acme/acme/directory`
 - Provisioners: JWK (admin@nianticbooks.home), ACME
 
-### RustDesk (10.0.10.23)
+### RustDesk (51.222.12.162 / vps.nianticbooks.com)
-- Public endpoint: 66.63.182.168:21117 (relay)
+- ID Server: 51.222.12.162:21116
-- Pubkey: `sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=`
+- Relay Server: 51.222.12.162:21117
+- Pubkey: `EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk=`
 
 ### Home Assistant (10.0.10.24:8123)
 - Never commit secrets.yaml | Use secrets.yaml.example template

infrastructure/IP-ALLOCATION.md

@@ -66,7 +66,7 @@
 | 10.0.10.20 | postgresql | PostgreSQL (Shared DB) | main-pve | CT 102 | Active |
 | 10.0.10.21 | authentik | Authentik SSO | main-pve | CT 121 | Active |
 | 10.0.10.22 | n8n | n8n Workflow Automation | main-pve | CT 106 | Active |
-| 10.0.10.23 | rustdesk | RustDesk ID Server (hbbs) | main-pve | CT 123 | Active |
+| 10.0.10.23 | rustdesk | RustDesk ID Server (DEPRECATED - moved to VPS) | main-pve | CT 123 | Inactive |
 | 10.0.10.24 | homeassistant | Home Assistant OS | pve-router | VM 104 | Active |
 | 10.0.10.25 | prometheus | Prometheus + Grafana | main-pve | CT 125 | Active |
 | 10.0.10.26 | uptime-kuma | Uptime Kuma Monitoring | main-pve | CT 128 | Active |
@@ -221,7 +221,7 @@ These devices receive dynamic IPs from UCG Ultra DHCP. Some have DHCP reservatio
 | 107 | pterodactyl-wings | 10.0.10.46 |
 | 115 | ca-server | 10.0.10.15 |
 | 121 | authentik | 10.0.10.21 |
-| 123 | rustdesk | 10.0.10.23 |
+| 123 | rustdesk | 10.0.10.23 | DEPRECATED - RustDesk now on VPS (51.222.12.162) |
 | 125 | prometheus | 10.0.10.25 |
 | 127 | dockge | 10.0.10.27 |
 | 128 | uptime-kuma | 10.0.10.26 |

infrastructure/SERVICES.md

@@ -39,8 +39,8 @@ This document provides detailed information about all services running in the in
 | Calibre-Web | Home Lab | 10.0.10.27 | Media | ✅ Running | No |
 | Caddy Internal Proxy | Home Lab | 10.0.10.27 | Proxy | ✅ Running | No |
 | Vehicle Tracker | Home Lab | 10.0.10.35 | Web App | 🔄 In Development | No |
-| RustDesk ID Server | Home Lab | 10.0.10.23 | Remote Desktop | ✅ Running | No |
+| RustDesk ID Server | VPS | 51.222.12.162 | Remote Desktop | ✅ Running | No |
-| RustDesk Relay | VPS | 66.63.182.168 | Remote Desktop | ✅ Running | No |
+| RustDesk Relay | VPS | 51.222.12.162 | Remote Desktop | ✅ Running | No |
 | OpenClaw Gateway | Home Lab | 10.0.10.28 | AI Agent | ✅ Running | No |
 | AD5M 3D Printer | Home Lab | 10.0.10.30 | IoT | ✅ Running | No |
 | WireGuard VPN | Gaming VPS | 51.222.12.162 | Tunnel | ✅ Running | Yes |
@@ -737,30 +737,25 @@ See `CA-DEPLOYMENT-SUMMARY.md` for client certificate installation instructions.
 **Purpose**: Secure remote desktop access with self-hosted infrastructure
 
 **Service Details**:
-- **ID Server (hbbs)**: LXC 123 on main-pve
+- **ID Server (hbbs)**: VPS (51.222.12.162 / vps.nianticbooks.com)
-  - **IP**: 10.0.10.23
+  - **Port**: 21116 (ID/Rendezvous)
-  - **Version**: 1.1.14
+- **Relay Server (hbbr)**: VPS (51.222.12.162 / vps.nianticbooks.com)
-  - **Ports**: 21115 (NAT test), 21116 (ID/Rendezvous), 21118 (TCP punch)
-- **Relay Server (hbbr)**: VPS (66.63.182.168)
-  - **Version**: 1.1.14
   - **Port**: 21117 (Relay service)
-- **Public Key**: `sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=`
+- **Public Key**: `EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk=`
 
 **Architecture**:
 ```
-Internet → VPS Relay (hbbr)
+Internet → VPS (51.222.12.162)
             ↓
-         WireGuard Tunnel
+    RustDesk ID Server (hbbs) + Relay (hbbr)
-            ↓
-     Home Lab ID Server (hbbs)
             ↓
       RustDesk Clients (P2P when possible)
 ```
 
 **Client Configuration**:
-- **ID Server**: `66.63.182.168`
+- **ID Server**: `51.222.12.162`
-- **Relay Server**: `66.63.182.168` (auto-configured)
+- **Relay Server**: `51.222.12.162`
-- **Key**: `sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=`
+- **Key**: `EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk=`
 
 **Startup**:
 ```bash