# Systems Inventory ## Desktops - Name: - Role: - OS: - Notes: ## Homeservers - Name: Proxmox box / `buntbox01` - Role: Hypervisor for home services - OS: Proxmox VE 9.1.6 - IP: 192.168.0.88 - Network: `vmbr0` on `192.168.0.88/24`, gateway `192.168.0.1` - Services/guests: - LXC 100 `yams` — media server base, privileged LXC with media mounts at `192.168.0.89` - LXC 101 `AMP` — AMP game server at `192.168.0.90` - VM 102 `Vaultwarden` — deployed 2026-06-06, Debian 13, Vaultwarden behind Nginx at `192.168.0.238` - LXC 103 `searxng` — deployed 2026-06-06, Docker Compose SearxNG at `192.168.0.133:8080` - LXC 104 `nimrod` — deployed 2026-06-06, dedicated Nimrod/Pi manual SSH workspace at `192.168.0.222` - LXC 105 `reverse-proxy` — deployed 2026-06-07, central Nginx reverse proxy at `192.168.0.137` - LXC 106 `unbound` — deployed 2026-06-07, standalone internal DNS at `192.168.0.124` - LXC 107 `homepage` — deployed 2026-06-07, Homepage config-as-code dashboard at `192.168.0.241` - LXC 108 `pihole` — Pi-hole ad-blocking DNS at `192.168.0.150`, Docker, upstream DNS: Unbound - LXC 109 `gluetun` — Gluetun PIA VPN proxy at `192.168.0.151`, HTTP proxy :8888, SOCKS5 :8388 - LXC 110 `dashy` — Dashy service dashboard (legacy/pre-homarr) at `192.168.0.152:8080` - LXC 111 `homarr` — Homarr dashboard (current default) at `192.168.0.213:7575`, deployed 2026-06-07 - Nextcloud guest VM exists separately at `192.168.0.110` on proxtop - Storage observed via API: - `local-lvm` for rootdir/images - `local` for ISO/templates/backups - `m1`, `m2`, `m3` for images - Notes: - Proxmox API token for bootstrap is stored outside git in `.tokens/proxmox.env`. - Current bootstrap token was broad enough for VM/LXC management and should be reduced or revoked after setup. - Disposable SSH lifecycle pilot LXC 102 `access-pilot` was created, tested, revoked, and destroyed on 2026-06-05. - Proxmox VE 9.x supports running Docker natively inside unprivileged LXCs with `features: nesting=1` (used for Dashy, Homarr, Pi-hole, Gluetun). - Name: Vaultwarden - Role: Vaultwarden/Bitwarden-compatible secrets vault VM - OS: Debian 13 generic cloud image - VMID: 102 - IP: 192.168.0.238 via DHCP - FQDN: `vw.dropcutstud.io` planned for LAN Unbound override by user - Proxmox host: `buntbox01` - Resources: 1 vCPU, 1024 MB RAM, 16 GB disk on `local-lvm` - Network: `vmbr0`, virtio NIC, no public exposure - Services: - Vaultwarden Docker container behind Nginx HTTPS reverse proxy - Nginx listens on 80/443; Vaultwarden binds to 127.0.0.1:8080 - Notes: - Bootstrap deployment completed on 2026-06-06. - User initial account was created and open signups were disabled per change log. - Backup, recovery/restore testing, Tailscale, DNS override, and final hardening remain follow-up work before critical secrets are migrated. - Name: searxng - Role: Private SearxNG search service for LAN/internal assistant workflows - Type: Proxmox LXC - CTID: 103 - IP: 192.168.0.133 via DHCP - Intended FQDN: `search.dropcutstud.io` - Current URL: `http://192.168.0.133:8080/` - Proxmox host: `buntbox01` - Network: LAN/Tailscale-only intent; DNS/Tailscale/TLS pending - Services: - Docker Compose SearxNG plus Valkey under `/opt/searxng` - Notes: - Snapshot: `post-searxng-initial`. - Runbook: `runbooks/searxng-homelab.md`. - Name: nimrod - Role: Dedicated Nimrod/Pi assistant workspace - Type: Proxmox LXC - CTID: 104 - OS: Debian 13 - IP: 192.168.0.222 via DHCP - Proxmox host: `buntbox01` - Resources: 2 vCPU, 4096 MB RAM, 32 GB disk on `local-lvm` - Network: LAN-only current access; no public exposure - Services/workflow: - SSH as `piagent`, key-only after hardening - Manual Pi workflow from `/home/piagent/projects/nimrod` - NodeSource Node 22.22.3 and Pi 0.78.1 installed - Notes: - Snapshot: `base-runtime-repo-20260606`. - Repo copied from commit `052f1a5`. - Approved SSH key and Proxmox token copied into project-local ignored paths; Google tokens were not copied. - Name: reverse-proxy - Role: Central Nginx reverse proxy MVP - Type: Proxmox LXC - CTID: 105 - OS: Debian 13 - IP: 192.168.0.137 via DHCP - Intended FQDN: `proxy.dropcutstud.io` - Proxmox host: `buntbox01` - Resources: 1 vCPU, 1024 MB RAM, 8 GB disk on `local-lvm` - Network: LAN-only current access; no public exposure - Services: - Nginx on 80/443 - Temporary self-signed TLS route `search.dropcutstud.io` -> `http://192.168.0.133:8080` - Notes: - Snapshot: `post-searxng-proxy-mvp`. - Runbook: `runbooks/nginx-reverse-proxy.md`. - Dedicated DNS service and final certificate trust remain follow-up work. - Name: unbound - Role: Standalone internal DNS service - Type: Proxmox LXC - CTID: 106 - OS: Debian 13 - IP: 192.168.0.124 via DHCP - Intended FQDN: `dns.dropcutstud.io` - Proxmox host: `buntbox01` - Resources: 1 vCPU, 512 MB RAM, 8 GB disk on `local-lvm` - Network: LAN-only current access; no public exposure - Services: - Unbound on TCP/UDP 53 - Internal records for `dns`, `unbound`, `proxy`, `search`, `vw`, and `nc` under `dropcutstud.io` - Notes: - Snapshot: `post-unbound-internal-dns-mvp`. - Runbook: `runbooks/unbound-internal-dns.md`. - Router/DHCP/Tailscale integration and stable IP reservation remain follow-up work. - Name: homepage - Role: Config-as-code homelab service dashboard - Type: Proxmox LXC - CTID: 107 - OS: Debian 13 - IP: 192.168.0.241 via DHCP - FQDN: `dashboard.dropcutstud.io` via reverse proxy/Unbound MVP - Proxmox host: `buntbox01` - Resources: 1 vCPU, 1024 MB RAM, 8 GB disk on `local-lvm` - Network: LAN-only current access; no public exposure - Services: - Docker Compose Homepage on port 3000 - Config under `/opt/homepage/config` - Notes: - Snapshot: `post-homepage-dashboard-mvp`. - Runbook: `runbooks/homepage-dashboard.md`. - Docker socket intentionally not mounted for MVP. - Name: nextcloud - Role: Nextcloud guest VM - OS: Ubuntu 25.04 - IP: 192.168.0.110 - Proxmox host: `proxtop` (192.168.0.64) - VMID: 102 - Services: - Nextcloud via Docker Compose on port 8080 - PostgreSQL container - Redis container - Tailscale installed, pending authentication - Notes: - SSH access works as `piagent` using project-local key `.ssh/piagent_homelab`. - Operations runbook: `runbooks/nextcloud-operations.md`. ## Proxmox proxtop (192.168.0.64) - Role: Secondary Proxmox hypervisor - OS: Proxmox VE 8.4 - IP: 192.168.0.64 - Services/guests: - VM 102 `nextcloud` — Nextcloud at `192.168.0.110`, 2 vCPU, 4GB RAM, 80GB disk - VM 105 `haos14.0` — Home Assistant OS 14.0 at `192.168.0.155:8123`, 2 vCPU, 8GB RAM, 32GB disk, USB Zigbee passthrough - Notes: - API token at `.tokens/proxtop.txt` (limited permissions) - SSH not configured for piagent ## Homarr Dashboard (CT 111) - URL: `https://homarr.dropcutstud.io/` - Backend: `192.168.0.213:7575` (Docker Compose on buntbox01 LXC) - Admin login: user `deeso` / password `Test1234!` - Contains 14 service tiles across 3 sections: Core Services (6), Infrastructure (6), Operations (2) - Config: `/opt/homarr/docker-compose.yml`, data at `/opt/homarr/data/` - Credential setup: `DEFAULT_ADMIN_USERNAME`/`DEFAULT_ADMIN_PASSWORD` env vars (used on first boot) - DNS: `homarr.dropcutstud.io → 192.168.0.137` (reverse proxy) with LE cert ## Network / Infra - Router: OPNsense at 192.168.0.1 (`opn.dropcutstud.io`) - DNS: Unbound at 192.168.0.124 serves all `*.dropcutstud.io` records - Reverse proxy: Nginx at 192.168.0.137 serves HTTPS with LE certs for 10 subdomains - Active static IPs assigned: .88, .89, .90, .110, .124, .133, .137, .150, .151, .152, .155, .175 (old homarr, destroyed), .213, .222, .238, .241 - Backups: Standard backup scripts deployed for homepage, reverse-proxy, unbound; missing for homarr, pihole, gluetun, HA