documentation/fleet/admin-cheat-sheet.md

Iron Legion Fleet Admin Cheat Sheet

Generated: 2026-05-31 Maintainer: F.R.I.D.A.Y. (Hermes Agent)

---

Quick Access Links

Service	URL / Endpoint	Notes
iVentoy PXE Server	http://192.168.27.205:26000	Shield WiFi fallback
PegaProx	https://192.168.7.7:5000	PVE Cluster Manager (host mode)
Portainer	https://portainer.ai.home	Swarm Manager
Traefik Dashboard	https://traefik.ai.home:8080	Proxy/Router
Technitium DNS	https://dns.ai.home:5380	DNS Server
Beszel Monitoring	https://beszel.ai.home	Fleet Metrics
Dozzle	https://dozzle.ai.home	Container Logs
Homepage	https://home.ai.home	Service Portal
Prometheus	https://prometheus.ai.home	Metrics DB
Authelia	https://auth.ai.home	SSO Portal

---

Fleet Node Inventory

Swarm Manager

• Hostname: mark-vii.ai.home
• Armor Code: MK-7
• LAN IP: 192.168.7.7
• Tailscale IP: 100.66.70.51
• Role: Swarm Manager, DNS, Traefik, Portainer, PegaProx
• CPUs: 18 | RAM: 15 GB | Disk: 916 GB

Worker Nodes G9 (Proxmox VE)

Armor	Hostname	LAN IP	Tailscale IP	MAC	Status
MK-33	mk33.ai.home	192.168.7.33	TBD	E0-51-D8-1C-5D-56	Online (PVE)
MK-34	mk34.ai.home	192.168.7.34	TBD	E0-51-D8-1C-5C-75	Online (PVE)
MK-39	mk39.ai.home	192.168.7.39	TBD	PENDING	Online (PVE)
MK-42	mk42.ai.home	192.168.7.42	TBD	PENDING	Not Installed

Utility Nodes

Armor	Hostname	LAN IP	Tailscale IP	Role
Neo	nebuchadnezzar.ai.home	192.168.192.24	100.99.123.16	Nextcloud AIO, Gitea
MK-44	mark44.ai.home	192.168.5.214	TBD	Ollama GPU
MK-5	mark5.ai.home	192.168.6.5	TBD	TBD
Shield	shield.ai.home	192.168.10.15 / 192.168.27.205	-	PXE/iVentoy Server
Artemis	artemis.ai.home	192.168.15.182	100.100.97.18	Discord Gateway

Mission Control

• Hostname: mission-control.ai.home
• OS: Windows 11
• Role: Workstation
• Type: Separate physical machine

---

PegaProx — Proxmox VE Cluster Manager

Attribute	Value
Host	MK7 (192.168.7.7)
Ports	5000 (HTTPS UI/API), 5001 (VNC WebSocket), 5002 (SSH WebSocket)
Deploy mode	Docker Swarm — host publish mode
Network	traefik-public overlay
SSL	Self-signed cert (CN=PegaProx, auto-generated)
Default user	pegaprox (password change required on first login)
Cluster IDs	MK33=726eb477, MK34=df6f5e5d, MK39=9711704b

Admin password must be changed on first login.

API notes:

• Add cluster: host field must be bare IP only (no :8006 — PegaProx appends port internally)
• CSRF protection requires X-Requested-With: XMLHttpRequest on state-changing API calls
• Exempt paths: /api/auth/login, /api/auth/setup, /api/health

---

iVentoy PXE Configuration

• Server: shield.ai.home -- 192.168.10.15/27
• WebUI: http://192.168.27.205:26000
• Subnet: 192.168.10.0/27
• Pool: 192.168.10.20 to 192.168.10.30
• MAC Filter: Permit mode
• Edition: iVentoy Free (Pro upgrade pending -- private repo link awaited)

Registered ISOs

ISO	Node	Purpose
proxmox-mk33-auto.iso	MK-33	PVE 9.2 Auto-Install
proxmox-mk34-auto.iso	MK-34	PVE 9.2 Auto-Install
proxmox-mk39-auto.iso	MK-39	PVE 9.2 Auto-Install
proxmox-mk42-auto.iso	MK-42	PVE 9.2 Auto-Install
proxmox-ve_9.2-1.iso	-	Original PVE ISO
ubuntu-24.04.3-live-server-amd64.iso	-	Ubuntu Autoinstall

Whitelisted MACs

• E0-51-D8-1C-5D-CA (Legacy)
• E0-51-D8-1C-5D-5C (Legacy)
• E0-51-D8-1C-5D-56 (MK-33)
• E0-51-D8-1C-5C-75 (MK-34)
• PENDING: MK-39
• PENDING: MK-42

Post-Install: Remove MAC from whitelist. Node boots local disk, gets production IP.

ISO Remastering Notes

All Proxmox auto-install ISOs are remastered with:

1. Embedded answer URL -- each ISO points to http://192.168.10.15:8080/pve/answers/mkNN.toml (server URL hardcoded; node IP assigned by DHCP)
2. UEFI gfxmode locked -- strict 1024x768 (fallback 640x480 removed)
3. Per-ISO answer files -- mk33.toml, mk34.toml, mk39.toml, mk42.toml in /opt/iventoy/user/answers/

iVentoy Free does NOT support per-MAC ISO binding. Remastered ISOs achieve per-node provisioning via embedded answer URLs.

---

DNS Records

CNAME to traefik.ai.home -- A: 192.168.7.7

• artemis.ai.home
• hermes.ai.home
• n8n.ai.home
• pgadmin.ai.home
• portainer.ai.home
• beszel.ai.home
• dozzle.ai.home
• prometheus.ai.home
• homepage.ai.home
• auth.ai.home
• dns.ai.home

A Records

• traefik.ai.home -> 192.168.7.7
• mk7.ai.home -> 192.168.7.7
• mk33.ai.home -> 192.168.7.33
• mk34.ai.home -> 192.168.7.34
• mk39.ai.home -> 192.168.7.39
• mk42.ai.home -> 192.168.7.42
• mark44.ai.home -> 192.168.5.214
• mark5.ai.home -> 192.168.6.5
• nebuchadnezzar.ai.home -> 192.168.192.24
• shield.ai.home -> 192.168.10.15

---

SSH Topology

Portable Host (F.R.I.D.A.Y.)
    |
    +---> artemis.ai.home via id_ed25519
    |         +---> mk7.ai.home via artemis_key
    |
    +---> shield via jarvis user
    |         +---> PXE subnet 192.168.10.0/27
    |
    +---> mk33-42 via bobby user (legacy subnet)
    |
    +---> nebuchadnezzar via jarvis user

Key Files:

• ~/.ssh/id_ed25519 -- bobby@cinnamint
• ~/.ssh/artemis_key -- MK7 jump-host

---

Armor Codenames

Code	Name	System
MK-7	Mark VII	Swarm Manager
MK-33	Silver Centurion	Worker
MK-34	Igor	Worker
MK-39	Starboost	Worker
MK-42	Bones	Worker
MK-44	Hulkbuster	GPU/Ollama
MK-5	Mark 5	TBD
J.A.R.V.I.S.	Judicious Automated...	Dashboard
F.R.I.D.A.Y.	Field-Ready Runtime...	Portable Agent
A.R.T.E.M.I.S.	Advanced Real-Time...	Discord
NEO	Nebuchadnezzar	Nextcloud
SHIELD	-	PXE Server

---

Notes

• iVentoy Free does NOT support per-MAC ISO binding.
• Shield PXE subnet isolated via ip_forward=0.
• Mission Control is separate physical machine.
• All *.ai.home resolve via Technitium DNS.
• PegaProx deployed on MK7 Swarm in host mode (not routed through Traefik).
• iVentoy Pro upgrade pending -- private repo link awaited from vendor.

Last updated: 2026-05-31 by F.R.I.D.A.Y.