ilia
f0ff00a8dc
All checks were successful
CI / skip-ci-check (pull_request) Successful in 6s
CI / ansible-validation (pull_request) Successful in 46s
CI / lint-and-test (pull_request) Successful in 51s
CI / secret-scanning (pull_request) Successful in 6s
CI / dependency-scan (pull_request) Successful in 15s
CI / license-check (pull_request) Successful in 13s
CI / sast-scan (pull_request) Successful in 24s
CI / vault-check (pull_request) Successful in 11s
CI / container-scan (pull_request) Successful in 6s
CI / sonar-analysis (pull_request) Successful in 5s
CI / playbook-test (pull_request) Successful in 25s
CI / workflow-summary (pull_request) Successful in 4s
Inventory and Caddy playbook for levkin LXC 220; Makefile target caddy-levkin. Document git-ci-01 disk (64G), capacity 2, prune cron, and pve201 RAM limits in host_vars and homelab guides. Co-authored-by: Cursor <cursoragent@cursor.com>
7.6 KiB
7.6 KiB
Host list — Proxmox guests (source of truth)
Node: PVENAS (pve10 @ 10.0.10.10)
Audited: 2026-05-22 (Phase 0 IP pass + monitoring LXC 218 provisioned)
LAN: 10.0.10.0/24, gateway 10.0.10.1
Update this file whenever a guest is created, migrated, or re-IP’d. See levkin-selfhost-plan-2.md for IP range policy.
IP range plan (10.0.10.0/24)
| Range | Reserved for |
|---|---|
.1–.9 |
Network gear |
.10–.19 |
Proxmox host(s) + PBS |
.20–.39 |
Edge / identity / comms |
.40–.79 |
Application LXCs / VMs |
.80–.99 |
Media VMs |
.100–.199 |
DHCP pool (clients) |
.200–.249 |
Labs / heavy VMs |
.250–.254 |
Reserved |
Rollout reservations (free): .20 edge LXC
Proxmox host
| VMID | Name | Role | Current IP | Target static IP | DHCP/Static | Notes |
|---|---|---|---|---|---|---|
| — | pve10 | Proxmox (PVENAS) | 10.0.10.10/24 |
.10 |
Static | This node |
LXCs (pve10)
| VMID | Name | Plan group | Current IP | Target static IP | DHCP/Static | MAC | Notes |
|---|---|---|---|---|---|---|---|
| 210 | cal | business | 10.0.10.228/24 |
10.0.10.228/24 |
✅ Static | BC:24:11:DD:F8:7C |
Cal.com — pct set applied; in Ansible hosts |
| 215 | caseware | marketing site | 10.0.10.105/24 |
10.0.10.105/24 |
✅ Static | BC:24:11:72:04:53 |
Static HTML /var/www/caseware → caseware.levkin.ca |
| 216 | auto | marketing site | 10.0.10.59/24 |
10.0.10.59/24 |
✅ Static | BC:24:11:43:F0:86 |
Static HTML /var/www/auto → auto.levkin.ca |
| 219 | portfolio | marketing site | 10.0.10.106/24 |
10.0.10.106/24 |
✅ Static | BC:24:11:DF:94:32 |
Static HTML /var/www/portfolio → iliadobkin.com (migrated from pve201 LXC 306) |
| 220 | levkin | marketing site | 10.0.10.60/24 |
10.0.10.60/24 |
✅ Static | BC:24:11:C6:B2:E4 |
Vite www/ → levkin.ca (spec), levkin.ca/folders (stack) — site-lxc-git.md |
| 217 | identity | identity | 10.0.10.21/24 |
10.0.10.21/24 |
✅ Static | BC:24:11:3C:85:45 |
Authentik + Postgres + Redis; auth.levkin.ca via Caddy |
| 218 | monitoring | monitoring | 10.0.10.22/24 |
10.0.10.22/24 |
✅ Static | BC:24:11:54:43:13 |
Uptime Kuma :3001, Dockge :5001, Umami :3000 — see monitoring-stack.md |
pve201 (not pve10): LXC 305 kuma-debian @ 10.0.10.197 — stopped 2026-05-22 (replaced by monitoring LXC 218). onboot disabled. LXC 306 portfolio — destroyed/purged 2026-05-22 (now pve10 LXC 219 @ 10.0.10.106).
VMs (pve10)
| VMID | Name | Plan group | Current IP | Target static IP | DHCP/Static | MAC | Notes |
|---|---|---|---|---|---|---|---|
| 100 | homepage-debian | — | — | — | — | — | Stopped |
| 101 | Jellyfin | media | 10.0.10.232 |
10.0.10.232/24 |
⏳ DHCP? | BC:24:11:29:B8:84 |
Stopped (turned off 2026-05-22); inventory jellyfin |
| 102 | gitea-alpine | — | 10.0.10.169/24 |
10.0.10.169/24 |
⏳ stable DHCP | BC:24:11:E9:BD:E5 |
Pin in-guest or router reservation |
| 103 | WRA | — | 10.0.10.154/24 |
10.0.10.154/24 |
⏳ stable DHCP | BC:24:11:61:DE:7A |
Inventory n8n; pin when automating |
| 104 | vaultwarden-debian | identity | 10.0.10.142/24 |
10.0.10.142/24 |
⏳ stable DHCP | BC:24:11:58:DB:DC |
Inventory vaultwardenVM |
| 105 | TrueNAS | — | 10.0.10.107/24 |
10.0.10.107/24 |
⏳ stable DHCP | BC:24:11:14:DE:B5 |
NAS UI; pool NAS.SP00 degraded |
| 106 | caddy-debian | edge | 10.0.10.50/24 |
10.0.10.50/24 → .20 (Phase 1.5) |
✅ Static (in-guest) | BC:24:11:E0:49:B4 |
/etc/network/interfaces static; Ansible caddy |
| 107 | mattermost-ubuntu | comms | 10.0.10.107? |
TBD | ⏳ | BC:24:11:66:6E:01 |
Ping .107 up; confirm not TrueNAS conflict — verify in guest |
| 108 | actual-debian | business | 10.0.10.158/24 |
10.0.10.158/24 |
⏳ stable DHCP | BC:24:11:10:7B:64 |
Inventory actual |
| 109 | portainer-alpine | — | unknown | — | ⏳ | BC:24:11:0F:40:4F |
Running; retire → Dockge on monitoring LXC |
| 150 | pihole00-debian | — | link-local* | TBD | ⏳ | BC:24:11:86:76:97 |
Running |
| 117 | hermes | services | 10.0.10.36/24 |
10.0.10.36/24 |
⏳ stable DHCP | BC:24:11:51:1E:99 |
On pve10; guest agent; inventory hermes |
| 200 | PVE.BU.SVR | labs | 10.0.10.200/24 |
10.0.10.200/24 |
⏳ stable DHCP | BC:24:11:DA:95:3B |
Running |
| 201 | NextcloudAIO-debian | (decommission) | 10.0.10.24/24 |
— | 🗑️ Retiring | BC:24:11:14:D4:DE |
Export done; remove Caddy + Kuma monitor, then stop VM |
| 300 | pihole-debian | — | — | — | — | — | Stopped |
* ARP showed IPv6 link-local only at audit time — confirm IPv4 inside guest or install QEMU guest agent.
Inventory cross-reference (Ansible hosts)
| Inventory name | IP in hosts | pve10 guest | Match |
|---|---|---|---|
| caddy | 10.0.10.50 |
VM 106 | ✅ |
| cal | 10.0.10.228 |
LXC 210 | ✅ |
| caseware | 10.0.10.105 |
LXC 215 | ✅ |
| auto | 10.0.10.59 |
LXC 216 | ✅ |
| portfolio | 10.0.10.106 |
LXC 219 | ✅ |
| levkin | 10.0.10.60 |
LXC 220 | ✅ |
| identity | 10.0.10.21 |
LXC 217 | ✅ |
| monitoring | 10.0.10.22 |
LXC 218 | ✅ |
| vaultwardenVM | 10.0.10.142 |
VM 104 | ✅ |
| giteaVM | 10.0.10.169 |
VM 102 | ✅ |
| n8n | 10.0.10.154 |
VM 103? | ⚠️ verify (WRA vs n8n) |
| listmonk | 10.0.10.148 |
— | On pve201 ([comms]) |
| mailcow | 10.0.10.132 |
pve201 VM 106 | ✅ [comms] |
| hermes | 10.0.10.36 |
VM 117 | ✅ on pve10 |
| jellyfin | 10.0.10.232 |
VM 101 | ✅ (stopped until NAS healthy) |
| nextcloud | 10.0.10.24 |
VM 201 | commented out (retiring) |
| portainerVM | — | VM 109 | removed (Dockge on monitoring) |
Static IP conversion queue (pve10)
Priority order (plan-2):
- ✅ LXC 210 — done (
10.0.10.228/24) - ✅ LXC 215, 216 — pinned (
.105,.59) - ✅ LXC 217 (identity) —
10.0.10.21/24, Authentik deployed - ✅ VM 106 (caddy) — static in-guest
.50 - ✅ LXC 218 (monitoring) —
.22, Kuma/Dockge/Umami - VMs — use vm-static-ip-router-reservations.md (router MAC reservations); skip 201 (Nextcloud retire)
- New: edge LXC @
.20(Phase 1.5)
Example:
# On pve10 (PVENAS)
pct set 215 -net0 name=eth0,bridge=vmbr0,ip=10.0.10.105/24,gw=10.0.10.1
pct set 216 -net0 name=eth0,bridge=vmbr0,ip=10.0.10.59/24,gw=10.0.10.1
NAS / storage note
- ZFS pool
NAS.SP00on this node: DEGRADED (diskW4J0L3PYfailed). See nas-sp00-drive-failure-report.md, nas-sp00-smart-audit-2026-05-21.md. - VM 201 root disk on NAS — avoid heavy I/O until pool is healthy.
Audit checklist
pct list/qm liston pve10- ARP / ping for running guests
pct exec/ guest agent for VMs missing IPv4- Initial
host-list.mdcreated - Pin 215/216 static
- Identity LXC 217 @
.21(Authentik Phase 1 infra) - Monitoring LXC 218 @
.22 - Caddy VM 106 static
.50 - LXC backups
backup-20260522on 217, 218 - Router DHCP reservations for VMs — vm-static-ip-router-reservations.md (manual in router UI; table ready)
- Retire VM 201 (Nextcloud)
- Re-run after NAS disk replace