documentation/fleet/admin-cheat-sheet.md

Iron Legion Fleet Admin Cheat Sheet

Generated: 2026-05-31 Maintainer: F.R.I.D.A.Y. (Hermes Agent)

---

Quick Access Links

Service	URL / Endpoint	Notes
iVentoy PXE Server	http://192.168.27.205:26000	Shield WiFi fallback
PegaProx	https://192.168.7.7:5000	PVE Cluster Manager (host mode)
Portainer	https://portainer.ai.home	Swarm Manager
Traefik Dashboard	https://traefik.ai.home:8080	Proxy/Router
Technitium DNS	https://dns.ai.home:5380	DNS Server
Beszel Monitoring	https://beszel.ai.home	Fleet Metrics
Dozzle	https://dozzle.ai.home	Container Logs
Homepage	https://home.ai.home	Service Portal
Prometheus	https://prometheus.ai.home	Metrics DB
Authelia	https://auth.ai.home	SSO Portal

---

Fleet Node Inventory

Swarm Manager

• Hostname: mark-vii.ai.home
• Armor Code: MK-7
• LAN IP: 192.168.7.7
• Tailscale IP: 100.66.70.51
• Role: Swarm Manager, DNS, Traefik, Portainer, PegaProx
• CPUs: 18 | RAM: 15 GB | Disk: 916 GB

Worker Nodes G9 (Proxmox VE)

Armor	Hostname	LAN IP	Tailscale IP	MAC	Status
MK-33	mk33.ai.home	192.168.7.33	TBD	E0-51-D8-1C-5D-56	Online (PVE)
MK-34	mk34.ai.home	192.168.7.34	TBD	E0-51-D8-1C-5C-75	Online (PVE)
MK-39	mk39.ai.home	192.168.7.39	TBD	PENDING	Online (PVE)
MK-42	mk42.ai.home	192.168.7.42	TBD	PENDING	Not Installed

Utility Nodes

Armor	Hostname	LAN IP	Tailscale IP	Role
Neo	nebuchadnezzar.ai.home	192.168.192.24	100.99.123.16	Nextcloud AIO, Gitea
MK-44	mark44.ai.home	192.168.5.214	TBD	Ollama GPU
MK-5	mark5.ai.home	192.168.6.5	TBD	TBD
Shield	shield.ai.home	192.168.10.15 / 192.168.27.205	-	PXE/iVentoy Server
Artemis	artemis.ai.home	192.168.15.182	100.100.97.18	Discord Gateway

Mission Control

• Hostname: mission-control.ai.home
• OS: Windows 11
• Role: Workstation
• Type: Separate physical machine

---

PegaProx — Proxmox VE Cluster Manager

Attribute	Value
Host	MK7 (192.168.7.7)
Ports	5000 (HTTPS UI/API), 5001 (VNC WebSocket), 5002 (SSH WebSocket)
Deploy mode	Docker Swarm — host publish mode
Network	traefik-public overlay
SSL	Self-signed cert (CN=PegaProx, auto-generated)
Default user	pegaprox (password changed by user)
Cluster IDs	MK33=726eb477, MK34=df6f5e5d, MK39=9711704b

PegaProx Users

Username	Display Name	Role	Auth	Notes
pegaprox	PegaProx Admin	admin	local	Original default account; password changed
artemis	Artemis	admin	local	Fleet automation / Discord gateway
friday	F.R.I.D.A.Y.	admin	local	Hermes portable agent

Connected Clusters

Cluster	ID	Host	Status	Nodes Online
MK33	726eb477	192.168.7.33	running	TBD
MK34	df6f5e5d	192.168.7.34	running	TBD
MK39	9711704b	192.168.7.39	running	TBD

API Notes

• Add cluster: host field must be bare IP only (no :8006 — PegaProx appends port internally)
• CSRF protection requires X-Requested-With: XMLHttpRequest on state-changing API calls
• Exempt paths: /api/auth/login, /api/auth/setup, /api/health

---

iVentoy PXE Configuration

• Server: shield.ai.home — 192.168.10.15/27
• WebUI: http://192.168.27.205:26000
• Subnet: 192.168.10.0/27
• Pool: 192.168.10.20 to 192.168.10.30
• MAC Filter: Permit mode
• Edition: iVentoy Free (Pro upgrade pending — private repo link awaited)

Registered ISOs

ISO	Node	Purpose
proxmox-mk33-auto.iso	MK-33	PVE 9.2 Auto-Install
proxmox-mk34-auto.iso	MK-34	PVE 9.2 Auto-Install
proxmox-mk39-auto.iso	MK-39	PVE 9.2 Auto-Install
proxmox-mk42-auto.iso	MK-42	PVE 9.2 Auto-Install
proxmox-ve_9.2-1.iso	-	Original PVE ISO
ubuntu-24.04.3-live-server-amd64.iso	-	Ubuntu Autoinstall

Whitelisted MACs

• E0-51-D8-1C-5D-CA (Legacy)
• E0-51-D8-1C-5D-5C (Legacy)
• E0-51-D8-1C-5D-56 (MK-33)
• E0-51-D8-1C-5C-75 (MK-34)
• PENDING: MK-39
• PENDING: MK-42

Post-Install: Remove MAC from whitelist. Node boots local disk, gets production IP.

ISO Remastering Notes

All Proxmox auto-install ISOs are remastered with:

1. Embedded answer URL — each ISO points to http://192.168.10.15:8080/pve/answers/mkNN.toml (server URL hardcoded; node IP assigned by DHCP)
2. UEFI gfxmode locked — strict 1024x768 (fallback 640x480 removed)
3. Per-ISO answer files — mk33.toml, mk34.toml, mk39.toml, mk42.toml in /opt/iventoy/user/answers/

iVentoy Free does NOT support per-MAC ISO binding. Remastered ISOs achieve per-node provisioning via embedded answer URLs.

---

DNS Records

CNAME to traefik.ai.home — A: 192.168.7.7

• artemis.ai.home
• hermes.ai.home
• n8n.ai.home
• pgadmin.ai.home
• portainer.ai.home
• beszel.ai.home
• dozzle.ai.home
• prometheus.ai.home
• homepage.ai.home
• auth.ai.home
• dns.ai.home

A Records

• traefik.ai.home -> 192.168.7.7
• mk7.ai.home -> 192.168.7.7
• mk33.ai.home -> 192.168.7.33
• mk34.ai.home -> 192.168.7.34
• mk39.ai.home -> 192.168.7.39
• mk42.ai.home -> 192.168.7.42
• mark44.ai.home -> 192.168.5.214
• mark5.ai.home -> 192.168.6.5
• nebuchadnezzar.ai.home -> 192.168.192.24
• shield.ai.home -> 192.168.10.15

---

SSH Topology

Portable Host (F.R.I.D.A.Y.)
    |
    +---> artemis.ai.home via id_ed25519
    |         +---> mk7.ai.home via artemis_key
    |
    +---> shield via jarvis user
    |         +---> PXE subnet 192.168.10.0/27
    |
    +---> mk33-42 via bobby user (legacy subnet)
    |
    +---> nebuchadnezzar via jarvis user

Key Files:

• ~/.ssh/id_ed25519 — bobby@cinnamint
• ~/.ssh/artemis_key — MK7 jump-host

---

Armor Codenames

Code	Name	System
MK-7	Mark VII	Swarm Manager
MK-33	Silver Centurion	Worker
MK-34	Igor	Worker
MK-39	Starboost	Worker
MK-42	Bones	Worker
MK-44	Hulkbuster	GPU/Ollama
MK-5	Mark 5	TBD
J.A.R.V.I.S.	Judicious Automated...	Dashboard
F.R.I.D.A.Y.	Field-Ready Runtime...	Portable Agent
A.R.T.E.M.I.S.	Advanced Real-Time...	Discord
NEO	Nebuchadnezzar	Nextcloud
SHIELD	-	PXE Server

---

Notes

• iVentoy Free does NOT support per-MAC ISO binding.
• Shield PXE subnet isolated via ip_forward=0.
• Mission Control is separate physical machine.
• All *.ai.home resolve via Technitium DNS.
• PegaProx deployed on MK7 Swarm in host mode (not routed through Traefik).
• iVentoy Pro upgrade pending — private repo link awaited from vendor.

Last updated: 2026-05-31 by F.R.I.D.A.Y.