Sanitized mirror from private repository - 2026-04-19 08:15:48 UTC

docs/hosts/guava.md

@@ -0,0 +1,72 @@
+# Guava
+
+TrueNAS SCALE (Electric Eel, 25.04.2) secondary NAS. Runs alongside the Synology primaries (atlantis/calypso) with its own ZFS pool and a mix of TrueNAS `ix-apps` and raw Docker services.
+
+## Specs
+
+| | |
+|---|---|
+| Hostname | `guava` |
+| OS | TrueNAS SCALE 25.04.2 (Debian-based, kernel 6.12.15) |
+| LAN IP | 192.168.0.100 |
+| Tailscale IP | 100.75.252.64 (Headscale node ID:8) |
+| RAM | 30 GB |
+| Boot pool | `boot-pool` — 464 GB SSD (17 GB used) |
+| Data pool | `data` — 3.62 TB raw (2.16 TB used, 1.47 TB free, 59% full, dedup 1.67x) |
+| API key | stored in `MEMORY.md` (see root `.claude` memory) |
+
+SSH aliases: `guava` or `truenas` (both → 100.75.252.64, user `vish`).
+
+## Networking
+
+- `accept_routes=false` on Tailscale to prevent Calypso's `192.168.0.0/24` subnet advertisement from hijacking Guava's own LAN replies. See [`docs/troubleshooting/guava-smb-incident-2026-03-14.md`](../troubleshooting/guava-smb-incident-2026-03-14.md) and [`docs/networking/GUAVA_LAN_ROUTING_FIX.md`](../networking/GUAVA_LAN_ROUTING_FIX.md) for background.
+- Dedicated policy-based routing rule: `ip rule add to 192.168.0.0/24 lookup main priority 5200` (persistent — applied on boot).
+
+## Running services
+
+Nineteen containers as of 2026-04-18. TrueNAS-managed apps are prefixed `ix-*`.
+
+### TrueNAS apps (`ix-*`)
+
+| App | Purpose |
+|---|---|
+| `ix-portainer-portainer-1` | Standalone Portainer instance (not federated with the main Atlantis Portainer) |
+| `ix-gitea-gitea-1` + `ix-gitea-postgres-1` | Legacy Gitea instance (primary Gitea runs on matrix-ubuntu) |
+| `ix-jellyfin-jellyfin-1` | Legacy Jellyfin instance (primary Jellyfin runs on Olares with RTX 5090 transcode) |
+| `ix-tailscale-tailscale-1` | Tailscale TrueNAS app (separate from host-level tailscaled) |
+| `ix-wg-easy-wg-easy-1` | WireGuard-Easy VPN admin UI |
+
+### Raw Docker
+
+| Container | Purpose |
+|---|---|
+| `tdarr-node-guava` | Tdarr transcode node — one of several nodes offloading from the main Tdarr server (see `docs/services/individual/tdarr.md`) |
+| `ollama` | Local Ollama instance (smaller models; primary inference is on Olares) |
+| `open-webui` | OpenWebUI for the local Ollama |
+| `fasten-onprem` | Personal health records aggregator |
+| `planka` + `planka-db` | Kanban board |
+| `fenrus` | Dashboard/launcher |
+| `nginx` | Reverse proxy for local apps |
+| `openspeedtest` | Self-hosted speed test |
+| `ddns-crista-love` | Cloudflare DDNS for `crista.love` |
+| `node-exporter` | Prometheus host metrics |
+| `dozzle-agent` | Remote log agent for central Dozzle |
+| `rendered-tailscale-1` | Helper container for `ix-tailscale` |
+
+## Storage layout
+
+- `data` pool (3.62 TB raw, RAIDZ) — primary data
+- `data/.ix-virt/` — libvirt/incus VM storage (including a `proton-bridge` container used for Proton Mail IMAP bridging)
+- `data/.system/` — TrueNAS system datasets (configs, NetData, NFS, SMB)
+- User datasets are managed through the TrueNAS UI
+
+## Portainer (standalone)
+
+This host's Portainer is **not** registered with the main Portainer at `pt.vish.gg`. It is a separate instance accessed directly via TrueNAS apps. This is deliberate — Guava manages its own `ix-*` apps lifecycle.
+
+## Related docs
+
+- [Host overview](../infrastructure/hosts.md) — Guava row
+- [Guava LAN routing fix](../networking/GUAVA_LAN_ROUTING_FIX.md)
+- [Guava SMB incident (2026-03-14)](../troubleshooting/guava-smb-incident-2026-03-14.md)
+- [Tdarr](../services/individual/tdarr.md) — node federation