# Infrastructure Audit **Last Updated:** 2026-01-18 **Status:** Active - Source of Truth This document provides a comprehensive inventory of all infrastructure components. For IP allocations, see `IP-ALLOCATION.md`. --- ## 1. VPS Configuration | Property | Value | |----------|-------| | Provider | Hudson Valley Host | | Public IP | 66.63.182.168 | | Hostname | vps.nianticbooks.com | | OS | Ubuntu 24.04 x86_64 | | Specs | 2 vCPUs, 4GB RAM, 100GB storage | ### VPS Services | Service | Port | Status | |---------|------|--------| | Caddy Reverse Proxy | 80, 443 | Active | | WireGuard VPN Server | 51820/UDP | Active | | RustDesk Relay (hbbr) | 21117 | Active | ### Caddy Routes (via WireGuard to home lab) | Domain | Backend | Status | |--------|---------|--------| | freddesk.nianticbooks.com | 10.0.10.3:8006 | Active | | ad5m.nianticbooks.com | 10.0.10.30:80 | Active | | bob.nianticbooks.com | 10.0.10.24:8123 | Active | | auth.nianticbooks.com | 10.0.10.21:9000 | Active | | cocktails.nianticbooks.com | 10.0.10.40 | Active | --- ## 2. WireGuard Tunnel | Property | Value | |----------|-------| | Status | Active | | Gaming VPS Endpoint | 51.222.12.162:51820 | | Gaming VPS Tunnel IP | 10.0.9.1 | | UCG Ultra Tunnel IP | 10.0.9.2 | | VPS Proxy Tunnel IP | 10.0.9.3 | | Home Lab Subnet | 10.0.10.0/24 | | Keepalive | 25 seconds | --- ## 3. Proxmox Cluster ### main-pve (DL380p) - Production Workloads | Property | Value | |----------|-------| | IP Address | 10.0.10.3 (static) | | iLO Management | 10.0.10.13 | | Location | Remote | | CPU | 32 cores | | RAM | 96 GB | | Role | Primary production host | **Running Containers (14 total):** | CT ID | Name | IP | Service | |-------|------|-----|---------| | 102 | postgresql | 10.0.10.20 | Shared PostgreSQL database | | 103 | bar-assistant | 10.0.10.40 | Cocktail recipe manager | | 105 | pterodactyl-panel | 10.0.10.45 | Game server management panel | | 106 | n8n | 10.0.10.22 | Workflow automation | | 107 | pterodactyl-wings | 10.0.10.46 | Game server node | | 115 | ca-server | 10.0.10.15 | Step-CA certificate authority | | 121 | authentik | 10.0.10.21 | SSO/Identity provider | | 123 | rustdesk | 10.0.10.23 | RustDesk ID server (hbbs) | | 125 | prometheus | 10.0.10.25 | Monitoring (Prometheus + Grafana) | | 127 | dockge | 10.0.10.27 | Docker Compose mgmt + Media Stack (6 services) | | 128 | uptime-kuma | 10.0.10.26 | Uptime monitoring | | 130 | minecraft-forge | 10.0.10.41 | Minecraft Forge server | | 131 | minecraft-stoneblock4 | 10.0.10.42 | Minecraft Stoneblock 4 | | 135 | vehicle-tracker | 10.0.10.35 | Vehicle Maintenance Tracker (Planned) | ### pve-router (i5) - Local/Light Workloads | Property | Value | |----------|-------| | IP Address | 10.0.10.2 (static) | | DNS | proxmox.nianticbooks.home | | Location | Office | | CPU | 8 cores | | RAM | 8 GB | | Role | Local development, Home Assistant | **Running VMs (1 total):** | VM ID | Name | IP | Service | |-------|------|-----|---------| | 104 | haos16.2 | 10.0.10.24 | Home Assistant OS | **Running Containers (1 total):** | CT ID | Name | IP | Service | |-------|------|-----|---------| | 101 | twingate-connector | 10.0.10.179 | Zero-trust remote access | ### pve-storage - Storage Host | Property | Value | |----------|-------| | IP Address | 10.0.10.4 (static) | | Role | Storage host (3.5" drive support) | **Running VMs (1 total):** | VM ID | Name | IP | Service | |-------|------|-----|---------| | 400 | OMV | 10.0.10.5 | OpenMediaVault (12TB) | --- ## 4. Network Configuration | Property | Value | |----------|-------| | Subnet | 10.0.10.0/24 | | Gateway | 10.0.10.1 (UCG Ultra) | | DHCP Range | 10.0.10.50-254 | | Static Range | 10.0.10.1-49 | **Note:** All infrastructure IPs (.1-.49) use static configuration on devices, not DHCP reservations. See `IP-ALLOCATION.md` for complete IP assignments. --- ## 5. Key Services Summary ### Authentication & Security | Service | IP | Port | Purpose | |---------|-----|------|---------| | Authentik SSO | 10.0.10.21 | 9000 | OAuth2/OIDC, WebAuthn | | Step-CA | 10.0.10.15 | 8443 | Internal certificate authority | | Twingate | 10.0.10.179 | - | Zero-trust remote access | ### Databases | Service | IP | Port | Purpose | |---------|-----|------|---------| | PostgreSQL | 10.0.10.20 | 5432 | Shared DB (Authentik, n8n, RustDesk, Grafana) | ### Monitoring | Service | IP | Port | Purpose | |---------|-----|------|---------| | Prometheus | 10.0.10.25 | 9090 | Metrics collection | | Grafana | 10.0.10.25 | 3000 | Dashboards | | Uptime Kuma | 10.0.10.26 | 3001 | Uptime monitoring | ### Automation | Service | IP | Port | Purpose | |---------|-----|------|---------| | n8n | 10.0.10.22 | 5678 | Workflow automation | | Home Assistant | 10.0.10.24 | 8123 | Smart home | ### Gaming | Service | IP | Port | Purpose | |---------|-----|------|---------| | Pterodactyl Panel | 10.0.10.45 | 80 | Game server management | | Pterodactyl Wings | 10.0.10.46 | 8080 | Game server node | | Minecraft Forge | 10.0.10.41 | 25565 | CFMRPGU modpack | | Minecraft SB4 | 10.0.10.42 | 25566 | Stoneblock 4 modpack | ### Remote Access | Service | IP | Port | Purpose | |---------|-----|------|---------| | RustDesk ID (hbbs) | 10.0.10.23 | 21116 | Remote desktop ID server | | RustDesk Relay (hbbr) | VPS | 21117 | Remote desktop relay | ### Storage | Service | IP | Purpose | |---------|-----|---------| | OpenMediaVault | 10.0.10.5 | 12TB NFS/SMB storage (media library for Arr stack) | | Dockge | 10.0.10.27 | Docker stack management | ### Media Automation (Arr Stack) | Service | IP | Port | Purpose | |---------|-----|------|---------| | Sonarr | 10.0.10.27 | 8989 | TV show monitoring & automation | | Radarr | 10.0.10.27 | 7878 | Movie monitoring & automation | | Prowlarr | 10.0.10.27 | 9696 | Indexer management for *arr apps | | Bazarr | 10.0.10.27 | 6767 | Subtitle download automation | | Deluge | 10.0.10.27 | 8112 | BitTorrent download client | | Calibre-Web | 10.0.10.27 | 8083 | eBook library management | | Caddy Internal Proxy | 10.0.10.27 | 443 | HTTPS reverse proxy (Caddy Internal PKI) | **Storage Paths:** - `/media/tv` - Sonarr TV library - `/media/movies` - Radarr movie library - `/media/downloads` - Deluge download directory - `/media/books` - Calibre library **Note:** All services run as Docker containers on CT 127 (Dockge), accessible via HTTPS at `https://.nianticbooks.home` ### Utility | Service | IP | Port | Purpose | |---------|-----|------|---------| | Bar Assistant | 10.0.10.40 | 80 | Cocktail recipe manager | | Vikunja | 10.0.10.27 | 3456 | Task management (no longer actively used) | --- ## 6. Backup System ### Tier 1 - Local (OMV NFS) | Property | Value | |----------|-------| | Storage | 10.0.10.5:/export/backups | | Available | 7.3 TB | | Mount Point | /mnt/omv-backups (all Proxmox hosts) | **Automated Backups:** | Time | What | Retention | |------|------|-----------| | 2:00 AM | PostgreSQL (all databases) | 7 daily, 4 weekly, 3 monthly | | 2:30 AM | Proxmox VMs/containers | 7 daily, 4 weekly, 3 monthly | --- ## 7. Physical Devices ### HOMELAB-COMMAND (10.0.10.10) | Property | Value | |----------|-------| | Type | Gaming PC | | GPU | RTX 5060 | | Services | Wyoming (Whisper STT, Piper TTS), Ollama LLM | | OS | Windows 11 | | Role | Claude Code host, voice assistant hub | ### HP iLO (10.0.10.13) | Property | Value | |----------|-------| | Type | Server management | | Purpose | DL380p (main-pve) remote management | ### 3D Printers | Device | IP | Status | |--------|-----|--------| | Flashforge AD5M | 10.0.10.30 | Active | | Bambu Lab A1 | 10.0.10.31 | Active | --- ## 8. Audit History | Date | Action | Notes | |------|--------|-------| | 2026-01-25 | Deployed Media Stack | Sonarr, Radarr, Prowlarr, Bazarr, Deluge, Calibre-Web on CT 127 via Docker | | 2026-01-25 | Deployed Caddy Internal Proxy | HTTPS reverse proxy for internal services on CT 127 | | 2026-01-25 | Deployed CA certificates | Homelab root CA distributed to all LXC containers and Proxmox hosts | | 2026-01-25 | Deprecated Vikunja | No longer actively used (Claude Code replaced n8n workflow use case) | | 2026-01-18 | Deployed Vikunja | Task management on Dockge (10.0.10.27:3456), tasks.nianticbooks.com | | 2026-01-13 | Full network audit | Compared UCG DHCP export vs docs, verified all services | | 2026-01-13 | Removed CT 100 | pve-scripts-local - unused, IP conflict with bar-assistant | | 2025-12-29 | Initial audit | Infrastructure audit template completed | --- ## 9. Outstanding Items - [ ] Fix Home Assistant public domain (Caddy HTTPS backend config) - [x] Move Bambu A1 to static IP 10.0.10.31 (done 2026-01-13) - [ ] Identify unknown Raspberry Pi devices (.81, .171, .246) - [ ] Document ESP devices purpose (.90, .207) - [ ] Cleanup deprecated VMs (Spoolman .71, Authelia .112)