# Guava

TrueNAS SCALE (Electric Eel, 25.04.2) secondary NAS. Runs alongside the Synology primaries (atlantis/calypso) with its own ZFS pool and a mix of TrueNAS `ix-apps` and raw Docker services.

## Specs

| | |
|---|---|
| Hostname | `guava` |
| OS | TrueNAS SCALE 25.04.2 (Debian-based, kernel 6.12.15) |
| LAN IP | 192.168.0.100 |
| Tailscale IP | 100.75.252.64 (Headscale node ID:8) |
| RAM | 30 GB |
| Boot pool | `boot-pool` — 464 GB SSD (17 GB used) |
| Data pool | `data` — 3.62 TB raw (2.16 TB used, 1.47 TB free, 59% full, dedup 1.67x) |
| API key | stored in `MEMORY.md` (see root `.claude` memory) |

SSH aliases: `guava` or `truenas` (both → 100.75.252.64, user `vish`).

## Networking

- `accept_routes=false` on Tailscale to prevent Calypso's `192.168.0.0/24` subnet advertisement from hijacking Guava's own LAN replies. See [`docs/troubleshooting/guava-smb-incident-2026-03-14.md`](../troubleshooting/guava-smb-incident-2026-03-14.md) and [`docs/networking/GUAVA_LAN_ROUTING_FIX.md`](../networking/GUAVA_LAN_ROUTING_FIX.md) for background.
- Dedicated policy-based routing rule: `ip rule add to 192.168.0.0/24 lookup main priority 5200` (persistent — applied on boot).

## Running services

Nineteen containers as of 2026-04-18. TrueNAS-managed apps are prefixed `ix-*`.

### TrueNAS apps (`ix-*`)

| App | Purpose |
|---|---|
| `ix-portainer-portainer-1` | Standalone Portainer instance (not federated with the main Atlantis Portainer) |
| `ix-gitea-gitea-1` + `ix-gitea-postgres-1` | Legacy Gitea instance (primary Gitea runs on matrix-ubuntu) |
| `ix-jellyfin-jellyfin-1` | Legacy Jellyfin instance (primary Jellyfin runs on Olares with RTX 5090 transcode) |
| `ix-tailscale-tailscale-1` | Tailscale TrueNAS app (separate from host-level tailscaled) |
| `ix-wg-easy-wg-easy-1` | WireGuard-Easy VPN admin UI |

### Raw Docker

| Container | Purpose |
|---|---|
| `tdarr-node-guava` | Tdarr transcode node — one of several nodes offloading from the main Tdarr server (see `docs/services/individual/tdarr.md`) |
| `ollama` | Local Ollama instance (smaller models; primary inference is on Olares) |
| `open-webui` | OpenWebUI for the local Ollama |
| `fasten-onprem` | Personal health records aggregator |
| `planka` + `planka-db` | Kanban board |
| `fenrus` | Dashboard/launcher |
| `nginx` | Reverse proxy for local apps |
| `openspeedtest` | Self-hosted speed test |
| `ddns-crista-love` | Cloudflare DDNS for `crista.love` |
| `node-exporter` | Prometheus host metrics |
| `dozzle-agent` | Remote log agent for central Dozzle |
| `rendered-tailscale-1` | Helper container for `ix-tailscale` |

## Storage layout

- `data` pool (3.62 TB raw, RAIDZ) — primary data
- `data/.ix-virt/` — libvirt/incus VM storage (including a `proton-bridge` container used for Proton Mail IMAP bridging)
- `data/.system/` — TrueNAS system datasets (configs, NetData, NFS, SMB)
- User datasets are managed through the TrueNAS UI

## Portainer (standalone)

This host's Portainer is **not** registered with the main Portainer at `pt.vish.gg`. It is a separate instance accessed directly via TrueNAS apps. This is deliberate — Guava manages its own `ix-*` apps lifecycle.

## Related docs

- [Host overview](../infrastructure/hosts.md) — Guava row
- [Guava LAN routing fix](../networking/GUAVA_LAN_ROUTING_FIX.md)
- [Guava SMB incident (2026-03-14)](../troubleshooting/guava-smb-incident-2026-03-14.md)
- [Tdarr](../services/individual/tdarr.md) — node federation