# Host list — Proxmox guests (source of truth) **Node:** PVENAS (`pve10` @ `10.0.10.10`) **Audited:** 2026-05-24 (Phase 0 complete — LXCs static + UniFi VM DHCP) **LAN:** `10.0.10.0/24`, gateway `10.0.10.1` Update this file whenever a guest is created, migrated, or re-IP’d. See [levkin-selfhost-plan-2.md](levkin-selfhost-plan-2.md) for IP range policy. --- ## IP range plan (10.0.10.0/24) | Range | Reserved for | |-------|----------------| | `.1–.9` | Network gear | | `.10–.19` | Proxmox host(s) + PBS | | `.20–.39` | Edge / identity / comms | | `.40–.79` | Application LXCs / VMs | | `.80–.99` | Media VMs | | `.100–.199` | DHCP pool (clients) | | `.200–.249` | Labs / heavy VMs | | `.250–.254` | Reserved | **Rollout reservations (free):** `.20` edge LXC --- ## Proxmox host | VMID | Name | Role | Current IP | Target static IP | DHCP/Static | Notes | |------|------|------|------------|------------------|-------------|-------| | — | **pve10** | Proxmox (PVENAS) | `10.0.10.10/24` | `.10` | Static | This node | --- ## LXCs (pve10) | VMID | Name | Plan group | Current IP | Target static IP | DHCP/Static | MAC | Notes | |------|------|------------|------------|------------------|-------------|-----|-------| | 210 | cal | business | `10.0.10.228/24` | `10.0.10.228/24` | ✅ **Static** | `BC:24:11:DD:F8:7C` | Cal.com — `pct set` applied; in Ansible `hosts` | | 215 | caseware | **marketing site** | `10.0.10.105/24` | `10.0.10.105/24` | ✅ **Static** | `BC:24:11:72:04:53` | Static HTML `/var/www/caseware` → `caseware.levkin.ca` | | 216 | auto | **marketing site** | `10.0.10.59/24` | `10.0.10.59/24` | ✅ **Static** | `BC:24:11:43:F0:86` | Static HTML `/var/www/auto` → `auto.levkin.ca` | | 219 | portfolio | **marketing site** | `10.0.10.106/24` | `10.0.10.106/24` | ✅ **Static** | `BC:24:11:DF:94:32` | Static HTML `/var/www/portfolio` → `iliadobkin.com` (migrated from pve201 LXC 306) | | 220 | levkin | **marketing site** | `10.0.10.60/24` | `10.0.10.60/24` | ✅ **Static** | `BC:24:11:C6:B2:E4` | Vite `www/` → `levkin.ca` (spec), `levkin.ca/folders` (stack) — [site-lxc-git.md](site-lxc-git.md) | | 217 | identity | identity | `10.0.10.21/24` | `10.0.10.21/24` | ✅ **Static** | `BC:24:11:3C:85:45` | Authentik + Postgres + Redis; `auth.levkin.ca` via Caddy | | 218 | monitoring | monitoring | `10.0.10.22/24` | `10.0.10.22/24` | ✅ **Static** | `BC:24:11:54:43:13` | Kuma `:3001`, Dockge `:5001`, Umami `:3000`, Beszel `:8090` (LAN) — [monitoring-stack.md](monitoring-stack.md) | | 221 | listmonk | productivity | `10.0.10.148/24` | `10.0.10.148/24` | ✅ **Static** | `BC:24:11:18:0C:62` | Migrated from pve201 VM **113** 2026-05-23; Postgres 17 + native binary | **pve201 (not pve10):** LXC **305** `kuma-debian` @ `10.0.10.197` — **stopped 2026-05-22** (replaced by monitoring LXC 218). `onboot` disabled. LXC **306** `portfolio` — **destroyed/purged 2026-05-22** (now pve10 LXC **219** @ `10.0.10.106`). --- ## VMs (pve10) | VMID | Name | Plan group | Current IP | Target static IP | DHCP/Static | MAC | Notes | |------|------|------------|------------|------------------|-------------|-----|-------| | 100 | homepage-debian | — | — | — | — | — | **Stopped** | | 101 | Jellyfin | media | `10.0.10.232` | `10.0.10.232/24` | ⏳ DHCP? | `BC:24:11:29:B8:84` | **Stopped** (turned off 2026-05-22); inventory `jellyfin` | | 102 | gitea-alpine | — | `10.0.10.169/24` | `10.0.10.169/24` | ⏳ stable DHCP | `BC:24:11:E9:BD:E5` | Pin in-guest or router reservation | | 103 | WRA | — | `10.0.10.154/24` | `10.0.10.154/24` | ⏳ stable DHCP | `BC:24:11:61:DE:7A` | Inventory `n8n`; pin when automating | | 104 | vaultwarden-debian | identity | `10.0.10.142/24` | `10.0.10.142/24` | ⏳ stable DHCP | `BC:24:11:58:DB:DC` | Inventory `vaultwardenVM` | | 105 | TrueNAS | — | `10.0.10.107/24` | `10.0.10.107/24` | ⏳ stable DHCP | `BC:24:11:14:DE:B5` | NAS UI; pool `NAS.SP00` degraded | | 106 | caddy-debian | **edge** | `10.0.10.50/24` | `10.0.10.50/24` → **`.20`** (Phase 1.5) | ✅ **Static** (in-guest) | `BC:24:11:E0:49:B4` | `/etc/network/interfaces` static; Ansible `caddy` | | 107 | mattermost-ubuntu | comms | `10.0.10.237/24` | `10.0.10.237/24` | ⏳ router DHCP | `BC:24:11:66:6E:01` | `slack.levkin.ca` → Caddy → `:8065` | | 108 | actual-debian | business | `10.0.10.158/24` | `10.0.10.158/24` | ⏳ stable DHCP | `BC:24:11:10:7B:64` | Inventory `actual` | | 109 | portainer-alpine | — | — | — | ✅ **Removed** | `BC:24:11:0F:40:4F` | Destroyed 2026-05-23; Dockge on monitoring LXC 218 | | 150 | pihole00-debian | — | link-local* | TBD | ⏳ | `BC:24:11:86:76:97` | Running | | 117 | hermes | services | `10.0.10.36/24` | `10.0.10.36/24` | ⏳ stable DHCP | `BC:24:11:51:1E:99` | On pve10; guest agent; inventory `hermes` | | 200 | PVE.BU.SVR | labs | `10.0.10.200/24` | `10.0.10.200/24` | ⏳ stable DHCP | `BC:24:11:DA:95:3B` | Running | | 201 | NextcloudAIO-debian | (decommission) | `10.0.10.24/24` | — | 🗑️ **Stopped** | `BC:24:11:14:D4:DE` | Retired 2026-05-23 — Caddy removed, `onboot 0`, ~8 GiB RAM freed | | 300 | pihole-debian | — | — | — | — | — | **Stopped** | \* ARP showed IPv6 link-local only at audit time — confirm IPv4 inside guest or install QEMU guest agent. --- ## Inventory cross-reference (Ansible `hosts`) | Inventory name | IP in hosts | pve10 guest | Match | |----------------|-------------|-------------|-------| | caddy | `10.0.10.50` | VM 106 | ✅ | | cal | `10.0.10.228` | LXC 210 | ✅ | | caseware | `10.0.10.105` | LXC 215 | ✅ | | auto | `10.0.10.59` | LXC 216 | ✅ | | portfolio | `10.0.10.106` | LXC 219 | ✅ | | levkin | `10.0.10.60` | LXC 220 | ✅ | | identity | `10.0.10.21` | LXC 217 | ✅ | | monitoring | `10.0.10.22` | LXC 218 | ✅ | | vaultwardenVM | `10.0.10.142` | VM 104 | ✅ | | giteaVM | `10.0.10.169` | VM 102 | ✅ | | n8n | `10.0.10.154` | VM 103? | ⚠️ verify (WRA vs n8n) | | listmonk | `10.0.10.148` | LXC **221** | ✅ migrated from pve201 VM 113 | | mailcow | `10.0.10.132` | pve201 VM 106 | ✅ `[comms]` | | hermes | `10.0.10.36` | VM 117 | ✅ on pve10 | | jellyfin | `10.0.10.232` | VM 101 | ✅ (stopped until NAS healthy) | | nextcloud | `10.0.10.24` | VM 201 | stopped / retired (commented in inventory) | | portainerVM | — | VM 109 | removed (Dockge on monitoring) | --- ## Static IP conversion queue (pve10) Priority order (plan-2): 1. ✅ **LXC 210** — done (`10.0.10.228/24`) 2. ✅ **LXC 215, 216** — pinned (`.105`, `.59`) 3. ✅ **LXC 217** (identity) — `10.0.10.21/24`, Authentik deployed 4. ✅ **VM 106** (caddy) — static in-guest `.50` 5. ✅ **LXC 218** (monitoring) — `.22`, Kuma/Dockge/Umami 6. ✅ **VMs** — UniFi DHCP reservations applied 2026-05-24 — [vm-static-ip-router-reservations.md](vm-static-ip-router-reservations.md); skip **201** (retired) 7. **New:** edge LXC @ **`.20`** (Phase 1.5) Example: ```bash # On pve10 (PVENAS) pct set 215 -net0 name=eth0,bridge=vmbr0,ip=10.0.10.105/24,gw=10.0.10.1 pct set 216 -net0 name=eth0,bridge=vmbr0,ip=10.0.10.59/24,gw=10.0.10.1 ``` --- ## NAS / storage note - ZFS pool **`NAS.SP00`** on this node: **DEGRADED** (disk `W4J0L3PY` failed). See [nas-sp00-drive-failure-report.md](nas-sp00-drive-failure-report.md), [nas-sp00-smart-audit-2026-05-21.md](nas-sp00-smart-audit-2026-05-21.md). - VM **201** root disk on NAS — avoid heavy I/O until pool is healthy. --- ## QA / control (not pve10 LXCs) See [ci-runners-and-control.md](ci-runners-and-control.md). | Inventory | IP | Proxmox | Notes | |-----------|-----|---------|-------| | git-ci-01 | `10.0.10.223` | pve201 VM 115 | Gitea Actions runner | | sonarqube-01 | `10.0.10.54` | pve201 | SonarQube | | ansibleVM | `10.0.10.157` | pve201 | Ansible control (`master`) | --- ## Audit checklist - [x] `pct list` / `qm list` on pve10 - [x] ARP / ping for running guests - [ ] `pct exec` / guest agent for VMs missing IPv4 - [x] Initial `host-list.md` created - [x] Pin 215/216 static - [x] Identity LXC 217 @ `.21` (Authentik Phase 1 infra) - [x] Monitoring LXC 218 @ `.22` - [x] Caddy VM 106 static `.50` - [x] LXC backups `backup-20260522` on 217, 218 - [x] Router DHCP reservations for VMs — UniFi API 2026-05-24 - [x] Retire VM 201 (Nextcloud) — stopped 2026-05-23 - [x] Listmonk → pve10 LXC 221 @ `.148` (static via `pct set`; no UniFi lease needed) - [x] Phase 0 complete — all critical guests pinned - [ ] Re-run after NAS disk replace