diff --git a/fleet/admin-cheat-sheet.md b/fleet/admin-cheat-sheet.md index 89af9cf..8ce0f03 100644 --- a/fleet/admin-cheat-sheet.md +++ b/fleet/admin-cheat-sheet.md @@ -1,7 +1,7 @@ # Iron Legion Fleet Admin Cheat Sheet -Generated: 2026-05-31 -Maintainer: F.R.I.D.A.Y. (Hermes Agent) +**Generated:** 2026-05-31 +**Maintainer:** F.R.I.D.A.Y. (Hermes Agent) --- @@ -26,31 +26,34 @@ Maintainer: F.R.I.D.A.Y. (Hermes Agent) ### Swarm Manager -- Hostname: mark-vii.ai.home +- Hostname: mk7.ai.home - Armor Code: MK-7 - LAN IP: 192.168.7.7 - Tailscale IP: 100.66.70.51 -- Role: Swarm Manager, DNS, Traefik, Portainer, PegaProx +- Role: Swarm Manager, Technitium DNS, Traefik, Portainer, PegaProx - CPUs: 18 | RAM: 15 GB | Disk: 916 GB ### Worker Nodes G9 (Proxmox VE) -| Armor | Hostname | LAN IP | Tailscale IP | MAC | Status | -|-------|----------|--------|--------------|-----|--------| -| MK-33 | mk33.ai.home | 192.168.7.33 | TBD | E0-51-D8-1C-5D-56 | Online (PVE) | -| MK-34 | mk34.ai.home | 192.168.7.34 | TBD | E0-51-D8-1C-5C-75 | Online (PVE) | -| MK-39 | mk39.ai.home | 192.168.7.39 | TBD | PENDING | Online (PVE) | -| MK-42 | mk42.ai.home | 192.168.7.42 | TBD | PENDING | Not Installed | +| Armor | Name | Hostname | LAN IP | Tailscale IP | MAC | Status | +|-------|------|----------|--------|--------------|-----|--------| +| MK-33 | Silver Centurion | mk33.ai.home | 192.168.7.33 | 100.125.155.41 | E0-51-D8-1C-5D-56 | Online (PVE) | +| MK-34 | Southpaw | mk34.ai.home | 192.168.7.34 | 100.94.190.43 | E0-51-D8-1C-5C-75 | Online (PVE) | +| MK-39 | Gemini | mk39.ai.home | 192.168.7.39 | 100.125.155.41 | PENDING | Online (PVE) | +| MK-42 | Extremis | mk42.ai.home | 192.168.7.42 | TBD | PENDING | Offline (not installed) | ### Utility Nodes -| Armor | Hostname | LAN IP | Tailscale IP | Role | -|-------|----------|--------|--------------|------| -| Neo | nebuchadnezzar.ai.home | 192.168.192.24 | 100.99.123.16 | Nextcloud AIO, Gitea | -| MK-44 | mark44.ai.home | 192.168.5.214 | TBD | Ollama GPU | -| MK-5 | mark5.ai.home | 192.168.6.5 | TBD | TBD | -| Shield | shield.ai.home | 192.168.10.15 / 192.168.27.205 | - | PXE/iVentoy Server | -| Artemis | artemis.ai.home | 192.168.15.182 | 100.100.97.18 | Discord Gateway | +| Hostname | LAN IP | Tailscale IP | Role | +|----------|--------|--------------|------| +| nebuchadnezzar.ai.home | 192.168.192.24 | 100.99.123.16 | Nextcloud AIO, Gitea, Git server | +| mark44.ai.home | 192.168.5.214 | TBD | Ollama GPU | +| mark5.ai.home | 192.168.6.5 | TBD | TBD | +| shield.ai.home | 192.168.10.15 | - | iVentoy PXE Server | +| artemis.ai.home | 192.168.15.182 | 100.100.97.18 | Discord Gateway | +| igor.ai.home | 192.168.10.211 | TBD | ZimaOS NAS (Mark XXXVIII) | + +> **Note:** `igor.ai.home` is a separate physical node (ZimaOS NAS). Do NOT confuse with any armor codename. ### Mission Control @@ -58,6 +61,32 @@ Maintainer: F.R.I.D.A.Y. (Hermes Agent) - OS: Windows 11 - Role: Workstation - Type: Separate physical machine +- Tailscale IP: 100.96.128.121 + +### Portable Agent Host + +- Hostname: cinnamint.ai.home (inferred) +- Role: Hermes Agent USB-portable host +- Tailscale IP: 100.99.65.75 + +--- + +## DNS Configuration + +**Primary Authoritative DNS:** MK7 (Technitium) +- LAN: 192.168.7.7 +- Tailscale: 100.66.70.51 +- Web UI: http://dns.ai.home:5380 + +**Technitium Upstream Forwarder:** tls://1.1.1.1 (Cloudflare DoT) +- Fallback: tls://1.0.0.1 + +**Fleet Node DNS Fallbacks** (for /etc/resolv.conf when not using DNS proxy): +- Primary: 192.168.7.7 (Technitium) +- Secondary: 192.168.18.1 (Router / Gateway DNS) +- Tertiary: 1.1.1.1 (Cloudflare) + +**Internal Domain:** `*.ai.home` — authoritative on Technitium, also via Tailscale MagicDNS split-brain. --- @@ -70,27 +99,12 @@ Maintainer: F.R.I.D.A.Y. (Hermes Agent) | **Deploy mode** | Docker Swarm — `host` publish mode | | **Network** | `traefik-public` overlay | | **SSL** | Self-signed cert (`CN=PegaProx`, auto-generated) | -| **Default user** | `pegaprox` (password changed by user) | +| **Default user** | `pegaprox` (password change required on first login) | | **Cluster IDs** | MK33=`726eb477`, MK34=`df6f5e5d`, MK39=`9711704b` | -### PegaProx Users - -| Username | Display Name | Role | Auth | Notes | -|----------|-------------|------|------|-------| -| `pegaprox` | PegaProx Admin | admin | local | Original default account; password changed | -| `artemis` | Artemis | admin | local | Fleet automation / Discord gateway | -| `friday` | F.R.I.D.A.Y. | admin | local | Hermes portable agent | - -### Connected Clusters - -| Cluster | ID | Host | Status | Nodes Online | -|---------|-----|------|--------|-------------| -| MK33 | `726eb477` | `192.168.7.33` | running | TBD | -| MK34 | `df6f5e5d` | `192.168.7.34` | running | TBD | -| MK39 | `9711704b` | `192.168.7.39` | running | TBD | - -### API Notes +**Admin password must be changed on first login.** +**API notes:** - Add cluster: `host` field must be **bare IP only** (no `:8006` — PegaProx appends port internally) - CSRF protection requires `X-Requested-With: XMLHttpRequest` on state-changing API calls - Exempt paths: `/api/auth/login`, `/api/auth/setup`, `/api/health` @@ -157,36 +171,42 @@ All Proxmox auto-install ISOs are **remastered** with: ### A Records -- traefik.ai.home -> 192.168.7.7 -- mk7.ai.home -> 192.168.7.7 -- mk33.ai.home -> 192.168.7.33 -- mk34.ai.home -> 192.168.7.34 -- mk39.ai.home -> 192.168.7.39 -- mk42.ai.home -> 192.168.7.42 -- mark44.ai.home -> 192.168.5.214 -- mark5.ai.home -> 192.168.6.5 -- nebuchadnezzar.ai.home -> 192.168.192.24 -- shield.ai.home -> 192.168.10.15 +| Record | IP | +|--------|-----| +| traefik.ai.home | 192.168.7.7 | +| mk7.ai.home | 192.168.7.7 | +| mk33.ai.home | 192.168.7.33 | +| mk34.ai.home | 192.168.7.34 | +| mk39.ai.home | 192.168.7.39 | +| mk42.ai.home | 192.168.7.42 | +| mark44.ai.home | 192.168.5.214 | +| mark5.ai.home | 192.168.6.5 | +| nebuchadnezzar.ai.home | 192.168.192.24 | +| shield.ai.home | 192.168.10.15 | +| artemis.ai.home | 192.168.15.182 | +| igor.ai.home | 192.168.10.211 | --- ## SSH Topology - Portable Host (F.R.I.D.A.Y.) - | - +---> artemis.ai.home via id_ed25519 - | +---> mk7.ai.home via artemis_key - | - +---> shield via jarvis user - | +---> PXE subnet 192.168.10.0/27 - | - +---> mk33-42 via bobby user (legacy subnet) - | - +---> nebuchadnezzar via jarvis user +``` +Portable Host (F.R.I.D.A.Y.) + | + +---> artemis.ai.home via id_ed25519 + | +---> mk7.ai.home via artemis_key + | + +---> shield via jarvis user + | +---> PXE subnet 192.168.10.0/27 + | + +---> nebuchadnezzar via jarvis user + | + +---> mk33-42 via root (key-based, id_ed25519) +``` -Key Files: -- ~/.ssh/id_ed25519 — bobby@cinnamint -- ~/.ssh/artemis_key — MK7 jump-host +**Key Files:** +- `~/.ssh/id_ed25519` — bobby@cinnamint, also injected as `friday@hermes` into PVE nodes +- `~/.ssh/artemis_key` — MK7 jump-host --- @@ -195,27 +215,44 @@ Key Files: | Code | Name | System | |------|------|--------| | MK-7 | Mark VII | Swarm Manager | -| MK-33 | Silver Centurion | Worker | -| MK-34 | Igor | Worker | -| MK-39 | Starboost | Worker | -| MK-42 | Bones | Worker | +| MK-33 | Silver Centurion | PVE Worker | +| MK-34 | Southpaw | PVE Worker | +| MK-39 | Gemini | PVE Worker | +| MK-42 | Extremis | PVE Worker (offline) | | MK-44 | Hulkbuster | GPU/Ollama | | MK-5 | Mark 5 | TBD | +| MK-38 | Igor | ZimaOS NAS (separate physical node) | | J.A.R.V.I.S. | Judicious Automated... | Dashboard | | F.R.I.D.A.Y. | Field-Ready Runtime... | Portable Agent | -| A.R.T.E.M.I.S. | Advanced Real-Time... | Discord | -| NEO | Nebuchadnezzar | Nextcloud | +| A.R.T.E.M.I.S. | Advanced Real-Time... | Discord Gateway | +| NEO | Nebuchadnezzar | Nextcloud/Gitea | | SHIELD | - | PXE Server | +> **Note:** `Igor` is **MK-38** (ZimaOS NAS at 192.168.10.211). It is NOT MK-34. + --- ## Notes - iVentoy Free does NOT support per-MAC ISO binding. -- Shield PXE subnet isolated via ip_forward=0. -- Mission Control is separate physical machine. -- All *.ai.home resolve via Technitium DNS. +- Shield PXE subnet isolated via ip_forward=0. Canonical wired IP: 192.168.10.15/27. +- Shield live state may show 192.168.128.33/27 from DHCP/cloud-init drift — canonical config is source-of-truth. +- Mission Control is a separate physical machine — reserved hostname must NOT be used for DNS aliases or services. +- All `*.ai.home` resolve via Technitium DNS (192.168.7.7). - PegaProx deployed on MK7 Swarm in `host` mode (not routed through Traefik). - iVentoy Pro upgrade pending — private repo link awaited from vendor. +- Gitea: `gitea.nb.bobbysh.me` (ssh://100.99.123.16:2222). +- Hermes portable sessions on Artemis use `HOME=/home/bobby/1/Hermes-USB-Portable-main/.cache/unix-home`. +- Bobby's SSH config on the portable host lives at `/home/bobby/.ssh/config` and uses `ts-` prefix for Tailscale IP aliases. Fleet aliases are primary LAN, Tailscale fallback. + +--- + +## DNS Reminders + +| Context | Primary | Fallback | Notes | +|---------|---------|----------|-------| +| PVE nodes /etc/resolv.conf | 192.168.7.7 | 192.168.18.1, 1.1.1.1 | Technitium internal | +| Technitium forwarder | tls://1.1.1.1 | tls://1.0.0.1 | Cloudflare DoT | +| Router default | Cloudflare 1.1.1.1 | — | For non-fleet devices | Last updated: 2026-05-31 by F.R.I.D.A.Y.