166 lines
5.3 KiB
Markdown
166 lines
5.3 KiB
Markdown
# Homelab Network - Agent Reference
|
|
|
|
**Last Updated:** 2026-01-20 | **Owner:** Fred | **Purpose:** Automation agent context
|
|
|
|
---
|
|
|
|
## HOSTS & HARDWARE
|
|
|
|
### VPS
|
|
- **Primary:** 66.63.182.168 (vps.nianticbooks.com) | 2vCPU/4GB | Caddy, WireGuard, RustDesk relay
|
|
- **Gaming:** 51.222.12.162 (deadeyeg4ming.vip) | WireGuard VPN (10.0.9.1)
|
|
|
|
### Proxmox
|
|
- **main-pve:** 10.0.10.3 | 32c/96GB | 13 LXC containers (CT 102-131)
|
|
- **pve-router:** 10.0.10.2 | 8c/8GB | Home Assistant VM, local dev
|
|
- **pve-storage:** 10.0.10.4 | OMV VM 400 (10.0.10.5, 12TB NFS)
|
|
|
|
### Network
|
|
- **Gateway:** 10.0.10.1 (UCG Ultra) | DHCP 10.0.10.50-254
|
|
- **WireGuard:** 10.0.9.0/24 (active), 10.0.8.0/24 (legacy)
|
|
|
|
---
|
|
|
|
## SERVICES (IP:PORT)
|
|
|
|
### Auth & Infrastructure
|
|
| IP | Service | CT | Ports | Notes |
|
|
|---|---|---|---|---|
|
|
| 10.0.10.15 | Step-CA | 115 | 8443 | ACME: https://10.0.10.15:8443/acme/acme/directory |
|
|
| 10.0.10.20 | PostgreSQL | 102 | 5432 | Shared DB (n8n, rustdesk, grafana, authentik) |
|
|
| 10.0.10.21 | Authentik | 121 | 9000 | SSO (admin: akadmin), OAuth2/OIDC |
|
|
| 10.0.10.22 | n8n | 106 | 5678 | Workflow automation |
|
|
| 10.0.10.23 | RustDesk | 123 | 21115-18 | ID server, pubkey: sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0= |
|
|
| 10.0.10.25 | Prometheus/Grafana | 125 | 9090/3000 | Monitoring |
|
|
| 10.0.10.26 | Uptime Kuma | 128 | 3001 | Status monitoring |
|
|
|
|
### Apps & Gaming
|
|
| IP | Service | CT | Ports | Notes |
|
|
|---|---|---|---|---|
|
|
| 10.0.10.24 | Home Assistant | VM 104 | 8123 | Smart home (pve-router) |
|
|
| 10.0.10.27 | Dockge/Vikunja | 127 | 5001/3456 | Docker UI, tasks |
|
|
| 10.0.10.40 | Bar Assistant | 103 | 8080 | Cocktails (Meilisearch, Redis) |
|
|
| 10.0.10.41 | Minecraft Forge | 130 | 25565 | CFMRPGU modpack |
|
|
| 10.0.10.42 | Minecraft Stoneblock | 131 | 25565 | FTB Stoneblock 4 |
|
|
| 10.0.10.45/46 | Pterodactyl | 105/107 | 80/8080 | Game panel + wings |
|
|
|
|
### Other
|
|
- **OMV:** 10.0.10.5 (VM 400) | 12TB NFS backup target
|
|
- **HOMELAB-COMMAND:** 10.0.10.10 | Claude Code, Wyoming STT/TTS, Ollama
|
|
- **Twingate:** 10.0.10.179 (CT 101) | Zero-trust access
|
|
|
|
---
|
|
|
|
## PUBLIC DOMAINS (via Caddy @ 66.63.182.168)
|
|
|
|
| Domain | Backend | Service |
|
|
|---|---|---|
|
|
| freddesk.nianticbooks.com | 10.0.10.3:8006 | Proxmox |
|
|
| bob.nianticbooks.com | 10.0.10.24:8123 | Home Assistant |
|
|
| auth.nianticbooks.com | 10.0.10.21:9000 | Authentik |
|
|
| ad5m.nianticbooks.com | 10.0.10.30:80 | 3D Printer |
|
|
| cocktails.nianticbooks.com | 10.0.10.40 | Bar Assistant |
|
|
| tasks.nianticbooks.com | 10.0.10.27:3456 | Vikunja |
|
|
|
|
---
|
|
|
|
## SSH ACCESS (All key-based, NO passwords)
|
|
|
|
```bash
|
|
ssh fred@66.63.182.168 # VPS Primary
|
|
ssh ubuntu@51.222.12.162 # VPS Gaming
|
|
ssh root@10.0.10.3 # main-pve
|
|
ssh root@10.0.10.2 # pve-router
|
|
ssh root@10.0.10.4 # pve-storage
|
|
```
|
|
|
|
**Rule:** Generate/add SSH keys when adding new servers/devices.
|
|
|
|
---
|
|
|
|
## SERVICE CREDENTIALS & API ACCESS
|
|
|
|
### Authentik (10.0.10.21:9000)
|
|
- Admin: akadmin | Integrations: Proxmox (OIDC), Grafana (OAuth2)
|
|
|
|
### PostgreSQL (10.0.10.20:5432)
|
|
- Shared by: n8n, rustdesk, grafana, authentik
|
|
- Backup: Daily 2:00 AM → OMV NFS (~13MB)
|
|
|
|
### Step-CA (10.0.10.15:8443)
|
|
- ACME: `https://10.0.10.15:8443/acme/acme/directory`
|
|
- Provisioners: JWK (admin@nianticbooks.home), ACME
|
|
|
|
### RustDesk (10.0.10.23)
|
|
- Public endpoint: 66.63.182.168:21117 (relay)
|
|
- Pubkey: `sfYuCTMHxrA22kukomb/RAKYyUgr8iaMfm/U4CFLfL0=`
|
|
|
|
### Home Assistant (10.0.10.24:8123)
|
|
- Never commit secrets.yaml | Use secrets.yaml.example template
|
|
- LocalTuya: Requires device keys from Tuya IoT Platform
|
|
- Trusted proxies: 10.0.9.0/24, 10.0.8.0/24, 10.0.9.3
|
|
|
|
---
|
|
|
|
## CRITICAL CONSTRAINTS
|
|
|
|
- **VPS:** 2CPU/4GB only - lightweight services ONLY
|
|
- **Proxmox Storage:** ALWAYS `local`, NEVER `local-lvm`
|
|
- **SSH:** ALWAYS keys, NEVER passwords
|
|
- **Trusted Proxies:** Services must accept 10.0.9.0/24, 10.0.8.0/24, 10.0.9.3
|
|
- **HOMELAB-COMMAND:** SSH requires system restart to enable
|
|
|
|
---
|
|
|
|
## QUICK COMMANDS
|
|
|
|
### Container Ops
|
|
```bash
|
|
ssh root@10.0.10.3 "pct exec <CT> -- bash -c 'command'" # Execute in CT
|
|
pct status <CT> # Check status
|
|
pct exec <CT> -- docker logs --tail 50 <service> # View logs
|
|
pct exec <CT> -- docker restart <service> # Restart
|
|
```
|
|
|
|
### Caddy (VPS)
|
|
```bash
|
|
ssh fred@66.63.182.168 "nano /etc/caddy/Caddyfile" # Edit
|
|
ssh fred@66.63.182.168 "sudo systemctl reload caddy" # Reload
|
|
ssh fred@66.63.182.168 "sudo journalctl -u caddy --tail 50" # Logs
|
|
```
|
|
|
|
### Backups
|
|
- PostgreSQL: Daily 2:00 AM → 10.0.10.5:/export/backups (7d/4w/3m retention)
|
|
- Proxmox: Daily 2:30 AM → OMV NFS
|
|
- Log: `/var/log/homelab-backup.log`
|
|
|
|
---
|
|
|
|
## ACTIVE TODOS
|
|
|
|
### High Priority
|
|
1. Configure Prometheus targets + Grafana dashboards
|
|
2. Remove deprecated VMs (Spoolman 10.0.10.71, Authelia 10.0.10.112)
|
|
|
|
### Medium Priority
|
|
- DNS: omv.nianticbooks.home → 10.0.10.5
|
|
- n8n service monitoring workflow (#4833)
|
|
- Authentik SSO integrations (Home Assistant, others)
|
|
|
|
### Low Priority
|
|
- Tier 2/3 backups (off-site, cloud)
|
|
- Home Assistant HTTPS certificates
|
|
|
|
---
|
|
|
|
## AVAILABLE IPs
|
|
|
|
**Reserved blocks:**
|
|
- 10.0.10.6-9 (infrastructure)
|
|
- 10.0.10.11-12, 14, 16-19 (management)
|
|
- 10.0.10.28-29, 32-39, 43-44, 47-49 (utility)
|
|
|
|
---
|
|
|
|
**Source:** C:/Users/Fred/projects/infrastructure/.claude/docs/
|