Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitized mirror from private repository - 2026-04-19 08:46:29 UTC
Some checks failed
Documentation / Build Docusaurus (push) Failing after 17m32s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details

Browse Source
This commit is contained in:
Gitea Mirror Bot
2026-04-19 08:46:29 +00:00
commit 11d496f233
1439 changed files with 363180 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/hardware/README.md Normal file
View File

@@ -0,0 +1,34 @@
# Hardware Inventory
Live-verified specs for the homelab fleet. Last refreshed 2026-04-18.
## Index
| Document | Scope |
|---|---|
| [NAS Systems](nas-systems.md) | Atlantis (DS1823xs+), Calypso (DS723+), Setillo (DS223j) |
| [Atlantis Storage](atlantis-storage.md) | Per-volume layout, NVMe pool creation, performance |
| [Compute Hosts](compute-hosts.md) | Olares, NUC, Seattle VPS, Shinku-Ryuu, Matrix-Ubuntu VM, Homelab VM, Jellyfish |
| [Guava](guava.md) | TrueNAS SCALE host (ports, datasets, Portainer) |
| [Raspberry Pi](raspberry-pi.md) | Pi 5 (Vish monitor), Pi 5 (Jellyfish remote) |
| [Network Equipment](network-equipment.md) | Router, 10GbE switch, GL.iNet travel/remote routers |
| [Storage Drives](storage-drives.md) | Every drive, grouped by host |
| [Mobile Devices](mobile-devices.md) | Phones, tablets, laptops on the mesh |
| [NVIDIA Shield](nvidia-shield.md) | Media client device |
## Quick summary
| Category | Items |
|---|---|
| Synology NAS | 3 (Atlantis DS1823xs+, Calypso DS723+, Setillo DS223j) |
| TrueNAS host | 1 (Guava, ZFS, 10GbE) |
| VMs | 2 (Homelab-VM on Proxmox, Matrix-Ubuntu on Atlantis VMM) |
| Physical compute | Olares laptop (Core Ultra 9 + RTX 5090), NUC (i3-6100U), Shinku-Ryuu (i7-14700K + RTX 4080) |
| Cloud | 1 VPS (Seattle / Contabo, 62 GB) |
| Raspberry Pi 5 | 2 (Vish monitor, Jellyfish remote) |
| Network | TP-Link Archer BE800 router, TL-SX1008 10GbE switch, GL-MT3600BE (Beryl 7), GL-BE3600 |
| Retired | GL-MT3000 (kept as spare) |
## Warranty / serials
Live warranty and serial tracking lives in **NetBox** (`https://nb.vish.gg`) under DCIM → Devices → the host's inventory tab. This file stops at models and live specs; anything per-unit (SNs, purchase dates, RMA status) goes to NetBox to avoid drift.

111
docs/hardware/atlantis-storage.md Normal file
View File

@@ -0,0 +1,111 @@
# Atlantis (DS1823xs+) Storage Configuration
## Overview
Atlantis is a Synology DS1823xs+ NAS running DSM 7.3.2. This document details the storage configuration and performance characteristics.
## Hardware
- **Model**: Synology DS1823xs+ (8-bay)
- **CPU**: AMD Ryzen V1780B (4 cores)
- **RAM**: 32GB ECC
- **DSM Version**: 7.3.2-86009
## Storage Volumes
### Volume 1 - Main Storage (SATA RAID6)
| Property | Value |
|----------|-------|
| Drives | 8x Seagate 16TB SATA |
| RAID Level | RAID 6 |
| Usable Capacity | 84 TB |
| Filesystem | Btrfs |
| Encryption | Yes (LUKS) |
| Write Speed | ~77 MB/s |
| Read Speed | ~212 MB/s |
| Mount Point | `/volume1` |
| Purpose | Primary data storage, media, backups |
### Volume 2 - Fast Metadata (NVMe RAID1)
| Property | Value |
|----------|-------|
| Drives | 2x Crucial CT1000P310SSD8 (1TB each) |
| RAID Level | RAID 1 |
| Usable Capacity | 885 GB |
| Filesystem | Btrfs |
| Write Speed | ~422 MB/s |
| Read Speed | ~435 MB/s |
| Mount Point | `/volume2` |
| Purpose | Docker configs, databases, metadata |
### Volume 3 - Fast Downloads (NVMe RAID1)
| Property | Value |
|----------|-------|
| Drives | 2x Synology SNV5420-400G (400GB each) |
| RAID Level | RAID 1 |
| Usable Capacity | 348 GB |
| Filesystem | Btrfs |
| Write Speed | ~621 MB/s |
| Read Speed | ~706 MB/s |
| Mount Point | `/volume3` |
| Purpose | SABnzbd downloads, high-I/O temporary storage |
| Created | 2026-02-01 |
## NVMe Drive Layout
| Device | Model | Slot | Volume |
|--------|-------|------|--------|
| nvme0n1 | Synology SNV5420-400G | M.2 Drive 1-2 (built-in) | Volume 3 |
| nvme1n1 | Synology SNV5420-400G | M.2 Drive 1-1 (built-in) | Volume 3 |
| nvme2n1 | Crucial CT1000P310SSD8 | M.2 Drive 1 (adapter) | Volume 2 |
| nvme3n1 | Crucial CT1000P310SSD8 | M.2 Drive 2 (adapter) | Volume 2 |
## Volume 3 Creation Notes
Volume 3 was created using [007revad's Synology_M2_volume script](https://github.com/007revad/Synology_M2_volume) since DSM's Storage Manager doesn't allow creating M.2 storage pools when another M.2 pool already exists.
### Script used:
```bash
sudo ~/syno_create_m2_volume.sh
```
### Configuration selected:
- RAID Type: RAID 1
- Storage Pool Type: Single Volume
- Drives: nvme0n1 + nvme1n1 (Synology SNV5420)
- Filesystem: Btrfs
### Important Notes:
- Since these are **Synology-branded drives** (SNV5420), they should survive DSM updates without needing the Synology_HDD_db script
- After DSM updates, verify the volume is still accessible. If not, re-run the M2_volume script
- The SNV5420 drives are enterprise-grade with power loss protection (PLP)
## SSD Cache Limitation
**Warning**: The DS1823xs+ has `support_ssd_cache="no"` as a factory default, which prevents using M.2 drives as SSD cache. This appears to be a Synology policy decision for the xs+ line. Combined with the "M.2 storage pool disables all M.2 cache" limitation, SSD cache is not available on this system.
## Performance Comparison
| Volume | Write Speed | Read Speed | Best For |
|--------|-------------|------------|----------|
| Volume 1 (HDD) | 77 MB/s | 212 MB/s | Large file storage |
| Volume 2 (Crucial NVMe) | 422 MB/s | 435 MB/s | Docker configs, databases |
| Volume 3 (Synology NVMe) | **621 MB/s** | **706 MB/s** | Downloads, high-I/O temp |
## Docker Volume Mapping Strategy
```
/volume1/data → Media files, final storage
/volume2/metadata/docker2 → Container configs and databases
/volume3/usenet → SABnzbd downloads (fast writes)
```
The arr-suite containers (Sonarr, Radarr, etc.) are configured to:
1. Download to `/volume3/usenet` (fast NVMe)
2. Process/unpack on `/volume3/usenet` (fast NVMe)
3. Move completed media to `/volume1/data/media` (large HDD storage)
## Related Files
- Arr Suite Compose: `Atlantis/arr-suite/docker-compose.yml`
- This documentation: `docs/hardware/atlantis-storage.md`

152
docs/hardware/compute-hosts.md Normal file
View File

@@ -0,0 +1,152 @@
# Compute Hosts
Live-verified 2026-04-18. Physical compute and VMs that run the homelab stacks (excluding NAS, which is documented in [nas-systems.md](nas-systems.md)).
## Olares — K3s + GPU inference
| | |
|---|---|
| Form factor | Laptop (lid-closed, desktop-docked) |
| CPU | Intel Core Ultra 9 275HX |
| RAM | 96 GB DDR5 (93 GiB usable) |
| GPU | NVIDIA GeForce RTX 5090 Laptop (24 GB VRAM, driver 590.44.01) |
| OS | Ubuntu 24.04 (kernel 6.14.0-35-generic) |
| LAN IP | 192.168.0.145 |
| Role | K3s cluster — Ollama (`qwen3:32b`, `qwen3-coder:latest`), Jellyfin with RTX 5090 transcoding, Tdarr worker node |
Quirks (see [services/individual/olares.md](../services/individual/olares.md)):
- Olares admission webhook blocks `hostNetwork` and reverts custom `NetworkPolicy`. Use Calico `GlobalNetworkPolicy` for LAN exposure.
- **Do not** use `resources: nvidia.com/gpu` — HAMI vGPU causes ffmpeg segfaults. Use `runtimeClassName: nvidia` directly.
- Marketplace app updates wipe NFS mounts and GPU tweaks; re-apply after upgrades.
- Ollama LAN endpoint: `http://192.168.0.145:31434` (NodePort + Calico GNP). Jellyfin LAN: `http://192.168.0.145:30096`.
SSH: `ssh olares` (user `olares`; fail2ban whitelist for 192.168.0.0/24).
## Guava — TrueNAS SCALE
| | |
|---|---|
| OS | TrueNAS SCALE 25.04.2 (Electric Eel; Debian 12 base, kernel 6.12.15-production+truenas) |
| RAM | 30 GB |
| Boot pool | `boot-pool` 464 GB SSD (17 GB used) |
| Data pool | `data` — 3.62 TB raw, 2.16 TB used, 1.47 TB free (RAIDZ, dedup 1.67×) |
| LAN IP | 192.168.0.100 |
| Tailscale IP | 100.75.252.64 |
| Uplink | 10GbE Mellanox ConnectX-5 |
| Containers | 19 (standalone Portainer, not federated with main) |
See [guava.md](guava.md) for port assignments, ZFS datasets, and Portainer API details.
## Concord NUC — edge / backup ISP
| | |
|---|---|
| Model | Intel NUC |
| CPU | Intel Core i3-6100U (2 core / 4 thread) |
| RAM | 16 GB |
| Storage | 238 GB Toshiba VX500 SATA SSD |
| OS | Ubuntu |
| LAN IP | 192.168.68.100 (behind backup ISP) |
| Tailscale IP | 100.72.55.21 |
| Role | Home Assistant, Plex (backup), edge services, Tailscale exit node for backup ISP |
| Containers | 22 |
## Proxmox host (PVE)
| | |
|---|---|
| LAN IP | 192.168.0.205 |
| Tailscale IP | 100.87.12.28 |
| Role | Hypervisor for Homelab VM |
| Access | `ssh pve` (root) |
## Homelab VM — monitoring + tools
| | |
|---|---|
| Host | Proxmox |
| OS | Ubuntu (localhost of this workstation) |
| LAN IP | 192.168.0.210 |
| Tailscale IP | 100.67.40.126 |
| Role | Prometheus, Grafana, Alertmanager, NetBox, Semaphore, Dashboard (Next.js :3100 + FastAPI :18888), Perplexica, Archivebox, SearXNG, ntfy, Syncthing, Hoarder, drawio, Excalidraw |
| Containers | 37 |
**Important:** homelab-vm IS this local workstation. Use local commands, not SSH.
## Matrix-Ubuntu — NPM + Matrix/LiveKit + CrowdSec
| | |
|---|---|
| Host | VM on Atlantis (Synology Virtual Machine Manager) |
| CPU | 4 vCPU (shared with Atlantis Ryzen V1780B) |
| RAM | 12 GB (live: 11 GiB) |
| Storage | 1 TB LV (`/dev/mapper/ubuntu--vg-ubuntu--lv`, ~1005 GB) |
| OS | Ubuntu 24.04 LTS (kernel 6.8.0-107-generic) |
| LAN IP | 192.168.0.154 |
| Tailscale IP | 100.85.21.51 |
| Role | Nginx Proxy Manager (all `*.vish.gg` + partner domains), Matrix (Synapse), Mastodon, LiveKit SFU, CrowdSec (nftables bouncer), Beeper services |
| Containers | 12 |
Standalone — not part of Portainer federation. Let's Encrypt wildcards issued via acme.sh on this host.
## Seattle — Contabo Cloud VPS
| | |
|---|---|
| Provider | Contabo (Seattle region) |
| Hostname | vmi2076105 |
| OS | Ubuntu 24.04.4 LTS (kernel 6.8.0-100-generic) |
| RAM | 62 GB |
| Disk | 290 GB (~110 GB free) |
| Public IP | YOUR_WAN_IP |
| Tailscale IP | 100.82.197.124 |
| Role | HolyClaude AI coding (`:3059`), Matrix LiveKit/Stoatchat stack, Tailscale DERP relay (`derper`), Obsidian/Wallabag/KeeWeb, Cloudflare DDNS updaters |
| Containers | 20 |
See [hosts/seattle.md](../hosts/seattle.md) for full service map and networking.
## Shinku-Ryuu — primary workstation (Windows)
| | |
|---|---|
| CPU | Intel Core i7-14700K |
| RAM | 96 GB DDR5 |
| GPU | NVIDIA GeForce RTX 4080 (16 GB) |
| Uplink | 10GbE Mellanox ConnectX-5 |
| LAN IP | 192.168.0.3 |
| Tailscale IP | 100.98.93.15 |
| OS | Windows 11 |
Tailscale `accept_routes=false` (prevents Calypso's subnet advertisement from stealing LAN replies). Used for daily-driver work and games (Goblin Nest / Handyman Fantasy cheat projects referenced in memory).
## Jellyfish — remote RPi workstation
| | |
|---|---|
| Model | Raspberry Pi 5 Model B Rev 1.0 (4 GB) |
| OS | Raspberry Pi OS (kernel 6.12.75+rpt-rpi-2712) |
| Tailscale IP | 100.69.121.120 |
| Location | Behind GL-MT3600BE (Beryl 7) on `192.168.12.0/24` |
| Role | LAN backup / media helper |
| Containers | 2 |
Has a LUKS/EXT4 SSD recovery in progress (see `project_jellyfish_fsck` memory entry).
See [raspberry-pi.md](raspberry-pi.md) for the Pi 5 (Vish) monitoring host.
## Summary
| Host | Role | CPU | RAM | Containers/Pods |
|---|---|---|---|---|
| Atlantis | Primary NAS | Ryzen V1780B | 32 GB | 59 |
| Calypso | Secondary NAS | Ryzen R1600 | 32 GB | 61 |
| Setillo | Remote NAS | RTD1619B | 1 GB | 4 |
| Olares | K3s + GPU LLM | Core Ultra 9 275HX | 96 GB | ~60 pods |
| Guava | TrueNAS SCALE | — | 30 GB | 19 |
| NUC | Edge / backup ISP | i3-6100U | 16 GB | 22 |
| Homelab VM | Monitoring | (Proxmox) | 16 GB | 37 |
| Matrix-Ubuntu | NPM/Matrix/LiveKit | 4 vCPU V1780B | 12 GB | 12 |
| Seattle VPS | Cloud services | Contabo vCPU | 62 GB | 20 |
| Shinku-Ryuu | Workstation | i7-14700K | 96 GB | n/a |
| Pi-5 Vish | Monitoring | BCM2712 | 16 GB | 7 |
| Jellyfish | Remote RPi | BCM2712 | 4 GB | 2 |

234
docs/hardware/guava.md Normal file
View File

@@ -0,0 +1,234 @@
# Guava - TrueNAS Scale Server
**Hostname**: guava
**IP Address**: 192.168.0.100
**Tailscale IP**: 100.75.252.64
**Domain**: guava.crista.home
**OS**: TrueNAS Scale 25.04.2.6 (Debian 12 Bookworm)
**Kernel**: 6.12.15-production+truenas
---
## Hardware Specifications
| Component | Specification |
|-----------|---------------|
| **CPU** | 12 cores |
| **RAM** | 30 GB |
| **Storage** | ZFS pools (1.5TB+ available) |
| **Docker** | 27.5.0 |
| **Compose** | v2.32.3 |
---
## Storage Layout
### Boot Pool
- `/` - Root filesystem (433GB available)
- ZFS dataset: `boot-pool/ROOT/25.04.2.6`
### Data Pool (`/mnt/data/`)
| Dataset | Size Used | Purpose |
|---------|-----------|---------|
| `data/guava_turquoise` | 3.0TB / 4.5TB | Primary storage (67% used) |
| `data/photos` | 159GB | Photo storage |
| `data/jellyfin` | 145GB | Media library |
| `data/llama` | 59GB | LLM models |
| `data/plane-data` | ~100MB | Plane.so application data |
| `data/iso` | 556MB | ISO images |
| `data/cocalc` | 324MB | Computational notebook |
| `data/website` | 59MB | Web content |
| `data/openproject` | 13MB | OpenProject (postgres) |
| `data/fasten` | 5.7MB | Health records |
| `data/fenrus` | 3.5MB | Dashboard config |
| `data/medical` | 14MB | Medical records |
| `data/truenas-exporters` | - | Prometheus exporters |
### TrueNAS Apps (`/mnt/.ix-apps/`)
- Docker storage: 28GB used
- App configs and mounts for TrueNAS-managed apps
---
## Network Configuration
| Service | Port | Protocol | URL |
|---------|------|----------|-----|
| Portainer | 31015 | HTTPS | https://guava.crista.home:31015 |
| **Plane.so** | 3080 | HTTP | **http://guava.crista.home:3080** |
| Plane.so HTTPS | 3443 | HTTPS | https://guava.crista.home:3443 |
| Jellyfin | 30013 | HTTP | http://guava.crista.home:30013 |
| Jellyfin HTTPS | 30014 | HTTPS | https://guava.crista.home:30014 |
| Gitea | 30008-30009 | HTTP | http://guava.crista.home:30008 |
| WireGuard | 51827 | UDP | - |
| wg-easy UI | 30058 | HTTP | http://guava.crista.home:30058 |
| Fenrus | 45678 | HTTP | http://guava.crista.home:45678 |
| Fasten | 9090 | HTTP | http://guava.crista.home:9090 |
| Node Exporter | 9100 | HTTP | http://guava.crista.home:9100/metrics |
| nginx | 28888 | HTTP | http://guava.crista.home:28888 |
| iperf3 | 5201 | TCP | - |
| SSH | 22 | TCP | - |
| SMB | 445 | TCP | - |
| Pi-hole DNS | 53 | TCP/UDP | - |
---
## Portainer Access
| Setting | Value |
|---------|-------|
| **URL** | `https://guava.crista.home:31015` |
| **API Endpoint** | `https://localhost:31015/api` (from guava) |
| **Endpoint ID** | 3 (local) |
| **API Token** | `ptr_REDACTED_PORTAINER_TOKEN` |
### API Examples
```bash
# List stacks
curl -sk -H 'X-API-Key: "REDACTED_API_KEY" \
'https://localhost:31015/api/stacks'
# List containers
curl -sk -H 'X-API-Key: "REDACTED_API_KEY" \
'https://localhost:31015/api/endpoints/3/docker/containers/json'
# Create stack from compose string
curl -sk -X POST \
-H 'X-API-Key: "REDACTED_API_KEY" \
-H 'Content-Type: application/json' \
'https://localhost:31015/api/stacks/create/standalone/string?endpointId=3' \
-d '{"name": "my-stack", "REDACTED_APP_PASSWORD": "..."}'
```
---
## Deployed Stacks (Portainer)
| ID | Name | Status | Description |
|----|------|--------|-------------|
| 2 | nginx | ✅ Active | Reverse proxy (:28888) |
| 3 | ddns | ✅ Active | Dynamic DNS updater (crista.love) |
| 4 | llama | ⏸️ Inactive | LLM server |
| 5 | fenrus | ✅ Active | Dashboard (:45678) |
| 8 | fasten | ✅ Active | Health records (:9090) |
| 17 | node-exporter | ✅ Active | Prometheus metrics (:9100) |
| 18 | iperf3 | ✅ Active | Network speed testing (:5201) |
| 25 | cocalc | ⏸️ Inactive | Computational notebook |
| **26** | **plane-stack** | ✅ Active | **Project management (:3080)** |
### TrueNAS-Managed Apps (ix-apps)
| App | Container | Port | Description |
|-----|-----------|------|-------------|
| Portainer | ix-portainer-portainer-1 | 31015 | Container management |
| Gitea | ix-gitea-gitea-1 | 30008-30009 | Git server |
| Gitea DB | ix-gitea-postgres-1 | - | PostgreSQL for Gitea |
| Jellyfin | ix-jellyfin-jellyfin-1 | 30013, 30014 | Media server |
| WireGuard | ix-wg-easy-wg-easy-1 | 30058, 51827/udp | VPN server |
| Tailscale | ix-tailscale-tailscale-1 | - | Mesh VPN |
| Pi-hole | (configured) | 53 | DNS server |
---
## SSH Access
### Via Cloudflare Tunnel
```bash
# Install cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /tmp/cloudflared
chmod +x /tmp/cloudflared
# SSH config
cat >> ~/.ssh/config << 'EOF'
Host guava
HostName ruled-bowl-dos-jews.trycloudflare.com
User vish
IdentityFile ~/.ssh/id_ed25519
ProxyCommand /tmp/cloudflared access ssh --hostname %h
EOF
# Connect
ssh guava
```
### Direct (Local Network)
```bash
ssh vish@192.168.0.100
```
**Note**: Docker commands require `sudo` on guava.
---
## Services Documentation
### Plane.so
See [plane.yaml](../../hosts/physical/guava/plane.yaml) for the full stack configuration.
| Component | Container | Port | Purpose |
|-----------|-----------|------|---------|
| Frontend | plane-web | 3000 | Web UI |
| Admin | plane-admin | 3000 | Admin panel |
| Space | plane-space | 3000 | Public pages |
| API | plane-api | 8000 | Backend API |
| Worker | plane-worker | 8000 | Background jobs |
| Beat | plane-beat | 8000 | Scheduled tasks |
| Live | plane-live | 3000 | Real-time updates |
| Database | plane-db | 5432 | PostgreSQL |
| Cache | plane-redis | 6379 | Valkey/Redis |
| Queue | plane-mq | 5672 | RabbitMQ |
| Storage | plane-minio | 9000 | MinIO S3 |
| Proxy | plane-proxy | 80/443 | Caddy reverse proxy |
**Access URL**: http://guava.crista.home:3080
**Data Location**: `/mnt/data/plane-data/`
---
## Maintenance
### Backup Locations
| Data | Path | Priority |
|------|------|----------|
| Plane DB | `/mnt/data/plane-data/postgres/` | High |
| Plane Files | `/mnt/data/plane-data/minio/` | High |
| Gitea | `/mnt/.ix-apps/app_mounts/gitea/` | High |
| Jellyfin Config | `/mnt/.ix-apps/app_mounts/jellyfin/config/` | Medium |
| Photos | `/mnt/data/photos/` | High |
### Common Commands
```bash
# Check all containers
sudo docker ps -a
# View stack logs
sudo docker compose -f /path/to/stack logs -f
# Restart a stack via Portainer API
curl -sk -X POST \
-H 'X-API-Key: TOKEN' \
'https://localhost:31015/api/stacks/STACK_ID/stop?endpointId=3'
curl -sk -X POST \
-H 'X-API-Key: TOKEN' \
'https://localhost:31015/api/stacks/STACK_ID/start?endpointId=3'
```
---
## Related Documentation
- [Plane.so Service Docs](../services/individual/plane.md)
- [TrueNAS Scale Documentation](https://www.truenas.com/docs/scale/)
- [AGENTS.md](../../AGENTS.md) - Quick reference for all hosts
---
*Last updated: February 4, 2026*
*Verified via SSH - all services confirmed running*

192
docs/hardware/mobile-devices.md Normal file
View File

@@ -0,0 +1,192 @@
# 📱 Mobile Devices
*Mobile device integration and management in the homelab ecosystem*
## Overview
Documentation of mobile devices, tablets, and portable systems integrated with the homelab infrastructure.
## Device Categories
### Smartphones
#### Android Devices
- **Primary phones**: Various Android models
- **Homelab apps**: Portainer, SSH clients, monitoring apps
- **VPN access**: Tailscale mesh network connectivity
- **Remote management**: Full homelab access on-the-go
#### iOS Devices
- **iPhone integration**: Native iOS apps for homelab services
- **Shortcuts automation**: iOS Shortcuts for common tasks
- **VPN profiles**: WireGuard/Tailscale configuration
### Tablets
#### Android Tablets
- **Dashboard displays**: Wall-mounted control panels
- **Home Assistant**: Dedicated home automation interface
- **Monitoring displays**: Grafana dashboards, system status
#### iPad Integration
- **Remote desktop**: VNC/RDP clients for server access
- **Documentation**: Markdown editors, note-taking
- **Media consumption**: Plex, Jellyfin streaming
### Portable Computers
#### Laptops
- **Development machines**: Remote development environments
- **Administration**: Full homelab management capability
- **Travel setup**: Portable homelab access
#### Steam Deck / Gaming Handhelds
- **Game streaming**: Steam Remote Play, Moonlight
- **Emulation**: RetroArch, standalone emulators
- **Linux desktop**: Full desktop environment access
## Network Integration
### VPN Connectivity
- **Tailscale mesh**: Seamless device integration
- **WireGuard**: High-performance VPN access
- **Always-on VPN**: Automatic connection management
### Local Network Access
- **WiFi profiles**: Automatic network connection
- **Network discovery**: mDNS/Bonjour service discovery
- **Local DNS**: Pi-hole integration for ad blocking
## Application Ecosystem
### Homelab Management Apps
#### Portainer Mobile
- **Container management**: Start/stop containers
- **Log viewing**: Real-time container logs
- **Stack deployment**: Deploy new services remotely
#### SSH Clients
- **Termius**: Professional SSH client
- **JuiceSSH**: Android SSH client
- **Blink Shell**: iOS terminal emulator
#### Monitoring Apps
- **Grafana mobile**: Dashboard viewing
- **Prometheus alerts**: Alert notifications
- **Uptime monitoring**: Service availability checks
### Home Automation
#### Home Assistant Companion
- **Device control**: Smart home device management
- **Automation triggers**: Location-based automation
- **Notifications**: Push notifications for events
#### IoT Device Apps
- **Zigbee2MQTT**: Device management
- **ESPHome**: ESP device configuration
- **Tasmota**: Device firmware management
### Media & Entertainment
#### Streaming Apps
- **Plex**: Media streaming client
- **Jellyfin**: Open-source media streaming
- **Navidrome**: Music streaming client
#### File Access
- **Syncthing**: File synchronization
- **Nextcloud**: Cloud storage access
- **SMB clients**: Network file sharing
## Security & Access Control
### Authentication
- **Biometric authentication**: Fingerprint, face unlock
- **2FA integration**: TOTP, hardware keys
- **SSO integration**: Authentik single sign-on
### Device Management
- **MDM solutions**: Mobile device management
- **App restrictions**: Controlled app installation
- **Remote wipe**: Security breach procedures
### Network Security
- **Certificate management**: SSL/TLS certificates
- **VPN-only access**: Restrict direct internet access
- **Network segmentation**: Isolated device networks
## Backup & Synchronization
### Data Backup
- **Photo backup**: Automatic photo synchronization
- **Document sync**: Important file backup
- **App data backup**: Application settings/data
### Configuration Management
- **VPN profiles**: Backup VPN configurations
- **App settings**: Export/import app configurations
- **Network profiles**: WiFi and network settings
## Power Management
### Battery Optimization
- **Background app limits**: Extend battery life
- **Power-saving modes**: Optimize for longevity
- **Charging optimization**: Preserve battery health
### Portable Power
- **Power banks**: Extended operation capability
- **Wireless charging**: Convenient charging solutions
- **Car charging**: Mobile power solutions
## Development & Testing
### Mobile Development
- **App testing**: Test homelab mobile apps
- **API testing**: REST API client testing
- **Debug tools**: Network analysis, logging
### Remote Development
- **Code editors**: Mobile code editing
- **Git clients**: Version control access
- **Terminal access**: Command-line interface
## Monitoring & Analytics
### Device Monitoring
- **Battery health**: Monitor battery degradation
- **Storage usage**: Track storage consumption
- **Network usage**: Monitor data consumption
### Usage Analytics
- **App usage**: Track homelab app usage
- **Performance metrics**: Device performance monitoring
- **Connectivity analysis**: Network performance tracking
## Travel Integration
### Portable Setup
- **Travel router**: GL.iNet travel networking
- **Mobile hotspot**: Cellular connectivity
- **Offline capabilities**: Cached data access
### Remote Access
- **Cloud tunnels**: Cloudflare tunnel access
- **VPN fallback**: Multiple VPN options
- **Offline documentation**: Local documentation cache
## Troubleshooting
### Common Issues
- **VPN connectivity**: Connection troubleshooting
- **App crashes**: Application stability issues
- **Network problems**: WiFi/cellular connectivity
### Recovery Procedures
- **Factory reset**: Complete device reset
- **App reinstallation**: Clean app installation
- **Configuration restore**: Backup restoration
---
**Status**: ✅ All mobile devices integrated with secure homelab access

81
docs/hardware/nas-systems.md Normal file
View File

@@ -0,0 +1,81 @@
# NAS Systems
Live-verified 2026-04-18. Three Synology NAS units.
## Atlantis — DS1823xs+ (primary)
| | |
|---|---|
| Model | Synology DS1823xs+ (8-bay) |
| CPU | AMD Ryzen Embedded V1780B (4 core / 8 thread) |
| RAM | 32 GB ECC |
| DSM | 7.3.2-86009 |
| LAN IP | 192.168.0.200 |
| Tailscale IP | 100.83.230.112 |
| Uplink | 10GbE via Synology E10M20-T1 (combo card, slot 1) |
| Role | Primary NAS: arr-suite, Immich (with Calypso), Paperless archive mount, AnythingLLM, WireGuard, Matrix-Ubuntu VM host |
| Containers | 59 (as of 2026-04-18) |
Storage layout is documented separately in [atlantis-storage.md](atlantis-storage.md):
- Volume 1 (RAID 6, 8× 16TB IronWolf Pro, 84 TB usable, Btrfs encrypted)
- Volume 2 (RAID 1, 2× Crucial P310 1 TB NVMe via adapter, 885 GB)
- Volume 3 (RAID 1, 2× Synology SNV5420 400 GB NVMe built-in, 348 GB) — SABnzbd working dir
SSH: `ssh atlantis` (port 60000, user `vish`).
## Calypso — DS723+ (secondary)
| | |
|---|---|
| Model | Synology DS723+ (2-bay) |
| CPU | AMD Ryzen Embedded R1600 (2 core / 4 thread) |
| RAM | 32 GB (8 GB stock + 24 GB aftermarket) |
| DSM | 7.3.2-86009 |
| LAN IP | 192.168.0.250 |
| Tailscale IP | 100.103.48.78 |
| Uplink | 10GbE via Synology E10G22-T1-Mini (Intel X550-AT) |
| Role | Secondary NAS: Headscale, Authentik SSO, Gitea, Immich DB, Paperless-NGX, Reactive Resume, SearXNG partner node, primary AdGuard |
| Containers | 61 (as of 2026-04-18) |
Storage:
- Volume 1: 2× 12 TB IronWolf Pro in RAID 1 (~11 TB usable, Btrfs encrypted)
- NVMe cache: 2× 500 GB Crucial P3 Plus in RAID 1
SSH: `ssh calypso` (port 62000, user `Vish`).
## Setillo — DS223j (remote)
| | |
|---|---|
| Model | Synology DS223j (2-bay) |
| Platform | Realtek RTD1619B (aarch64) |
| RAM | 1 GB (non-upgradable) |
| DSM | 7.3.2-86009 |
| Tailscale IP | 100.125.0.20 |
| Uplink | 1 GbE |
| Role | Off-site backup target, secondary AdGuard DNS, Prometheus node + SNMP exporters, dozzle-agent |
| Containers | 4 |
Storage:
- Volume 1: 2× 10 TB WD Gold in RAID 1 (~8.8 TB usable, Btrfs)
Quirks (see [hosts/setillo.md](../hosts/setillo.md) for details):
- `vish` has passwordless sudo but **sudoers blocks shell execution** (`!/bin/sh, !/bin/bash, !/bin/ash, !/usr/bin/su`). Use `sudo tee` / `sudo /opt/bin/opkg` style invocations.
- Entware opkg installed at `/volume1/@entware`, bind-mounted to `/opt` via systemd `opt.mount`.
SSH: `ssh setillo` (user `vish`); root access via `ssh setillo-root` (when needed for rare operations).
## DSM version alignment
All three NAS are on DSM 7.3.2-86009. Updates are coordinated manually; no auto-upgrade.
## Backup targets
| From → To | Method | Cadence |
|---|---|---|
| Atlantis → Calypso | Hyper Backup (media, photos, docs) | Weekly / daily |
| Atlantis/Calypso docker → Setillo | Syncthing | Real-time |
| Atlantis media, photos → Backblaze B2 | Hyper Backup S3 | Weekly |
| Calypso docker → Backblaze B2 | Hyper Backup S3 | Daily |
See [infrastructure/backup-strategy.md](../infrastructure/backup-strategy.md) for full 3-2-1 details.

147
docs/hardware/network-equipment.md Normal file
View File

@@ -0,0 +1,147 @@
# 🌐 Network Equipment
## Router: TP-Link Archer BE800
**WiFi 7 Tri-Band Router**
| Specification | Value |
|---------------|-------|
| Model | Archer BE800 |
| WiFi Standard | WiFi 7 (802.11be) |
| Speed Class | BE19000 |
| Bands | Tri-Band (2.4GHz + 5GHz + 6GHz) |
### Ports
| Port | Type | Speed | Connected To |
|------|------|-------|--------------|
| WAN (SFP+) | SFP+ | 10Gbps | ISP Modem (via TP-Link 10G RJ45→SFP+ adapter) |
| WAN/LAN 1 | RJ45 | 10Gbps | TP-Link TL-SX1008 Switch |
| LAN 2-5 | RJ45 | 2.5Gbps | Proxmox (PVE), Olares, Pi 5, etc. |
### Network Diagram
```
ISP (25Gbps Fiber)
[ONT/Modem]
│ 10G SFP+ (via adapter)
┌───────────────────┐
│ TP-Link BE800 │
│ ┌─────────────┐ │
│ │ SFP+ WAN │◄─┘ 10G to ISP
│ │ 10G LAN │───► TL-SX1008 Switch (10G)
│ │ 2.5G LAN x4 │───► Proxmox, Olares, Pi 5
│ └─────────────┘ │
└───────────────────┘
```
---
## Switch: TP-Link TL-SX1008
**8-Port 10GbE Unmanaged Switch**
| Specification | Value |
|---------------|-------|
| Model | TL-SX1008 |
| Ports | 8x 10GBASE-T (RJ45) |
| Switching Capacity | 160 Gbps |
| Forwarding Rate | 119.04 Mpps |
| Cooling | Fanless (silent) |
| Power | ~15W typical |
### Port Assignments
| Port | Device | Speed | Cable |
|------|--------|-------|-------|
| 1 | TP-Link BE800 (uplink) | 10Gbps | Cat6a |
| 2 | Atlantis (DS1823xs+) | 10Gbps | Cat6a |
| 3 | Calypso (DS723+) | 10Gbps | Cat6a |
| 4 | Guava | 10Gbps | Cat6a |
| 5 | Desktop (shinku-ryuu) | 10Gbps | Cat6a |
| 6 | (Available) | - | - |
| 7 | (Available) | - | - |
| 8 | (Available) | - | - |
---
## 10G Adapter
**TP-Link 10G RJ45 to SFP+ Module**
| Specification | Value |
|---------------|-------|
| Purpose | Connect BE800 SFP+ WAN to ISP modem (RJ45) |
| Speed | 10Gbps |
| Type | RJ45 to SFP+ transceiver |
---
## GL.iNet routers
### GL-MT3600BE (Beryl 7) — active primary remote gateway
| Specification | Value |
|---------------|-------|
| Model | GL-MT3600BE "Beryl 7" |
| Tailscale IP | 100.64.0.10 (Headscale node ID:28) |
| Deployed | 2026-04-16 (replaced GL-MT3000) |
| Purpose | Subnet router for `192.168.12.0/24` (remote location — jellyfish, moon, HA Green) and Tailscale exit node |
| WiFi | WiFi 7 |
| SSH | `ssh gl-be3600` / see also `gl-mt3600be` Headscale entry |
| Watchdog | Cron-based self-heal + Kuma monitor (see `project_tailscale_watchdog` memory) |
### GL-BE3600 (Slate 7)
| Specification | Value |
|---------------|-------|
| Model | GL-BE3600 "Slate 7" |
| Tailscale IP | 100.105.59.123 |
| Purpose | Travel router, exit node (`0.0.0.0/0`, `::/0`) — no subnet routing |
| LAN (when powered) | `192.168.8.0/24` |
| WiFi | WiFi 7 |
| Tailscale version | `1.96.3-tiny.by.admon.1214` |
| Watchdog | Cron-based self-heal (`/usr/bin/tailscale-watchdog.sh`, `*/5 *`) + Kuma monitor |
| Status | Intermittently online (powered on when travelling or testing) |
### GL-MT3000 (Beryl AX) — travel router behind GL-MT3600BE
| Specification | Value |
|---------------|-------|
| Model | GL-MT3000 "Beryl AX" (WiFi 6) |
| Tailscale IP | 100.126.243.15 |
| Purpose | Travel router, exit node (`0.0.0.0/0`, `::/0`) — no subnet routing |
| Mode | Repeater on GL-MT3600BE (wireless uplink) |
| LAN | `192.168.99.0/24` |
| Tailscale version | `1.96.3-tiny.by.admon.1214` |
| Watchdog | Cron-based self-heal (`/usr/bin/tailscale-watchdog.sh`, `*/5 *`) + Kuma monitor (ID 126) |
| Directly connected | `moon` (`192.168.99.223`, has its own Tailscale) |
| Notes | Returned to active service 2026-04-18 (previously marked retired) |
---
## Network Topology Summary
```
┌─────────────────────────────────────┐
│ INTERNET (25Gbps) │
└─────────────────┬───────────────────┘
│ 10G SFP+ (via adapter)
┌─────────────────────────────────────┐
│ TP-Link Archer BE800 │
│ (WiFi 7 Router) │
└───────┬─────────────────┬───────────┘
│ │
10G RJ45│ │2.5G x4
▼ ▼
┌───────────────┐ ┌───────────────┐
│ TL-SX1008 │ │ 2.5G Devices │
│ 10G Switch │ │ • Proxmox │
└───────┬───────┘ │ • Olares │
│ │ • RPi 5 (Vish)│
┌───────┬───────┼───────┐ └───────────────┘
│ │ │ │
▼ ▼ ▼ ▼
Atlantis Calypso Guava Desktop
10GbE 10GbE 10GbE 10GbE
```

488
docs/hardware/nvidia-shield.md Normal file
View File

@@ -0,0 +1,488 @@
# 🎮 NVIDIA Shield TV Pro 4K - Travel Device Configuration
**🟢 Beginner to Intermediate Guide**
The NVIDIA Shield TV Pro serves as a portable homelab access point, providing secure connectivity to your infrastructure while traveling. This guide covers setup, configuration, and usage scenarios.
## 📱 Device Overview
### **Hardware Specifications**
- **Model**: NVIDIA Shield TV Pro (2019)
- **CPU**: NVIDIA Tegra X1+ (8-core, 64-bit ARM)
- **GPU**: 256-core NVIDIA GPU
- **RAM**: 3GB LPDDR4
- **Storage**: 16GB eMMC + microSD expansion
- **Network**: Gigabit Ethernet + 802.11ac WiFi
- **Ports**: 2x USB 3.0, HDMI 2.0b, microSD slot
- **Power**: 20W external adapter
- **Remote**: Voice remote with backlit buttons
- **AI Upscaling**: NVIDIA AI upscaling to 4K
### **Travel Use Cases**
| Scenario | Primary Function | Homelab Integration |
|----------|------------------|-------------------|
| **Hotel Room** | Media streaming, secure browsing | Plex/Jellyfin via Tailscale |
| **Airbnb/Rental** | Personal entertainment system | Full homelab access |
| **Family Visits** | Share media with family | Stream personal library |
| **Business Travel** | Secure work environment | VPN gateway to homelab |
| **Extended Travel** | Portable home setup | Complete service access |
---
## 🔧 Initial Setup & Configuration
### **Step 1: Basic Android TV Setup**
```bash
# Initial device setup
1. Connect to power and HDMI display
2. Follow Android TV setup wizard
3. Sign in with Google account
4. Connect to WiFi network
5. Complete initial updates
6. Enable Developer Options:
- Settings > Device Preferences > About
- Click "Build" 7 times to enable Developer Options
- Settings > Device Preferences > Developer Options
- Enable "USB Debugging"
```
### **Step 2: Enable Sideloading**
```bash
# Allow installation of non-Play Store apps
1. Settings > Device Preferences > Security & Restrictions
2. Enable "Unknown Sources" for apps you trust
3. Or enable per-app when installing Tailscale
```
### **Step 3: Install Essential Apps**
```bash
# Core applications for homelab integration
1. Tailscale (sideloaded)
2. Plex (Play Store)
3. VLC Media Player (Play Store)
4. Chrome Browser (Play Store)
5. Termux (Play Store) - for SSH access
6. Solid Explorer (Play Store) - file management
```
---
## 🌐 Tailscale Configuration
### **Installation Process**
```bash
# Method 1: Direct APK Installation (Recommended)
1. Download Tailscale APK from official website
2. Transfer to Shield via USB drive or network
3. Install using file manager
4. Grant necessary permissions
# Method 2: ADB Installation (Advanced)
# From computer with ADB installed:
adb connect [shield-ip-address]
adb install tailscale.apk
```
### **Tailscale Setup**
```bash
# Initial configuration
1. Open Tailscale app
2. Sign in with your Tailscale account
3. Authorize the device in Tailscale admin console
4. Verify connection to homelab network
5. Test connectivity to homelab services
# Verify connection
# From Termux or ADB shell:
ping atlantis.vish.local
ping 100.83.230.112 # Atlantis Tailscale IP
```
### **Advanced Tailscale Configuration**
```bash
# Configure as exit node (optional)
# Allows Shield to route all traffic through homelab
1. Tailscale admin console > Machines
2. Find NVIDIA Shield device
3. Enable "Exit Node" capability
4. On Shield: Settings > Use as Exit Node
# Subnet routing (if needed)
# Allow access to local networks at travel location
tailscale up --advertise-routes=192.168.1.0/24
```
---
## 📺 Media Streaming Configuration
### **Plex Client Setup**
```bash
# Optimal Plex configuration for travel
1. Install Plex app from Play Store
2. Sign in with Plex account
3. Server should auto-discover via Tailscale
4. If not found manually add:
- Server IP: atlantis.vish.local
- Port: 32400
- Or Tailscale IP: 100.83.230.112:32400
# Quality settings for travel:
# Settings > Video Quality
# - Home Streaming: Maximum (if good WiFi)
# - Remote Streaming: 4 Mbps 720p (for limited bandwidth)
# - Allow Direct Play: Enabled
# - Allow Direct Stream: Enabled
```
### **Alternative Media Apps**
```bash
# Jellyfin (if preferred over Plex)
1. Install Jellyfin app from Play Store
2. Add server: calypso.vish.local:2283
3. Or Tailscale IP: 100.103.48.78:2283
# VLC for direct file access
1. Network streams via SMB/CIFS
2. Direct file playback from NAS
3. Supports all media formats
```
---
## 🔒 Security & VPN Configuration
### **Secure Browsing Setup**
```bash
# Use Shield as secure gateway
1. Configure Tailscale as exit node
2. All traffic routes through homelab
3. Benefits from Pi-hole ad blocking
4. Secure DNS resolution
# Chrome browser configuration:
# - Set homepage to homelab dashboard
# - Bookmark frequently used services
# - Enable sync for consistent experience
```
### **SSH Access to Homelab**
```bash
# Using Termux for SSH connections
1. Install Termux from Play Store
2. Update packages: pkg update && pkg upgrade
3. Install SSH client: pkg install openssh
4. Generate SSH key: ssh-keygen -t ed25519
5. Copy public key to homelab hosts
# Connect to homelab:
ssh admin@atlantis.vish.local
ssh user@homelab-vm.vish.local
ssh pi@concord-nuc.vish.local
```
---
## 🏨 Travel Scenarios & Setup
### **Hotel Room Setup**
```bash
# Quick deployment in hotel room
1. Connect Shield to hotel TV via HDMI
2. Connect to hotel WiFi
3. Launch Tailscale (auto-connects)
4. Access homelab services immediately
5. Stream personal media library
# Hotel WiFi considerations:
# - May need to accept terms via browser
# - Some hotels block VPN traffic
# - Use mobile hotspot as backup
```
### **Airbnb/Rental Property**
```bash
# Extended stay configuration
1. Connect to property WiFi
2. Set up Shield as primary entertainment
3. Configure TV settings for optimal experience
4. Share access with travel companions
5. Use as work environment via homelab
# Family sharing:
# - Create guest Plex accounts
# - Share specific libraries
# - Monitor usage via Tautulli
```
### **Mobile Hotspot Integration**
```bash
# Using phone as internet source
1. Enable mobile hotspot on phone
2. Connect Shield to hotspot WiFi
3. Monitor data usage carefully
4. Adjust streaming quality accordingly
# Data-conscious settings:
# - Plex: 2 Mbps 480p for mobile data
# - Disable automatic updates
# - Use offline content when possible
```
---
## 🎮 Gaming & Entertainment Features
### **GeForce Now Integration**
```bash
# Cloud gaming via NVIDIA's service
1. Install GeForce Now app
2. Sign in with NVIDIA account
3. Access Steam/Epic games library
4. Stream games at 4K 60fps (with good connection)
# Optimal settings:
# - Streaming Quality: Custom
# - Bitrate: Adjust based on connection
# - Frame Rate: 60fps preferred
```
### **Local Game Streaming**
```bash
# Stream games from homelab PCs
1. Install Steam Link app
2. Discover gaming PCs on network
3. Pair with gaming systems
4. Stream games over Tailscale
# Requirements:
# - Gaming PC with Steam installed
# - Good network connection (5+ Mbps)
# - Low latency connection
```
### **Emulation & Retro Gaming**
```bash
# RetroArch for classic games
1. Install RetroArch from Play Store
2. Download cores for desired systems
3. Load ROMs from homelab NAS
4. Configure controllers
# ROM access via SMB:
# - Connect to atlantis.vish.local/roms
# - Browse by system/console
# - Load directly from network storage
```
---
## 🔧 Advanced Configuration
### **Custom Launcher (Optional)**
```bash
# Replace default Android TV launcher
1. Install alternative launcher (FLauncher, ATV Launcher)
2. Set as default home app
3. Customize with homelab shortcuts
4. Create quick access to services
# Homelab shortcuts:
# - Grafana dashboard
# - Portainer interface
# - Plex web interface
# - Router admin panel
```
### **Automation Integration**
```bash
# Home Assistant integration
1. Install Home Assistant app
2. Connect to concord-nuc.vish.local:8123
3. Control smart home devices
4. Automate Shield behavior
# Example automations:
# - Turn on Shield when arriving home
# - Adjust volume based on time of day
# - Switch inputs automatically
```
### **File Management**
```bash
# Solid Explorer configuration
1. Add network locations:
- SMB: //atlantis.vish.local/media
- SMB: //calypso.vish.local/documents
- FTP: homelab-vm.vish.local:21
2. Enable cloud storage integration
3. Set up automatic sync folders
# Use cases:
# - Download files to Shield storage
# - Upload photos/videos to homelab
# - Access documents remotely
```
---
## 📊 Monitoring & Management
### **Performance Monitoring**
```bash
# Monitor Shield performance
1. Settings > Device Preferences > About
2. Check storage usage regularly
3. Monitor network performance
4. Clear cache when needed
# Network diagnostics:
# - WiFi Analyzer app for signal strength
# - Speedtest app for bandwidth testing
# - Ping tools for latency checking
```
### **Remote Management**
```bash
# ADB over network (advanced)
1. Enable ADB over network in Developer Options
2. Connect from computer: adb connect [shield-ip]:5555
3. Execute commands remotely
4. Install/manage apps REDACTED_APP_PASSWORD
# Useful ADB commands:
adb shell pm list packages # List installed apps
adb install app.apk # Install APK remotely
adb shell input keyevent 3 # Simulate home button
adb shell screencap /sdcard/screen.png # Screenshot
```
---
## 🚨 Troubleshooting
### **Common Issues & Solutions**
```bash
# Tailscale connection problems:
1. Check internet connectivity
2. Restart Tailscale app
3. Re-authenticate if needed
4. Verify firewall settings
# Plex streaming issues:
1. Check server status in homelab
2. Test direct IP connection
3. Adjust quality settings
4. Clear Plex app cache
# WiFi connectivity problems:
1. Forget and reconnect to network
2. Check for interference
3. Use 5GHz band if available
4. Reset network settings if needed
```
### **Performance Optimization**
```bash
# Improve Shield performance:
1. Clear app caches regularly
2. Uninstall unused applications
3. Restart device weekly
4. Keep storage under 80% full
# Network optimization:
1. Use wired connection when possible
2. Position close to WiFi router
3. Avoid interference sources
4. Update router firmware
```
---
## 📋 Travel Checklist
### **Pre-Travel Setup**
```bash
☐ Update Shield to latest firmware
☐ Update all apps
☐ Verify Tailscale connectivity
☐ Test Plex streaming
☐ Download offline content if needed
☐ Charge remote control
☐ Pack HDMI cable (if needed)
☐ Pack power adapter
☐ Verify homelab services are running
☐ Set up mobile hotspot backup
```
### **At Destination**
```bash
☐ Connect to local WiFi
☐ Test internet speed
☐ Launch Tailscale
☐ Verify homelab connectivity
☐ Test media streaming
☐ Configure TV settings
☐ Set up any shared access
☐ Monitor data usage (if on mobile)
```
### **Departure Cleanup**
```bash
☐ Sign out of local accounts
☐ Clear browser data
☐ Remove WiFi networks
☐ Reset any personalized settings
☐ Verify no personal data left on device
☐ Pack all accessories
```
---
## 🔗 Integration with Homelab Services
### **Service Access URLs**
```bash
# Via Tailscale (always accessible):
Plex: http://100.83.230.112:32400
Jellyfin: http://100.103.48.78:2283
Grafana: http://100.83.230.112:7099
Home Assistant: http://100.67.40.126:8123
Portainer: http://100.83.230.112:9000
Router Admin: http://192.168.1.1
# Via local DNS (when on home network):
Plex: http://atlantis.vish.local:32400
Jellyfin: http://calypso.vish.local:2283
Grafana: http://atlantis.vish.local:7099
```
### **Backup & Sync**
```bash
# Automatic backup of Shield data
1. Configure Syncthing on Shield (if available)
2. Sync important folders to homelab
3. Backup app configurations
4. Store in homelab for easy restore
# Manual backup process:
1. Use ADB to pull important data
2. Store configurations in homelab Git repo
3. Document custom settings
4. Create restore procedures
```
---
## 📚 Related Documentation
- [Tailscale Setup Guide](../infrastructure/tailscale-setup-guide.md)
- [Travel Networking Guide](../infrastructure/comprehensive-travel-setup.md)
- [Plex Configuration](../services/individual/plex.md)
- [Home Assistant Integration](../services/individual/home-assistant.md)
---
**💡 Pro Tip**: The NVIDIA Shield TV Pro is an incredibly versatile travel companion. With proper setup, it provides seamless access to your entire homelab infrastructure from anywhere in the world, making travel feel like home.
**🔄 Maintenance**: Update this configuration monthly and test all functionality before important trips.

50
docs/hardware/raspberry-pi.md Normal file
View File

@@ -0,0 +1,50 @@
# Raspberry Pi
Live-verified 2026-04-18. Two Pi 5 units in active use; legacy Pi 4 / Zero not in current fleet.
## Pi 5 (Vish) — monitoring + Uptime Kuma
| | |
|---|---|
| Model | Raspberry Pi 5 Model B Rev 1.1 |
| SoC | Broadcom BCM2712 (4× Cortex-A76 @ 2.4 GHz) |
| RAM | 16 GB LPDDR4X |
| OS | Raspberry Pi OS (kernel 6.12.47+rpt-rpi-2712) |
| LAN IP | 192.168.0.66 |
| Tailscale IP | 100.77.151.40 |
| Hostname / SSH | `pi-5` |
| Role | Uptime Kuma (central monitor), DIUN (image update notifier), dozzle-agent, glances, scrutiny-collector |
| Containers | 7 |
Deployed as a Portainer endpoint (`endpoint=rpi5`) managed via GitOps — see stacks under `hosts/edge/rpi5-vish/`.
## Pi 5 (Jellyfish) — remote LAN helper
| | |
|---|---|
| Model | Raspberry Pi 5 Model B Rev 1.0 |
| SoC | Broadcom BCM2712 |
| RAM | 4 GB |
| OS | Raspberry Pi OS (kernel 6.12.75+rpt-rpi-2712) |
| Tailscale IP | 100.69.121.120 |
| Location | Remote subnet `192.168.12.0/24`, behind GL-MT3600BE (Beryl 7) |
| Role | LAN backup / photo helper |
| Containers | 2 |
Active project: LUKS/EXT4 SSD recovery — see [hosts/jellyfish.md](../hosts/jellyfish.md) and the `project_jellyfish_fsck` memory entry.
## Retired / unused
Previous notes referenced a Pi 4 cluster and Pi Zero 2 W. None are in the current active fleet — any legacy Pi's in storage aren't tracked here. Kevin's Pi 5 (`100.123.246.75`, referenced in older diagrams) is also not currently in the headscale inventory as of 2026-04-18.
## Common operational notes
- **Power:** Both Pi 5 units run on the official 27 W USB-C PSU; a sub-spec supply causes under-voltage warnings that can corrupt storage.
- **Storage:** REDACTED_APP_PASSWORD SSD via the Pi 5 PCIe HAT (not microSD). This keeps SD-card wear out of the picture for workloads like Uptime Kuma that log heavily.
- **Cooling:** Official active cooler (fan + heatsink). Under sustained load (Tdarr, LLM inference) the Pi throttles without active cooling.
- **Kernel:** `6.12.x+rpt-rpi-2712` Raspberry Pi Foundation kernel, not the Debian upstream kernel.
- **ARM64:** All Docker images must be `linux/arm64` — Portainer GitOps picks these automatically from multi-arch manifests.
## Ansible
Both Pi's are targets in `ansible/playbooks/ssh_mesh.yml` and the general `site.yml`. See [networking/SSH_MESH.md](../networking/SSH_MESH.md).

139
docs/hardware/storage-drives.md Normal file
View File

@@ -0,0 +1,139 @@
# Storage Drives
Live-verified 2026-04-18. Every drive currently in the homelab, grouped by host. For RAID / volume layout and backup flows see [atlantis-storage.md](atlantis-storage.md) and [storage-topology](../diagrams/storage-topology.md).
## Atlantis (DS1823xs+)
**Bulk storage — Volume 1 (Btrfs, RAID 6, encrypted)**
| Slot | Model | Capacity | Role |
|---|---|---|---|
| 18 | Seagate IronWolf Pro (SATA) | 8× 16 TB | 128 TB raw / 84 TB usable |
**NVMe — Volume 2 (Btrfs, RAID 1)**
| Model | Capacity | Slot | Purpose |
|---|---|---|---|
| 2× Crucial CT1000P310SSD8 | 2× 1 TB | M.2 adapter card | Docker configs, databases, metadata (885 GB usable) |
**NVMe — Volume 3 (Btrfs, RAID 1)**
| Model | Capacity | Slot | Purpose |
|---|---|---|---|
| 2× Synology SNV5420-400G | 2× 400 GB | M.2 built-in | SABnzbd working directory, high-I/O temp (348 GB usable) |
## Calypso (DS723+)
**Volume 1 (Btrfs, RAID 1, encrypted)**
| Slot | Model | Capacity | Role |
|---|---|---|---|
| 12 | Seagate IronWolf Pro (SATA) | 2× 12 TB | 24 TB raw / ~11 TB usable |
**NVMe cache (RAID 1)**
| Model | Capacity | Purpose |
|---|---|---|
| 2× Crucial P3 Plus | 2× 500 GB | Read/write cache for Volume 1 |
## Setillo (DS223j)
**Volume 1 (Btrfs, RAID 1)**
| Slot | Model | Capacity | Role |
|---|---|---|---|
| 12 | WD Gold | 2× 10 TB | 20 TB raw / ~8.8 TB usable — off-site backup target |
## Guava (TrueNAS SCALE)
**boot-pool (ZFS, single device)**
| Model | Capacity | Purpose |
|---|---|---|
| WD Black SN770 NVMe | 464 GB (433 GB free) | OS / boot |
**data pool (ZFS mirror, dedup 1.67×)**
| Model | Capacity | Purpose |
|---|---|---|
| 2× WD Blue SA510 SATA SSD | 2× 4 TB | User data (3.62 TB raw, 2.16 TB used, 1.47 TB free) |
Datasets under `data/`: `guava_turquoise` (3 TB personal data), `photos`, `jellyfin`, `llama` (LLM model cache), `plane-data`, `cocalc`, `fasten`, `openproject`, `medical`. NFS mount `atlantis_media` re-exposes Atlantis Volume 1.
## Shinku-Ryuu (workstation)
| Drive | Role |
|---|---|
| NVMe SSD (primary) | Windows OS, games |
| NVMe SSD (secondary) | Game library |
| SATA SSD | Bulk / scratch |
(Exact models not tracked here — managed manually on the Windows host.)
## Concord NUC
| Drive | Model | Capacity |
|---|---|---|
| SATA SSD | Toshiba VX500 | 238 GB |
## Homelab VM
| Drive | Capacity | Role |
|---|---|---|
| Proxmox virtual disk | ~500 GB | OS + container volumes (backed by PVE host ZFS) |
## Matrix-Ubuntu VM
| Drive | Capacity | Role |
|---|---|---|
| LVM LV on Synology virtual disk | 1 TB (~1005 GB) | OS + all container data (Synapse, Mastodon, LiveKit, NPM certs) |
## Pi 5 (Vish)
| Drive | Role |
|---|---|
| NVMe SSD via PCIe HAT | Boot + Uptime Kuma / DIUN data |
## Pi 5 (Jellyfish)
| Drive | Role | Status |
|---|---|---|
| Internal NVMe | Boot | active |
| External LUKS-encrypted SSD | Photo / media | **recovery in progress** (LUKS closed, needs passphrase + `e2fsck`) — see `project_jellyfish_fsck` memory and `/home/lulu/FSCK-RECOVERY-NOTES.md` on the host |
## Olares (K3s laptop)
| Drive | Role |
|---|---|
| Internal NVMe | Ubuntu root + K3s local storage |
NFS mounts from Atlantis/Calypso back most K3s-app persistent volumes (Ollama model cache, Jellyfin metadata, Tdarr cache).
## Seattle VPS
| Drive | Capacity | Role |
|---|---|---|
| Contabo virtual disk | 290 GB (~110 GB free) | OS + all container data |
## Setillo `/opt` (Entware)
Not a drive per se — `/volume1/@entware` is bind-mounted to `/opt` via systemd `opt.mount`. ~260 MB Entware packages, survives DSM upgrades so long as the systemd unit is preserved. See [hosts/setillo.md](../hosts/setillo.md).
## Backups in flight
- Atlantis Volume 1 → Calypso (HyperBackup, weekly/daily depending on dataset)
- Atlantis/Calypso `/volume1/docker` → Setillo via Syncthing (real-time)
- Atlantis photos + media → Backblaze B2 bucket `vk-atlantis` (HyperBackup S3, weekly)
- Calypso docker → Backblaze B2 bucket `vk-concord-1` (HyperBackup S3, daily)
See [infrastructure/backup-strategy.md](../infrastructure/backup-strategy.md) for RTO/RPO and restore procedures.
## SMART / health
- Synology NAS: DSM Storage Manager SMART reports + Scrutiny container on homelab-vm (`scrutiny.vish.gg`).
- Guava: TrueNAS SCALE native SMART; NetData 339 MB dataset pinned to the data pool.
- NUC / Pi / VMs: `smartctl` ad hoc; no centralized collection.
## Replacement / warranty tracking
Actual purchase dates and serial numbers are tracked in NetBox (`nb.vish.gg`) rather than this file. Check DCIM → Devices → the host's "Inventory" tab for per-drive serials.