Iron-Legion/documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Iron-Legion:794ed411e0a097ff818be689a9ce6178e9b51c50
Branches Tags
Iron-Legion:main
...
compare: Iron-Legion:2175a93312e2e4d2d9b6f653b1ec5e6683c4352b
Branches Tags
Iron-Legion:main

2 Commits
794ed411e0 ... 2175a93312

Author SHA1 Message Date
F.R.I.D.A.Y.
2175a93312 fix(fleet): correct admin cheat sheet armor names, DNS, Igor 
Changes:
- Fix armor codenames: MK-34=Southpaw (was Igor), MK-39=Gemini (was Starboost), MK-42=Extremis (was Bones)
- Add Igor (MK-38) as utility node (192.168.10.211, ZimaOS NAS)
- Add DNS Configuration section with correct fallbacks (192.168.18.1, 1.1.1.1)
- Add Cinnamint portable host entry
- Add DNS Reminders table
- Add Shield IP drift note
- Fix SSH topology notes (friday@hermes key, ts- prefix)
- Add igor.ai.home A record
 2026-05-31 22:26:01 -04:00
F.R.I.D.A.Y.
784e6ab658 fix(procedure): correct DNS fallbacks in PVE post-install 2026-05-31 22:25:50 -04:00
2 changed files with 107 additions and 70 deletions
Expand all files Collapse all files

173
fleet/admin-cheat-sheet.md
View File

@@ -1,7 +1,7 @@
# Iron Legion Fleet Admin Cheat Sheet # Iron Legion Fleet Admin Cheat Sheet
Generated: 2026-05-31 **Generated:** 2026-05-31
Maintainer: F.R.I.D.A.Y. (Hermes Agent) **Maintainer:** F.R.I.D.A.Y. (Hermes Agent)
--- ---
@@ -26,31 +26,34 @@ Maintainer: F.R.I.D.A.Y. (Hermes Agent)
### Swarm Manager ### Swarm Manager
- Hostname: mark-vii.ai.home - Hostname: mk7.ai.home
- Armor Code: MK-7 - Armor Code: MK-7
- LAN IP: 192.168.7.7 - LAN IP: 192.168.7.7
- Tailscale IP: 100.66.70.51 - Tailscale IP: 100.66.70.51
- Role: Swarm Manager, DNS, Traefik, Portainer, PegaProx - Role: Swarm Manager, Technitium DNS, Traefik, Portainer, PegaProx
- CPUs: 18 | RAM: 15 GB | Disk: 916 GB - CPUs: 18 | RAM: 15 GB | Disk: 916 GB
### Worker Nodes G9 (Proxmox VE) ### Worker Nodes G9 (Proxmox VE)
| Armor | Hostname | LAN IP | Tailscale IP | MAC | Status | | Armor | Name | Hostname | LAN IP | Tailscale IP | MAC | Status |
|-------|----------|--------|--------------|-----|--------| |-------|------|----------|--------|--------------|-----|--------|
| MK-33 | mk33.ai.home | 192.168.7.33 | TBD | E0-51-D8-1C-5D-56 | Online (PVE) | | MK-33 | Silver Centurion | mk33.ai.home | 192.168.7.33 | 100.125.155.41 | E0-51-D8-1C-5D-56 | Online (PVE) |
| MK-34 | mk34.ai.home | 192.168.7.34 | TBD | E0-51-D8-1C-5C-75 | Online (PVE) | | MK-34 | Southpaw | mk34.ai.home | 192.168.7.34 | 100.94.190.43 | E0-51-D8-1C-5C-75 | Online (PVE) |
| MK-39 | mk39.ai.home | 192.168.7.39 | TBD | PENDING | Online (PVE) | | MK-39 | Gemini | mk39.ai.home | 192.168.7.39 | 100.125.155.41 | PENDING | Online (PVE) |
| MK-42 | mk42.ai.home | 192.168.7.42 | TBD | PENDING | Not Installed | | MK-42 | Extremis | mk42.ai.home | 192.168.7.42 | TBD | PENDING | Offline (not installed) |
### Utility Nodes ### Utility Nodes
| Armor | Hostname | LAN IP | Tailscale IP | Role | | Hostname | LAN IP | Tailscale IP | Role |
|-------|----------|--------|--------------|------| |----------|--------|--------------|------|
| Neo | nebuchadnezzar.ai.home | 192.168.192.24 | 100.99.123.16 | Nextcloud AIO, Gitea | | nebuchadnezzar.ai.home | 192.168.192.24 | 100.99.123.16 | Nextcloud AIO, Gitea, Git server |
| MK-44 | mark44.ai.home | 192.168.5.214 | TBD | Ollama GPU | | mark44.ai.home | 192.168.5.214 | TBD | Ollama GPU |
| MK-5 | mark5.ai.home | 192.168.6.5 | TBD | TBD | | mark5.ai.home | 192.168.6.5 | TBD | TBD |
| Shield | shield.ai.home | 192.168.10.15 / 192.168.27.205 | - | PXE/iVentoy Server | | shield.ai.home | 192.168.10.15 | - | iVentoy PXE Server |
| Artemis | artemis.ai.home | 192.168.15.182 | 100.100.97.18 | Discord Gateway | | artemis.ai.home | 192.168.15.182 | 100.100.97.18 | Discord Gateway |
| igor.ai.home | 192.168.10.211 | TBD | ZimaOS NAS (Mark XXXVIII) |
> **Note:** `igor.ai.home` is a separate physical node (ZimaOS NAS). Do NOT confuse with any armor codename.
### Mission Control ### Mission Control
@@ -58,6 +61,32 @@ Maintainer: F.R.I.D.A.Y. (Hermes Agent)
- OS: Windows 11 - OS: Windows 11
- Role: Workstation - Role: Workstation
- Type: Separate physical machine - Type: Separate physical machine
- Tailscale IP: 100.96.128.121
### Portable Agent Host
- Hostname: cinnamint.ai.home (inferred)
- Role: Hermes Agent USB-portable host
- Tailscale IP: 100.99.65.75
---
## DNS Configuration
**Primary Authoritative DNS:** MK7 (Technitium)
- LAN: 192.168.7.7
- Tailscale: 100.66.70.51
- Web UI: http://dns.ai.home:5380
**Technitium Upstream Forwarder:** tls://1.1.1.1 (Cloudflare DoT)
- Fallback: tls://1.0.0.1
**Fleet Node DNS Fallbacks** (for /etc/resolv.conf when not using DNS proxy):
- Primary: 192.168.7.7 (Technitium)
- Secondary: 192.168.18.1 (Router / Gateway DNS)
- Tertiary: 1.1.1.1 (Cloudflare)
**Internal Domain:** `*.ai.home` — authoritative on Technitium, also via Tailscale MagicDNS split-brain.
--- ---
@@ -70,27 +99,12 @@ Maintainer: F.R.I.D.A.Y. (Hermes Agent)
| **Deploy mode** | Docker Swarm — `host` publish mode | | **Deploy mode** | Docker Swarm — `host` publish mode |
| **Network** | `traefik-public` overlay | | **Network** | `traefik-public` overlay |
| **SSL** | Self-signed cert (`CN=PegaProx`, auto-generated) | | **SSL** | Self-signed cert (`CN=PegaProx`, auto-generated) |
| **Default user** | `pegaprox` (password changed by user) | | **Default user** | `pegaprox` (password change required on first login) |
| **Cluster IDs** | MK33=`726eb477`, MK34=`df6f5e5d`, MK39=`9711704b` | | **Cluster IDs** | MK33=`726eb477`, MK34=`df6f5e5d`, MK39=`9711704b` |
### PegaProx Users **Admin password must be changed on first login.**
| Username | Display Name | Role | Auth | Notes |
|----------|-------------|------|------|-------|
| `pegaprox` | PegaProx Admin | admin | local | Original default account; password changed |
| `artemis` | Artemis | admin | local | Fleet automation / Discord gateway |
| `friday` | F.R.I.D.A.Y. | admin | local | Hermes portable agent |
### Connected Clusters
| Cluster | ID | Host | Status | Nodes Online |
|---------|-----|------|--------|-------------|
| MK33 | `726eb477` | `192.168.7.33` | running | TBD |
| MK34 | `df6f5e5d` | `192.168.7.34` | running | TBD |
| MK39 | `9711704b` | `192.168.7.39` | running | TBD |
### API Notes
**API notes:**
- Add cluster: `host` field must be **bare IP only** (no `:8006` — PegaProx appends port internally) - Add cluster: `host` field must be **bare IP only** (no `:8006` — PegaProx appends port internally)
- CSRF protection requires `X-Requested-With: XMLHttpRequest` on state-changing API calls - CSRF protection requires `X-Requested-With: XMLHttpRequest` on state-changing API calls
- Exempt paths: `/api/auth/login`, `/api/auth/setup`, `/api/health` - Exempt paths: `/api/auth/login`, `/api/auth/setup`, `/api/health`
@@ -157,36 +171,42 @@ All Proxmox auto-install ISOs are **remastered** with:
### A Records ### A Records
- traefik.ai.home -> 192.168.7.7 | Record | IP |
- mk7.ai.home -> 192.168.7.7 |--------|-----|
- mk33.ai.home -> 192.168.7.33 | traefik.ai.home | 192.168.7.7 |
- mk34.ai.home -> 192.168.7.34 | mk7.ai.home | 192.168.7.7 |
- mk39.ai.home -> 192.168.7.39 | mk33.ai.home | 192.168.7.33 |
- mk42.ai.home -> 192.168.7.42 | mk34.ai.home | 192.168.7.34 |
- mark44.ai.home -> 192.168.5.214 | mk39.ai.home | 192.168.7.39 |
- mark5.ai.home -> 192.168.6.5 | mk42.ai.home | 192.168.7.42 |
- nebuchadnezzar.ai.home -> 192.168.192.24 | mark44.ai.home | 192.168.5.214 |
- shield.ai.home -> 192.168.10.15 | mark5.ai.home | 192.168.6.5 |
| nebuchadnezzar.ai.home | 192.168.192.24 |
| shield.ai.home | 192.168.10.15 |
| artemis.ai.home | 192.168.15.182 |
| igor.ai.home | 192.168.10.211 |
--- ---
## SSH Topology ## SSH Topology
Portable Host (F.R.I.D.A.Y.) ```
| Portable Host (F.R.I.D.A.Y.)
+---> artemis.ai.home via id_ed25519 |
| +---> mk7.ai.home via artemis_key +---> artemis.ai.home via id_ed25519
| | +---> mk7.ai.home via artemis_key
+---> shield via jarvis user |
| +---> PXE subnet 192.168.10.0/27 +---> shield via jarvis user
| | +---> PXE subnet 192.168.10.0/27
+---> mk33-42 via bobby user (legacy subnet) |
| +---> nebuchadnezzar via jarvis user
+---> nebuchadnezzar via jarvis user |
+---> mk33-42 via root (key-based, id_ed25519)
```
Key Files: **Key Files:**
- ~/.ssh/id_ed25519 — bobby@cinnamint - `~/.ssh/id_ed25519` — bobby@cinnamint, also injected as `friday@hermes` into PVE nodes
- ~/.ssh/artemis_key — MK7 jump-host - `~/.ssh/artemis_key` — MK7 jump-host
--- ---
@@ -195,27 +215,44 @@ Key Files:
| Code | Name | System | | Code | Name | System |
|------|------|--------| |------|------|--------|
| MK-7 | Mark VII | Swarm Manager | | MK-7 | Mark VII | Swarm Manager |
| MK-33 | Silver Centurion | Worker | | MK-33 | Silver Centurion | PVE Worker |
| MK-34 | Igor | Worker | | MK-34 | Southpaw | PVE Worker |
| MK-39 | Starboost | Worker | | MK-39 | Gemini | PVE Worker |
| MK-42 | Bones | Worker | | MK-42 | Extremis | PVE Worker (offline) |
| MK-44 | Hulkbuster | GPU/Ollama | | MK-44 | Hulkbuster | GPU/Ollama |
| MK-5 | Mark 5 | TBD | | MK-5 | Mark 5 | TBD |
| MK-38 | Igor | ZimaOS NAS (separate physical node) |
| J.A.R.V.I.S. | Judicious Automated... | Dashboard | | J.A.R.V.I.S. | Judicious Automated... | Dashboard |
| F.R.I.D.A.Y. | Field-Ready Runtime... | Portable Agent | | F.R.I.D.A.Y. | Field-Ready Runtime... | Portable Agent |
| A.R.T.E.M.I.S. | Advanced Real-Time... | Discord | | A.R.T.E.M.I.S. | Advanced Real-Time... | Discord Gateway |
| NEO | Nebuchadnezzar | Nextcloud | | NEO | Nebuchadnezzar | Nextcloud/Gitea |
| SHIELD | - | PXE Server | | SHIELD | - | PXE Server |
> **Note:** `Igor` is **MK-38** (ZimaOS NAS at 192.168.10.211). It is NOT MK-34.
--- ---
## Notes ## Notes
- iVentoy Free does NOT support per-MAC ISO binding. - iVentoy Free does NOT support per-MAC ISO binding.
- Shield PXE subnet isolated via ip_forward=0. - Shield PXE subnet isolated via ip_forward=0. Canonical wired IP: 192.168.10.15/27.
- Mission Control is separate physical machine. - Shield live state may show 192.168.128.33/27 from DHCP/cloud-init drift — canonical config is source-of-truth.
- All *.ai.home resolve via Technitium DNS. - Mission Control is a separate physical machine — reserved hostname must NOT be used for DNS aliases or services.
- All `*.ai.home` resolve via Technitium DNS (192.168.7.7).
- PegaProx deployed on MK7 Swarm in `host` mode (not routed through Traefik). - PegaProx deployed on MK7 Swarm in `host` mode (not routed through Traefik).
- iVentoy Pro upgrade pending — private repo link awaited from vendor. - iVentoy Pro upgrade pending — private repo link awaited from vendor.
- Gitea: `gitea.nb.bobbysh.me` (ssh://100.99.123.16:2222).
- Hermes portable sessions on Artemis use `HOME=/home/bobby/1/Hermes-USB-Portable-main/.cache/unix-home`.
- Bobby's SSH config on the portable host lives at `/home/bobby/.ssh/config` and uses `ts-` prefix for Tailscale IP aliases. Fleet aliases are primary LAN, Tailscale fallback.
---
## DNS Reminders
| Context | Primary | Fallback | Notes |
|---------|---------|----------|-------|
| PVE nodes /etc/resolv.conf | 192.168.7.7 | 192.168.18.1, 1.1.1.1 | Technitium internal |
| Technitium forwarder | tls://1.1.1.1 | tls://1.0.0.1 | Cloudflare DoT |
| Router default | Cloudflare 1.1.1.1 | — | For non-fleet devices |
Last updated: 2026-05-31 by F.R.I.D.A.Y. Last updated: 2026-05-31 by F.R.I.D.A.Y.

4
procedures/pve-post-install-optimization.md
View File

@@ -150,8 +150,8 @@ Verify: Log into the web UI — no subscription warning should appear.
cat > /etc/resolv.conf <<'DNS_EOF' cat > /etc/resolv.conf <<'DNS_EOF'
search ai.home search ai.home
nameserver 192.168.7.7 nameserver 192.168.7.7
nameserver 192.168.0.1 nameserver 192.168.18.1
nameserver 8.8.8.8 nameserver 1.1.1.1
DNS_EOF DNS_EOF
``` ```