# Services Documentation **Last Updated:** 2025-12-29 **Status:** All critical services operational This document provides detailed information about all services running in the infrastructure. ## Table of Contents - [Service Overview](#service-overview) - [VPS Services](#vps-services) - [Home Lab Services](#home-lab-services) - [Service Dependencies](#service-dependencies) - [Monitoring & Health Checks](#monitoring--health-checks) --- ## Service Overview ### Service Inventory Summary | Service Name | Location | IP Address | Type | Status | Critical | |--------------|----------|------------|------|--------|----------| | UCG Ultra Gateway | Home Lab | 10.0.10.1 | Network | ✅ Running | Yes | | Proxmox (main-pve) | Home Lab | 10.0.10.3 | Virtualization | ✅ Running | Yes | | Proxmox (pve-router) | Home Lab | 10.0.10.2 | Virtualization | ✅ Running | Yes | | Proxmox (pve-storage) | Home Lab | 10.0.10.4 | Virtualization | ✅ Running | Yes | | OpenMediaVault | Home Lab | 10.0.10.5 | Storage | ✅ Running | Yes | | PostgreSQL | Home Lab | 10.0.10.20 | Database | ✅ Running | Yes | | Authentik SSO | Home Lab | 10.0.10.21 | Authentication | ✅ Running | Yes | | n8n | Home Lab | 10.0.10.22 | Automation | ✅ Running | No | | Home Assistant | Home Lab | 10.0.10.24 | Smart Home | ✅ Running | No | | Prometheus + Grafana | Home Lab | 10.0.10.25 | Monitoring | ✅ Running | No | | Dockge | Home Lab | 10.0.10.27 | Container Mgmt | ✅ Running | No | | Sonarr | Home Lab | 10.0.10.27 | Media | ✅ Running | No | | Radarr | Home Lab | 10.0.10.27 | Media | ✅ Running | No | | Prowlarr | Home Lab | 10.0.10.27 | Media | ✅ Running | No | | Bazarr | Home Lab | 10.0.10.27 | Media | ✅ Running | No | | Deluge | Home Lab | 10.0.10.27 | Media | ✅ Running | No | | Calibre-Web | Home Lab | 10.0.10.27 | Media | ✅ Running | No | | Caddy Internal Proxy | Home Lab | 10.0.10.27 | Proxy | ✅ Running | No | | Vehicle Tracker | Home Lab | 10.0.10.35 | Web App | 🔄 In Development | No | | RustDesk ID Server | Home Lab | 10.0.10.23 | Remote Desktop | ✅ Running | No | | RustDesk Relay | VPS | 66.63.182.168 | Remote Desktop | ✅ Running | No | | OpenClaw Gateway | Home Lab | 10.0.10.28 | AI Agent | ✅ Running | No | | AD5M 3D Printer | Home Lab | 10.0.10.30 | IoT | ✅ Running | No | | WireGuard VPN | Gaming VPS | 51.222.12.162 | Tunnel | ✅ Running | Yes | | Caddy Reverse Proxy | VPS | 66.63.182.168 | Proxy | ✅ Running | Yes | --- ## VPS Services ### WireGuard VPN Server **Purpose**: Site-to-site VPN tunnel connecting VPS and home lab network **Service Details**: - **Host**: Gaming VPS (51.222.12.162, deadeyeg4ming.vip) - **Service Name**: `wg-quick@wg0` - **Port**: 51820/UDP - **Interface**: wg0 - **Tunnel IP**: 10.0.9.1/24 - **Configuration**: `/etc/wireguard/wg0.conf` - **Logs**: `journalctl -u wg-quick@wg0` - **Peers**: UCG Ultra at 10.0.9.2, VPS Proxy at 10.0.9.3 **Configuration**: ```ini [Interface] Address = 10.0.9.1/24 ListenPort = 51820 PrivateKey = [REDACTED] PostUp = iptables -A FORWARD -i wg0 -j ACCEPT PostUp = iptables -A FORWARD -o wg0 -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT PostDown = iptables -D FORWARD -o wg0 -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = [UCG Ultra public key] AllowedIPs = 10.0.9.2/32, 10.0.10.0/24 [Peer] PublicKey = [VPS Proxy public key] AllowedIPs = 10.0.9.3/32 ``` **Startup**: ```bash sudo systemctl start wg-quick@wg0 sudo systemctl enable wg-quick@wg0 ``` **Health Check**: ```bash sudo wg show sudo systemctl status wg-quick@wg0 ping 10.0.9.2 # UCG Ultra tunnel IP ``` **Status**: ✅ Operational - Tunnel stable, traffic flowing --- ### Caddy Reverse Proxy **Purpose**: Routes incoming HTTPS traffic to home lab services via WireGuard tunnel **Service Details**: - **Host**: VPS (66.63.182.168) - **Service Name**: `caddy` - **Port(s)**: 80 (HTTP), 443 (HTTPS) - **Configuration**: `/etc/caddy/Caddyfile` - **Logs**: `journalctl -u caddy` - **SSL**: Automatic via Let's Encrypt **Current Routes**: ```caddyfile # Proxmox (main-pve) freddesk.nianticbooks.com { reverse_proxy https://10.0.10.3:8006 { header_up Host {http.reverse_proxy.upstream.hostport} header_up X-Forwarded-Host {host} header_up X-Forwarded-Proto {scheme} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} transport http { tls_insecure_skip_verify } } } # Home Assistant bob.nianticbooks.com { reverse_proxy https://10.0.10.24:8123 { header_up X-Forwarded-Host {host} header_up X-Forwarded-Proto {scheme} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} transport http { tls_insecure_skip_verify } } } # 3D Printer (Prusa AD5M) ad5m.nianticbooks.com { reverse_proxy 10.0.10.30:80 } # Authentik SSO auth.nianticbooks.com { reverse_proxy 10.0.10.21:9000 } # M'Cheyne Bible Reading Plan bible.nianticbooks.com { reverse_proxy localhost:8081 encode gzip header { Strict-Transport-Security "max-age=31536000" X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" } } ``` **Startup**: ```bash sudo systemctl start caddy sudo systemctl enable caddy sudo systemctl reload caddy # After config changes ``` **Health Check**: ```bash sudo systemctl status caddy curl -I https://freddesk.nianticbooks.com curl -I https://ad5m.nianticbooks.com ``` **Status**: ✅ Operational - All 5 public domains working --- ## Home Lab Services ### UCG Ultra Gateway **Purpose**: Network gateway, DHCP server, firewall, WireGuard VPN client **Service Details**: - **IP Address**: 10.0.10.1 - **DHCP Range**: 10.0.10.50-254 - **Static Range**: 10.0.10.1-49 - **WireGuard Interface**: wgclt1 (10.0.9.2/24) - **Web Interface**: https://10.0.10.1 **Health Check**: ```bash ping 10.0.10.1 ssh root@10.0.10.1 "ip a show wgclt1" # Check WireGuard interface ``` **Status**: ✅ Operational --- ### Proxmox Cluster #### main-pve (DL380p - Primary Node) **Purpose**: Production workload virtualization (32 cores, 96GB RAM) **Service Details**: - **IP Address**: 10.0.10.3 - **Web Interface**: https://10.0.10.3:8006 - **Public Domain**: https://freddesk.nianticbooks.com - **iLO Management**: 10.0.10.13 - **Location**: Remote (not in office) - **Version**: Proxmox VE 8.x - **SSO**: Authentik via OpenID Connect **Running VMs/Containers**: - CT 102: PostgreSQL (10.0.10.20) - CT 121: Authentik SSO (10.0.10.21) - CT 106: n8n (10.0.10.22) - CT 127: Dockge (10.0.10.27) - VM 103: Home Assistant (10.0.10.24) - Additional containers: See Proxmox web UI for complete list **Health Check**: ```bash ping 10.0.10.3 curl -k -I https://10.0.10.3:8006 ssh root@10.0.10.3 "pveversion" ``` **Status**: ✅ Operational --- #### pve-router (i5 - Secondary Node) **Purpose**: Local development, secondary workloads (8 cores, 8GB RAM) **Service Details**: - **IP Address**: 10.0.10.2 - **DNS**: proxmox.nianticbooks.home - **MAC**: e4:54:e8:50:90:af - **Web Interface**: https://10.0.10.2:8006 - **Location**: Office (local access available) - **SSO**: Authentik via OpenID Connect **Running VMs/Containers**: - CT 100: pve-scripts-local (10.0.10.40) - CT 101: Twingate connector **Health Check**: ```bash ping 10.0.10.2 curl -k -I https://10.0.10.2:8006 ``` **Status**: ✅ Operational --- #### pve-storage (Storage Host) **Purpose**: Hosts OMV storage VM (3.5" drive support) **Service Details**: - **Proxmox IP**: 10.0.10.4 - **OMV VM IP**: 10.0.10.5 - **Storage**: 12TB - **Form Factor**: Supports 3.5" drives (unique among nodes) - **SSO**: Authentik via OpenID Connect **Health Check**: ```bash ping 10.0.10.4 ping 10.0.10.5 ``` **Status**: ✅ Operational --- ### OpenMediaVault (12TB Storage) **Purpose**: Centralized storage for backups, shared data, Proxmox storage **Service Details**: - **IP Address**: 10.0.10.5 - **MAC**: bc:24:11:a8:ff:0b - **Web Interface**: http://10.0.10.5 - **Capacity**: 12TB - **NFS Share**: /export/backups mounted on Proxmox nodes **Shares**: - `/export/backups` - Proxmox VM/container backups (NFS) - Available: 7.3TB, Used: 159GB **Mount Points** (on Proxmox nodes): ```bash # /etc/fstab entries on main-pve, pve-router, pve-storage 10.0.10.5:/export/backups /mnt/omv-backups nfs rsize=32768,wsize=32768,vers=3,tcp,timeo=600,retrans=2,_netdev 0 0 ``` **Health Check**: ```bash ping 10.0.10.5 ssh root@main-pve "df -h /mnt/omv-backups" showmount -e 10.0.10.5 ``` **Status**: ✅ Operational - 7.3TB available, 159GB used --- ### PostgreSQL (Shared Database) **Purpose**: Centralized database for Authentik, n8n, RustDesk, Grafana **Service Details**: - **Host**: main-pve (CT 102) - **IP Address**: 10.0.10.20 - **Version**: PostgreSQL 16 - **Port**: 5432 - **Databases**: authentik, n8n, rustdesk (planned), grafana (planned) **Configuration**: - Listen address: 0.0.0.0 (accessible from LAN) - Max connections: 100 - Shared buffers: 256MB **Startup**: ```bash pct exec 102 -- systemctl status postgresql pct exec 102 -- systemctl restart postgresql ``` **Health Check**: ```bash ping 10.0.10.20 pct exec 102 -- sudo -u postgres psql -c "SELECT version();" ``` **Backup**: - Automated daily backup at 2:00 AM - Script: `/usr/local/bin/backup-postgresql.sh` - Location: /mnt/omv-backups/postgres/ - Retention: 7 days **Status**: ✅ Operational --- ### Authentik SSO **Purpose**: Single sign-on authentication for all services **Service Details**: - **Host**: main-pve (CT 121) - **IP Address**: 10.0.10.21 - **Port**: 9000 (HTTP) - **Version**: 2025.10.2 - **Database**: PostgreSQL on 10.0.10.20 - **Public Domain**: https://auth.nianticbooks.com (planned) **Configuration**: - Admin User: akadmin - API Token: f7AsYT6FLZEWVvmN59lC0IQZfMLdgMniVPYhVwmYAFSKHez4aGxyn4Esm86r - Database: authentik @ 10.0.10.20 - Secret Key: [REDACTED] **Active Integrations**: - ✅ Proxmox (main-pve, pve-router, pve-storage) via OpenID Connect - Client ID: proxmox - Login: Select "authentik" realm → "Login with authentik" button - ✅ Grafana (OAuth2 configured) **Planned Integrations**: - Home Assistant (complex - requires proxy provider or LDAP) - Other services as needed **Startup**: ```bash pct exec 121 -- docker compose -f /opt/authentik/docker-compose.yml ps pct exec 121 -- docker compose -f /opt/authentik/docker-compose.yml restart ``` **Health Check**: ```bash curl -I http://10.0.10.21:9000 ``` **Status**: ✅ Operational - Proxmox SSO working --- ### n8n Workflow Automation **Purpose**: Workflow automation and Claude Code integration **Service Details**: - **Host**: main-pve (CT 106) - **IP Address**: 10.0.10.22 - **Port**: 5678 (HTTP) - **Version**: 1.123.5 - **Database**: PostgreSQL on 10.0.10.20 - **Resources**: 2 vCPUs, 4GB RAM **Configuration**: - Docker-based deployment - Database: n8n @ 10.0.10.20 - Authentication: Email/password (OIDC requires Enterprise license) **Claude Code Integration**: - Architecture: n8n → SSH → Claude Code on HOMELAB-COMMAND (10.0.10.10) - SSH Credential: homelab-command-ssh - Test workflow: "Claude Code Test" ✅ Verified working - Use cases: Infrastructure automation, AI workflows **Startup**: ```bash pct exec 106 -- docker ps pct exec 106 -- docker restart n8n ``` **Health Check**: ```bash curl -I http://10.0.10.22:5678 ``` **Status**: ✅ Operational - Basic Claude Code integration working **See Also**: N8N-CLAUDE-STATUS.md for integration details --- ### Home Assistant **Purpose**: Smart home automation and device control **Service Details**: - **Host**: main-pve (VM 103) - **IP Address**: 10.0.10.24 - **Port**: 8123 (HTTPS) - **MAC**: 02:f5:e9:54:36:28 - **Public Domain**: https://bob.nianticbooks.com ✅ Working **Integrations**: - Govee Curtain Lights (Local LAN control) - Sylvania Smart+ WiFi Plug via LocalTuya - Digital Loggers Web Power Switch (10.0.10.88) - Wyoming Protocol voice assistant (Gaming PC 10.0.10.10) - ESPHome (runs as HA add-on) - Weather (Met.no) - Local Todo lists **Configuration**: - SSL Certificate: Local CA certificate - Trusted Proxies: 127.0.0.1, 10.0.9.3 (VPS Proxy WireGuard IP) **Startup**: ```bash # Via Proxmox qm status 103 qm start 103 qm shutdown 103 # Inside VM ssh root@10.0.10.24 "ha core restart" ``` **Health Check**: ```bash ping 10.0.10.24 curl -k -I https://10.0.10.24:8123 ``` **Status**: ✅ Operational - Accessible locally and publicly via HTTPS **See Also**: home-assistant/ directory for configuration files --- ### Prometheus + Grafana (Monitoring) **Purpose**: Infrastructure monitoring, metrics collection, and visualization **Service Details**: - **Host**: main-pve (10.0.10.25) - **Grafana Port**: 3000 (HTTP) - **Prometheus Port**: 9090 (HTTP) - **Type**: VM or Container (TBD - need to verify) **Components**: - **Grafana**: Visualization and dashboards - **Prometheus**: Metrics collection and storage - **Node Exporter**: Host metrics (planned) - **cAdvisor**: Container metrics (planned) **Startup**: ```bash # TBD - depends on deployment method (Docker Compose, systemd, etc.) # Check status curl -I http://10.0.10.25:3000 # Grafana curl -I http://10.0.10.25:9090 # Prometheus ``` **Health Check**: ```bash ping 10.0.10.25 curl -I http://10.0.10.25:3000 # Grafana (redirects to /login) curl -I http://10.0.10.25:9090 # Prometheus ``` **Status**: ✅ Operational - Both services responding **Configuration**: - Database: TBD (may use PostgreSQL on 10.0.10.20) - SSO: Authentik integration planned - Public Domain: Not configured (internal access only) **Notes**: - Discovered already deployed during infrastructure audit (2025-12-29) - Need to document deployment method and configuration details - Need to set up monitoring targets (Proxmox, VPS, services) - Dashboards and alerting not yet configured --- ### Dockge (Container Management) **Purpose**: Docker Compose stack management with web UI **Service Details**: - **Host**: main-pve (CT 127) - **IP Address**: 10.0.10.27 - **Port**: 5001 (HTTP) - **Resources**: 2 vCPUs, 2GB RAM, 8GB disk **Features**: - Web-based Docker Compose management - Manages Homelab Dashboard stack - Real-time container logs and stats **Startup**: ```bash pct exec 127 -- systemctl status docker pct exec 127 -- systemctl restart dockge ``` **Health Check**: ```bash curl -I http://10.0.10.27:5001 ``` **Status**: ✅ Operational --- ### Media Automation Stack (Arr Services) **Purpose**: Automated TV show, movie, and subtitle management with torrent downloading **Architecture**: Docker Compose stack on CT 127 (Dockge), HTTPS termination via Caddy internal proxy #### Sonarr (TV Shows) **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **IP Address**: 10.0.10.27 - **Port**: 8989 (HTTP backend) - **HTTPS URL**: https://sonarr.nianticbooks.home - **Purpose**: TV show monitoring, RSS feed monitoring, automatic downloads **Features**: - Episode calendar and upcoming releases - Automatic quality upgrades - Integration with Prowlarr for indexers - Integration with Deluge for downloads - Library management and renaming #### Radarr (Movies) **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **IP Address**: 10.0.10.27 - **Port**: 7878 (HTTP backend) - **HTTPS URL**: https://radarr.nianticbooks.home - **Purpose**: Movie monitoring, automatic downloads, library management **Features**: - Movie discovery and recommendations - Automatic quality upgrades - Integration with Prowlarr for indexers - Integration with Deluge for downloads - Library management and renaming #### Prowlarr (Indexer Manager) **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **IP Address**: 10.0.10.27 - **Port**: 9696 (HTTP backend) - **HTTPS URL**: https://prowlarr.nianticbooks.home - **Purpose**: Centralized indexer management for Sonarr/Radarr **Features**: - Single configuration point for all indexers - Automatic sync to Sonarr/Radarr - Indexer statistics and testing #### Bazarr (Subtitles) **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **IP Address**: 10.0.10.27 - **Port**: 6767 (HTTP backend) - **HTTPS URL**: https://bazarr.nianticbooks.home - **Purpose**: Automatic subtitle download for TV shows and movies **Features**: - Integration with Sonarr/Radarr - Multiple subtitle provider support - Automatic language selection - Missing subtitle detection #### Deluge (BitTorrent Client) **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **IP Address**: 10.0.10.27 - **Port**: 8112 (HTTP backend) - **HTTPS URL**: https://deluge.nianticbooks.home - **Purpose**: BitTorrent download client for media files **Features**: - Web UI for torrent management - Integration with Sonarr/Radarr - Automatic category-based sorting - Seeding management #### Calibre-Web (eBook Library) **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **IP Address**: 10.0.10.27 - **Port**: 8083 (HTTP backend) - **HTTPS URL**: https://calibre.nianticbooks.home - **Purpose**: eBook library management and reading **Features**: - Web-based eBook reader - eBook format conversion - Library organization and metadata management - Send-to-Kindle integration **Storage Configuration**: All media services store data on OpenMediaVault (10.0.10.5) via NFS mounts: - `/media/tv` - Sonarr TV library - `/media/movies` - Radarr movie library - `/media/downloads` - Deluge download directory - `/media/books` - Calibre library **Startup**: ```bash # Access Dockge UI http://10.0.10.27:5001 # Or via SSH to CT 127 pct exec 127 -- docker ps | grep -E "(sonarr|radarr|prowlarr|bazarr|deluge|calibre)" pct exec 127 -- docker restart ``` **Health Check**: ```bash # Check all media services for service in sonarr radarr prowlarr bazarr deluge calibre; do echo "Checking $service..." curl -I https://$service.nianticbooks.home 2>/dev/null | head -1 done ``` **Status**: ✅ Operational (deployed 2026-01-25) --- ### Caddy Internal Reverse Proxy **Purpose**: HTTPS termination and reverse proxy for internal homelab services **Service Details**: - **Host**: main-pve (CT 127, Docker container) - **Container Name**: caddy-internal - **IP Address**: 10.0.10.27 - **Port**: 443 (HTTPS) - **Configuration**: `/opt/caddy-internal/Caddyfile` - **Certificate Authority**: Caddy Local Authority - 2026 ECC Root **Services Proxied**: - Sonarr, Radarr, Prowlarr, Bazarr, Deluge, Calibre-Web - Vikunja, Dockge **Startup**: ```bash pct exec 127 -- docker start caddy-internal pct exec 127 -- docker restart caddy-internal ``` **Health Check**: ```bash pct exec 127 -- docker ps | grep caddy-internal pct exec 127 -- docker logs caddy-internal ``` **Status**: ✅ Operational (deployed 2026-01-25) **Certificate Installation**: See `CA-DEPLOYMENT-SUMMARY.md` for client certificate installation instructions. --- ### RustDesk (Self-Hosted Remote Desktop) **Purpose**: Secure remote desktop access with self-hosted infrastructure **Service Details**: - **ID Server (hbbs)**: LXC 123 on main-pve - **IP**: 10.0.10.23 - **Version**: 1.1.14 - **Ports**: 21115 (NAT test), 21116 (ID/Rendezvous), 21118 (TCP punch) - **Relay Server (hbbr)**: VPS (66.63.182.168) - **Version**: 1.1.14 - **Port**: 21117 (Relay service) - **Public Key**: `sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=` **Architecture**: ``` Internet → VPS Relay (hbbr) ↓ WireGuard Tunnel ↓ Home Lab ID Server (hbbs) ↓ RustDesk Clients (P2P when possible) ``` **Client Configuration**: - **ID Server**: `66.63.182.168` - **Relay Server**: `66.63.182.168` (auto-configured) - **Key**: `sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=` **Startup**: ```bash # ID Server (home lab) ssh root@10.0.10.3 pct exec 123 -- systemctl status rustdesk-hbbs pct exec 123 -- systemctl restart rustdesk-hbbs # Relay Server (VPS) ssh 66.63.182.168 sudo systemctl status rustdesk-hbbr sudo systemctl restart rustdesk-hbbr ``` **Health Check**: ```bash # ID Server ports nc -zv 10.0.10.23 21115 # NAT test nc -zv 10.0.10.23 21116 # ID/Rendezvous # Relay Server port nc -zv 66.63.182.168 21117 ``` **Logs**: ```bash # ID Server ssh root@10.0.10.3 'pct exec 123 -- journalctl -u rustdesk-hbbs -f' # Relay Server ssh 66.63.182.168 'sudo journalctl -u rustdesk-hbbr -f' ``` **Status**: ✅ Operational - Deployed 2025-12-25 **See Also**: guides/RUSTDESK-DEPLOYMENT-COMPLETE.md for complete setup guide --- ### AD5M 3D Printer (Prusa) **Purpose**: 3D printing **Service Details**: - **IP Address**: 10.0.10.30 - **MAC**: 88:a9:a7:99:c3:64 - **DNS**: AD5M.nianticbooks.home - **Web Interface**: http://10.0.10.30 - **Public Domain**: https://ad5m.nianticbooks.com ✅ Working **Health Check**: ```bash ping 10.0.10.30 curl -I http://10.0.10.30 ``` **Status**: ✅ Operational --- ### Minecraft Forge Server **Purpose**: Game server for Cisco's Fantasy Medieval RPG Ultimate modpack **Service Details**: - **Host**: main-pve (CT 130) - **IP Address**: 10.0.10.41 - **Game Port**: 25565 (TCP/UDP) - **Status Page Port**: 8080 (HTTP) - **Public Domain**: cfmu.deadeyeg4ming.vip:25565 (game) - **Status Page**: https://cfmu.deadeyeg4ming.vip (web) - **Resources**: 8 vCPUs, 20GB RAM, 100GB disk **Configuration**: - Minecraft Version: 1.20.1 - Forge Version: 47.3.0 - Modpack: Cisco's Fantasy Medieval RPG Ultimate - Max Players: 20 - View Distance: 12 - Difficulty: Normal - Game Mode: Survival **Startup**: ```bash # Via Proxmox ssh root@10.0.10.3 pct exec 130 -- systemctl status minecraft-forge.service pct exec 130 -- systemctl start minecraft-forge.service pct exec 130 -- systemctl stop minecraft-forge.service # Graceful 30-sec countdown # Access server console pct exec 130 -- screen -r minecraft # Ctrl+A, D to detach ``` **Health Check**: ```bash # Check port nc -zv 10.0.10.41 25565 # Check service status ssh root@10.0.10.3 'pct exec 130 -- systemctl status minecraft-forge.service' # Check status page curl -I http://10.0.10.41:8080/ ``` **Backup**: - Automated daily backup at 3:00 AM UTC - Script: `/opt/minecraft/scripts/backup-minecraft.sh` - Location: /mnt/omv-backups/minecraft-YYYYMMDD_HHMMSS/ - Retention: 14 days - Components backed up: - World data (overworld, nether, end) - Server configs and mods - Player data **Monitoring**: - Health check every 5 minutes via systemd timer - Auto-restart on crash - Discord webhook notifications (optional) **Logs**: ```bash # Server logs ssh root@10.0.10.3 'pct exec 130 -- tail -f /opt/minecraft/server/logs/latest.log' # Service logs ssh root@10.0.10.3 'pct exec 130 -- journalctl -u minecraft-forge.service -f' # Backup logs ssh root@10.0.10.3 'pct exec 130 -- journalctl -u minecraft-backup.service' # Health check logs ssh root@10.0.10.3 'pct exec 130 -- journalctl -u minecraft-health.service' ``` **Status**: ✅ Operational - Deployed 2026-01-10 **Architecture**: ``` Players → cfmu.deadeyeg4ming.vip:25565 → Gaming VPS (51.222.12.162) iptables forward → WireGuard tunnel (10.0.9.0/24) → Minecraft Server (10.0.10.41:25565) ``` **See Also**: mc_server/ directory for deployment scripts and configuration files --- ### OpenClaw Gateway (AI Agent Coordinator) **Purpose**: Multi-agent AI coordination platform with voice integration, morning briefings, and proactive automation **Service Details**: - **Host**: main-pve (CT 130) - **IP Address**: 10.0.10.28 - **Port**: 18789 (WebSocket/HTTP) - **Version**: Latest (to be installed) - **Resources**: 2 vCPUs, 4GB RAM, 16GB disk **Desktop Client**: - **Device**: Fred's iMac (10.0.10.11 Ethernet / 10.0.10.144 Wi-Fi) - **Hardware**: Late 2013 iMac, 3.2GHz i5, 24GB RAM - **OS**: macOS Sequoia (via OpenCore) - **Features**: Voice input/output, morning briefings, system integration - **Network**: Dual-interface (Ethernet configured but cable not connected, currently on Wi-Fi) **Automated Workflows**: 1. **Morning Brief (8:00 AM Daily)** - Local weather forecast - Trending YouTube videos (filtered by interests) - Daily todo list and task recommendations - Trending news stories (filtered by interests) - Productivity recommendations 2. **Proactive Coder (11:00 PM Nightly)** - Overnight development work on business improvements - Creates Pull Requests for review (no direct commits) - Infrastructure monitoring and optimization - Workflow automation improvements 3. **Second Brain (NextJS App)** - Obsidian/Linear-style document viewer - Auto-generated concept exploration documents - Daily journal entries - Knowledge base from conversations 4. **Afternoon Research Report (Daily)** - Deep dives on topics of interest - Process improvement recommendations - Productivity workflow suggestions **Startup**: ```bash # Gateway service ssh root@10.0.10.3 pct exec 130 -- systemctl status openclaw-gateway pct exec 130 -- systemctl start openclaw-gateway pct exec 130 -- systemctl restart openclaw-gateway # Desktop client # Launch OpenClaw app from macOS Applications folder ``` **Health Check**: ```bash # Gateway accessibility curl -I http://10.0.10.28:18789 # Service status ssh root@10.0.10.3 'pct exec 130 -- openclaw status' # Check sessions ssh root@10.0.10.3 'pct exec 130 -- openclaw sessions' ``` **Logs**: ```bash # Gateway logs ssh root@10.0.10.3 'pct exec 130 -- journalctl -u openclaw-gateway -f' # OpenClaw dashboard http://10.0.10.28:18789/ ``` **Configuration**: - Gateway config: `/root/.openclaw/` on CT 130 - Node.js: ≥22.12.0 LTS (security requirements) - Authentication: Token-based for LAN access - Network: Internal only (no public exposure) **Planned Integrations**: - Home Assistant (10.0.10.24) - Voice control for smart home - n8n (10.0.10.22) - Workflow automation webhooks - Calendar - Morning briefing with daily schedule - Weather API - Local forecasts - YouTube Data API - Trending videos by interest - News APIs - Filtered trending stories **Status**: ✅ Running - Gateway operational, desktop client ready for connection **Current Configuration**: - **Gateway PID**: Running (check with `pgrep -f 'openclaw gateway'`) - **Auth Token**: Configured for LAN access - **Commands Enabled**: bash (native commands enabled) - **Model**: claude-sonnet-4-5 - **Hooks**: boot-md, command-logger, session-memory - **User Profile**: `/root/USER.md` with Fred's preferences - Timezone: America/Chicago (CST/CDT) - Location: ZIP 62551 - Interests: Tech/AI, Homelab, 3D Printing - Todo Integration: Apple Reminders (iPhone/iMac) **See Also**: - [OPENCLAW-SETUP.md](OPENCLAW-SETUP.md) for detailed setup guide - GitHub: https://github.com/openclaw/openclaw - Docs: https://docs.openclaw.ai --- ## Service Dependencies ### Dependency Map ``` Internet └─> Gaming VPS (51.222.12.162) ├─> WireGuard Server (10.0.9.1) │ ├─> UCG Ultra WireGuard Client (10.0.9.2) │ └─> VPS Proxy Client (10.0.9.3) │ └─> Home Lab Network (10.0.10.0/24) │ ├─> Proxmox Cluster │ ├─> PostgreSQL (shared DB) │ ├─> Authentik SSO │ ├─> n8n │ ├─> Home Assistant │ └─> Other services │ └─> Caddy Reverse Proxy └─> Routes to services via tunnel: ├─> freddesk.nianticbooks.com → 10.0.10.3:8006 ├─> ad5m.nianticbooks.com → 10.0.10.30:80 └─> bob.nianticbooks.com → 10.0.10.24:8123 ``` ### Critical Service Dependencies | Service | Depends On | Impact if Dependency Fails | |---------|------------|----------------------------| | Caddy | WireGuard tunnel, DNS | All public services unavailable | | WireGuard | UCG Ultra, VPS connectivity | Public services unavailable | | Authentik | PostgreSQL, network | SSO login fails (local admin still works) | | n8n | PostgreSQL, network | Workflows stop | | Home Assistant | Network, OMV (optional) | Smart home control unavailable | | All Services | Proxmox, network | Service unavailable | | Proxmox VMs | OMV (for backups) | Backups fail (services continue) | --- ## Monitoring & Health Checks ### Service Health Check Matrix | Service | Check Method | Expected Response | Status | |---------|--------------|-------------------|--------| | WireGuard | `sudo wg show` on VPS | Peer connected, handshake active | ✅ Operational | | Caddy | `curl -I https://freddesk.nianticbooks.com` | HTTP 200 or 501 | ✅ Operational | | Proxmox | `curl -k -I https://10.0.10.3:8006` | HTTP 501 (HEAD not supported) | ✅ Operational | | PostgreSQL | `ping 10.0.10.20` | Reply | ✅ Operational | | Authentik | `curl -I http://10.0.10.21:9000` | HTTP 302 redirect to login | ✅ Operational | | n8n | `curl -I http://10.0.10.22:5678` | HTTP 200 | ✅ Operational | | Home Assistant | `curl -k -I https://10.0.10.24:8123` | HTTP 405 (HEAD not allowed) | ✅ Operational | | Dockge | `curl -I http://10.0.10.27:5001` | HTTP 200 | ✅ Operational | | RustDesk ID | `nc -zv 10.0.10.23 21116` | Connection succeeds | ✅ Operational | | RustDesk Relay | `nc -zv 66.63.182.168 21117` | Connection succeeds | ✅ Operational | | 3D Printer | `curl -I http://10.0.10.30` | HTTP 200 | ✅ Operational | ### Automated Health Monitoring **Current Status**: Manual checks **Planned**: Prometheus + Grafana deployment (10.0.10.25) See [MONITORING.md](MONITORING.md) for detailed monitoring setup when ready. --- ## Notes & TODO ### Working Services All critical infrastructure services are operational and verified. ### Known Issues No known issues - all critical services operational and accessible. ### Planned Services See INFRASTRUCTURE-TODO.md for: - Additional monitoring configuration (Prometheus targets, dashboards) --- **Last Verified**: 2025-12-29 03:10 UTC **Verified By**: Fred (with Claude Code) **Next Review**: Quarterly or after major changes **Recent Changes** (2025-12-29): - ✅ Fixed Home Assistant public domain (bob.nianticbooks.com) - ✅ Discovered Prometheus + Grafana already deployed at 10.0.10.25 - ✅ Discovered RustDesk already deployed (ID server 10.0.10.23, relay on VPS) - ✅ Discovered additional public domains: auth.nianticbooks.com, bible.nianticbooks.com - ✅ All 5 public domains now operational - ✅ Updated Home Assistant trusted_proxies to include VPS WireGuard IP (10.0.9.3) - ✅ Added comprehensive RustDesk documentation (client config, public key, health checks)