homelab-docs/infrastructure/AGENT-REFERENCE.md

# Homelab Network - Agent Reference

**Last Updated:** 2026-01-20 | **Owner:** Fred | **Purpose:** Automation agent context

---

## HOSTS & HARDWARE

### VPS
- **Primary:** 51.222.12.162 (vps.nianticbooks.com) | 2vCPU/4GB | Caddy, WireGuard, RustDesk (ID+Relay)
- **Gaming:** 51.222.12.162 (deadeyeg4ming.vip) | WireGuard VPN (10.0.9.1)

### Proxmox
- **main-pve:** 10.0.10.3 | 32c/96GB | 13 LXC containers (CT 102-131)
- **pve-router:** 10.0.10.2 | 8c/8GB | Home Assistant VM, local dev
- **pve-storage:** 10.0.10.4 | OMV VM 400 (10.0.10.5, 12TB NFS)

### Network
- **Gateway:** 10.0.10.1 (UCG Ultra) | DHCP 10.0.10.50-254
- **WireGuard:** 10.0.9.0/24 (active), 10.0.8.0/24 (legacy)

---

## SERVICES (IP:PORT)

### Auth & Infrastructure
| IP | Service | CT | Ports | Notes |
|---|---|---|---|---|
| 10.0.10.15 | Step-CA | 115 | 8443 | ACME: https://10.0.10.15:8443/acme/acme/directory |
| 10.0.10.20 | PostgreSQL | 102 | 5432 | Shared DB (n8n, rustdesk, grafana, authentik) |
| 10.0.10.21 | Authentik | 121 | 9000 | SSO (admin: akadmin), OAuth2/OIDC |
| 10.0.10.22 | n8n | 106 | 5678 | Workflow automation |
| 51.222.12.162 | RustDesk | VPS | 21116-17 | ID+Relay, pubkey: EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk= |
| 10.0.10.25 | Prometheus/Grafana | 125 | 9090/3000 | Monitoring |
| 10.0.10.26 | Uptime Kuma | 128 | 3001 | Status monitoring |

### Apps & Gaming
| IP | Service | CT | Ports | Notes |
|---|---|---|---|---|
| 10.0.10.24 | Home Assistant | VM 104 | 8123 | Smart home (pve-router) |
| 10.0.10.27 | Dockge/Vikunja | 127 | 5001/3456 | Docker UI, tasks |
| 10.0.10.40 | Bar Assistant | 103 | 8080 | Cocktails (Meilisearch, Redis) |
| 10.0.10.41 | Minecraft Forge | 130 | 25565 | CFMRPGU modpack |
| 10.0.10.42 | Minecraft Stoneblock | 131 | 25565 | FTB Stoneblock 4 |
| 10.0.10.45/46 | Pterodactyl | 105/107 | 80/8080 | Game panel + wings |

### Other
- **OMV:** 10.0.10.5 (VM 400) | 12TB NFS backup target
- **HOMELAB-COMMAND:** 10.0.10.10 | Claude Code, Wyoming STT/TTS, Ollama
- **Twingate:** 10.0.10.179 (CT 101) | Zero-trust access

---

## PUBLIC DOMAINS (via Caddy @ 66.63.182.168)

| Domain | Backend | Service |
|---|---|---|
| freddesk.nianticbooks.com | 10.0.10.3:8006 | Proxmox |
| bob.nianticbooks.com | 10.0.10.24:8123 | Home Assistant |
| auth.nianticbooks.com | 10.0.10.21:9000 | Authentik |
| ad5m.nianticbooks.com | 10.0.10.30:80 | 3D Printer |
| cocktails.nianticbooks.com | 10.0.10.40 | Bar Assistant |
| tasks.nianticbooks.com | 10.0.10.27:3456 | Vikunja |

---

## SSH ACCESS (All key-based, NO passwords)

```bash
ssh fred@66.63.182.168      # VPS Primary
ssh ubuntu@51.222.12.162    # VPS Gaming
ssh root@10.0.10.3          # main-pve
ssh root@10.0.10.2          # pve-router
ssh root@10.0.10.4          # pve-storage
```

**Rule:** Generate/add SSH keys when adding new servers/devices.

---

## SERVICE CREDENTIALS & API ACCESS

### Authentik (10.0.10.21:9000)
- Admin: akadmin | Integrations: Proxmox (OIDC), Grafana (OAuth2)

### PostgreSQL (10.0.10.20:5432)
- Shared by: n8n, rustdesk, grafana, authentik
- Backup: Daily 2:00 AM → OMV NFS (~13MB)

### Step-CA (10.0.10.15:8443)
- ACME: `https://10.0.10.15:8443/acme/acme/directory`
- Provisioners: JWK (admin@nianticbooks.home), ACME

### RustDesk (51.222.12.162 / vps.nianticbooks.com)
- ID Server: 51.222.12.162:21116
- Relay Server: 51.222.12.162:21117
- Pubkey: `EPO75IeD+yJo5S5wtKePpyokHGXv9FN1w5Fx+Db5UCk=`

### Home Assistant (10.0.10.24:8123)
- Never commit secrets.yaml | Use secrets.yaml.example template
- LocalTuya: Requires device keys from Tuya IoT Platform
- Trusted proxies: 10.0.9.0/24, 10.0.8.0/24, 10.0.9.3

---

## CRITICAL CONSTRAINTS

- **VPS:** 2CPU/4GB only - lightweight services ONLY
- **Proxmox Storage:** ALWAYS `local`, NEVER `local-lvm`
- **SSH:** ALWAYS keys, NEVER passwords
- **Trusted Proxies:** Services must accept 10.0.9.0/24, 10.0.8.0/24, 10.0.9.3
- **HOMELAB-COMMAND:** SSH requires system restart to enable

---

## QUICK COMMANDS

### Container Ops
```bash
ssh root@10.0.10.3 "pct exec <CT> -- bash -c 'command'"  # Execute in CT
pct status <CT>                                            # Check status
pct exec <CT> -- docker logs --tail 50 <service>          # View logs
pct exec <CT> -- docker restart <service>                 # Restart
```

### Caddy (VPS)
```bash
ssh fred@66.63.182.168 "nano /etc/caddy/Caddyfile"        # Edit
ssh fred@66.63.182.168 "sudo systemctl reload caddy"      # Reload
ssh fred@66.63.182.168 "sudo journalctl -u caddy --tail 50" # Logs
```

### Backups
- PostgreSQL: Daily 2:00 AM → 10.0.10.5:/export/backups (7d/4w/3m retention)
- Proxmox: Daily 2:30 AM → OMV NFS
- Log: `/var/log/homelab-backup.log`

---

## ACTIVE TODOS

### High Priority
1. Configure Prometheus targets + Grafana dashboards
2. Remove deprecated VMs (Spoolman 10.0.10.71, Authelia 10.0.10.112)

### Medium Priority
- DNS: omv.nianticbooks.home → 10.0.10.5
- n8n service monitoring workflow (#4833)
- Authentik SSO integrations (Home Assistant, others)

### Low Priority
- Tier 2/3 backups (off-site, cloud)
- Home Assistant HTTPS certificates

---

## AVAILABLE IPs

**Reserved blocks:**
- 10.0.10.6-9 (infrastructure)
- 10.0.10.11-12, 14, 16-19 (management)
- 10.0.10.28-29, 32-39, 43-44, 47-49 (utility)

---

**Source:** C:/Users/Fred/projects/infrastructure/.claude/docs/