ilia
0f34c51fc8
All checks were successful
CI / skip-ci-check (pull_request) Successful in 8s
CI / lint-and-test (pull_request) Successful in 17s
CI / secret-scanning (pull_request) Successful in 8s
CI / dependency-scan (pull_request) Successful in 18s
CI / ansible-validation (pull_request) Successful in 54s
CI / sast-scan (pull_request) Successful in 29s
CI / license-check (pull_request) Successful in 14s
CI / vault-check (pull_request) Successful in 13s
CI / container-scan (pull_request) Successful in 8s
CI / sonar-analysis (pull_request) Successful in 8s
CI / playbook-test (pull_request) Successful in 27s
CI / workflow-summary (pull_request) Successful in 6s
Consolidate sprint status into handoff docs, add Listmonk/Mattermost/Mailcow and Vikunja SSO guides, Beszel alerts script, mattermost inventory, and mark phases 0–1 complete with phase 2 backlog for edge Caddy and security. Co-authored-by: Cursor <cursoragent@cursor.com>
8.3 KiB
8.3 KiB
Host list — Proxmox guests (source of truth)
Node: PVENAS (pve10 @ 10.0.10.10)
Audited: 2026-05-24 (Phase 0 complete — LXCs static + UniFi VM DHCP)
LAN: 10.0.10.0/24, gateway 10.0.10.1
Update this file whenever a guest is created, migrated, or re-IP’d. See levkin-selfhost-plan-2.md for IP range policy.
IP range plan (10.0.10.0/24)
| Range | Reserved for |
|---|---|
.1–.9 |
Network gear |
.10–.19 |
Proxmox host(s) + PBS |
.20–.39 |
Edge / identity / comms |
.40–.79 |
Application LXCs / VMs |
.80–.99 |
Media VMs |
.100–.199 |
DHCP pool (clients) |
.200–.249 |
Labs / heavy VMs |
.250–.254 |
Reserved |
Rollout reservations (free): .20 edge LXC
Proxmox host
| VMID | Name | Role | Current IP | Target static IP | DHCP/Static | Notes |
|---|---|---|---|---|---|---|
| — | pve10 | Proxmox (PVENAS) | 10.0.10.10/24 |
.10 |
Static | This node |
LXCs (pve10)
| VMID | Name | Plan group | Current IP | Target static IP | DHCP/Static | MAC | Notes |
|---|---|---|---|---|---|---|---|
| 210 | cal | business | 10.0.10.228/24 |
10.0.10.228/24 |
✅ Static | BC:24:11:DD:F8:7C |
Cal.com — pct set applied; in Ansible hosts |
| 215 | caseware | marketing site | 10.0.10.105/24 |
10.0.10.105/24 |
✅ Static | BC:24:11:72:04:53 |
Static HTML /var/www/caseware → caseware.levkin.ca |
| 216 | auto | marketing site | 10.0.10.59/24 |
10.0.10.59/24 |
✅ Static | BC:24:11:43:F0:86 |
Static HTML /var/www/auto → auto.levkin.ca |
| 219 | portfolio | marketing site | 10.0.10.106/24 |
10.0.10.106/24 |
✅ Static | BC:24:11:DF:94:32 |
Static HTML /var/www/portfolio → iliadobkin.com (migrated from pve201 LXC 306) |
| 220 | levkin | marketing site | 10.0.10.60/24 |
10.0.10.60/24 |
✅ Static | BC:24:11:C6:B2:E4 |
Vite www/ → levkin.ca (spec), levkin.ca/folders (stack) — site-lxc-git.md |
| 217 | identity | identity | 10.0.10.21/24 |
10.0.10.21/24 |
✅ Static | BC:24:11:3C:85:45 |
Authentik + Postgres + Redis; auth.levkin.ca via Caddy |
| 218 | monitoring | monitoring | 10.0.10.22/24 |
10.0.10.22/24 |
✅ Static | BC:24:11:54:43:13 |
Kuma :3001, Dockge :5001, Umami :3000, Beszel :8090 (LAN) — monitoring-stack.md |
| 221 | listmonk | productivity | 10.0.10.148/24 |
10.0.10.148/24 |
✅ Static | BC:24:11:18:0C:62 |
Migrated from pve201 VM 113 2026-05-23; Postgres 17 + native binary |
pve201 (not pve10): LXC 305 kuma-debian @ 10.0.10.197 — stopped 2026-05-22 (replaced by monitoring LXC 218). onboot disabled. LXC 306 portfolio — destroyed/purged 2026-05-22 (now pve10 LXC 219 @ 10.0.10.106).
VMs (pve10)
| VMID | Name | Plan group | Current IP | Target static IP | DHCP/Static | MAC | Notes |
|---|---|---|---|---|---|---|---|
| 100 | homepage-debian | — | — | — | — | — | Stopped |
| 101 | Jellyfin | media | 10.0.10.232 |
10.0.10.232/24 |
⏳ DHCP? | BC:24:11:29:B8:84 |
Stopped (turned off 2026-05-22); inventory jellyfin |
| 102 | gitea-alpine | — | 10.0.10.169/24 |
10.0.10.169/24 |
⏳ stable DHCP | BC:24:11:E9:BD:E5 |
Pin in-guest or router reservation |
| 103 | WRA | — | 10.0.10.154/24 |
10.0.10.154/24 |
⏳ stable DHCP | BC:24:11:61:DE:7A |
Inventory n8n; pin when automating |
| 104 | vaultwarden-debian | identity | 10.0.10.142/24 |
10.0.10.142/24 |
⏳ stable DHCP | BC:24:11:58:DB:DC |
Inventory vaultwardenVM |
| 105 | TrueNAS | — | 10.0.10.107/24 |
10.0.10.107/24 |
⏳ stable DHCP | BC:24:11:14:DE:B5 |
NAS UI; pool NAS.SP00 degraded |
| 106 | caddy-debian | edge | 10.0.10.50/24 |
10.0.10.50/24 → .20 (Phase 1.5) |
✅ Static (in-guest) | BC:24:11:E0:49:B4 |
/etc/network/interfaces static; Ansible caddy |
| 107 | mattermost-ubuntu | comms | 10.0.10.237/24 |
10.0.10.237/24 |
⏳ router DHCP | BC:24:11:66:6E:01 |
slack.levkin.ca → Caddy → :8065 |
| 108 | actual-debian | business | 10.0.10.158/24 |
10.0.10.158/24 |
⏳ stable DHCP | BC:24:11:10:7B:64 |
Inventory actual |
| 109 | portainer-alpine | — | — | — | ✅ Removed | BC:24:11:0F:40:4F |
Destroyed 2026-05-23; Dockge on monitoring LXC 218 |
| 150 | pihole00-debian | — | link-local* | TBD | ⏳ | BC:24:11:86:76:97 |
Running |
| 117 | hermes | services | 10.0.10.36/24 |
10.0.10.36/24 |
⏳ stable DHCP | BC:24:11:51:1E:99 |
On pve10; guest agent; inventory hermes |
| 200 | PVE.BU.SVR | labs | 10.0.10.200/24 |
10.0.10.200/24 |
⏳ stable DHCP | BC:24:11:DA:95:3B |
Running |
| 201 | NextcloudAIO-debian | (decommission) | 10.0.10.24/24 |
— | 🗑️ Stopped | BC:24:11:14:D4:DE |
Retired 2026-05-23 — Caddy removed, onboot 0, ~8 GiB RAM freed |
| 300 | pihole-debian | — | — | — | — | — | Stopped |
* ARP showed IPv6 link-local only at audit time — confirm IPv4 inside guest or install QEMU guest agent.
Inventory cross-reference (Ansible hosts)
| Inventory name | IP in hosts | pve10 guest | Match |
|---|---|---|---|
| caddy | 10.0.10.50 |
VM 106 | ✅ |
| cal | 10.0.10.228 |
LXC 210 | ✅ |
| caseware | 10.0.10.105 |
LXC 215 | ✅ |
| auto | 10.0.10.59 |
LXC 216 | ✅ |
| portfolio | 10.0.10.106 |
LXC 219 | ✅ |
| levkin | 10.0.10.60 |
LXC 220 | ✅ |
| identity | 10.0.10.21 |
LXC 217 | ✅ |
| monitoring | 10.0.10.22 |
LXC 218 | ✅ |
| vaultwardenVM | 10.0.10.142 |
VM 104 | ✅ |
| giteaVM | 10.0.10.169 |
VM 102 | ✅ |
| n8n | 10.0.10.154 |
VM 103? | ⚠️ verify (WRA vs n8n) |
| listmonk | 10.0.10.148 |
LXC 221 | ✅ migrated from pve201 VM 113 |
| mailcow | 10.0.10.132 |
pve201 VM 106 | ✅ [comms] |
| hermes | 10.0.10.36 |
VM 117 | ✅ on pve10 |
| jellyfin | 10.0.10.232 |
VM 101 | ✅ (stopped until NAS healthy) |
| nextcloud | 10.0.10.24 |
VM 201 | stopped / retired (commented in inventory) |
| portainerVM | — | VM 109 | removed (Dockge on monitoring) |
Static IP conversion queue (pve10)
Priority order (plan-2):
- ✅ LXC 210 — done (
10.0.10.228/24) - ✅ LXC 215, 216 — pinned (
.105,.59) - ✅ LXC 217 (identity) —
10.0.10.21/24, Authentik deployed - ✅ VM 106 (caddy) — static in-guest
.50 - ✅ LXC 218 (monitoring) —
.22, Kuma/Dockge/Umami - ✅ VMs — UniFi DHCP reservations applied 2026-05-24 — vm-static-ip-router-reservations.md; skip 201 (retired)
- New: edge LXC @
.20(Phase 1.5)
Example:
# On pve10 (PVENAS)
pct set 215 -net0 name=eth0,bridge=vmbr0,ip=10.0.10.105/24,gw=10.0.10.1
pct set 216 -net0 name=eth0,bridge=vmbr0,ip=10.0.10.59/24,gw=10.0.10.1
NAS / storage note
- ZFS pool
NAS.SP00on this node: DEGRADED (diskW4J0L3PYfailed). See nas-sp00-drive-failure-report.md, nas-sp00-smart-audit-2026-05-21.md. - VM 201 root disk on NAS — avoid heavy I/O until pool is healthy.
QA / control (not pve10 LXCs)
See ci-runners-and-control.md.
| Inventory | IP | Proxmox | Notes |
|---|---|---|---|
| git-ci-01 | 10.0.10.223 |
pve201 VM 115 | Gitea Actions runner |
| sonarqube-01 | 10.0.10.54 |
pve201 | SonarQube |
| ansibleVM | 10.0.10.157 |
pve201 | Ansible control (master) |
Audit checklist
pct list/qm liston pve10- ARP / ping for running guests
pct exec/ guest agent for VMs missing IPv4- Initial
host-list.mdcreated - Pin 215/216 static
- Identity LXC 217 @
.21(Authentik Phase 1 infra) - Monitoring LXC 218 @
.22 - Caddy VM 106 static
.50 - LXC backups
backup-20260522on 217, 218 - Router DHCP reservations for VMs — UniFi API 2026-05-24
- Retire VM 201 (Nextcloud) — stopped 2026-05-23
- Listmonk → pve10 LXC 221 @
.148(static viapct set; no UniFi lease needed) - Phase 0 complete — all critical guests pinned
- Re-run after NAS disk replace