Initial commit: homelab infrastructure wiki

- Full Obsidian vault content - Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte) - Media stack documentation - Traefik HA setup - Automation scripts - Bachelor party planning
2026-05-24 16:08:40 -07:00
parent d132442429
commit e4d91aadf9
285 changed files with 30018 additions and 0 deletions
--- a/homelab/entities/ice.md
+++ b/homelab/entities/ice.md
@@ -0,0 +1,96 @@
+---
+title: ice
+created: 2026-04-28
+updated: 2026-04-29
+type: entity
+tags: [hosts, rpi, control-plane]
+sources: []
+---
+
+# ice
+
+**Role:** Control plane node — primary Hermes Agent host, GitOps origin
+**IP:** 192.168.50.197
+**Hostname:** ice
+**Uptime:** 15 days, 10h (as of 2026-04-28)
+
+## Overview
+
+ice is the control plane of the homelab cluster. It runs the primary Hermes Agent instance and OpenCode backend. All GitOps workflows originate here — configs are edited in the repo (`/home/bear/homelab/`), committed, and pushed to Gitea, which triggers runners on each host.
+
+## Hardware
+
+| Spec | Detail |
+|------|--------|
+| Model | Raspberry Pi 4 |
+| CPU | ARM Cortex-A72 (4 cores) |
+| RAM | 7.6 GB total, 2.4 GB available, 5.2 GB used |
+| Storage | 939 GB microSD/USB SSD (`/dev/sda2`), 45 GB used (5%) |
+| Swap | None |
+| Network | Gigabit Ethernet |
+| IP | 192.168.50.197 |
+
+## Systemd Services (Running)
+
+| Service | Purpose |
+|---------|---------|
+| `cabo-voting.service` | Cabo Bachelor Party Voting App |
+| `chrony.service` | NTP client/server |
+| `containerd.service` | Container runtime |
+| `docker.service` | Docker engine |
+| `fail2ban.service` | Intrusion prevention |
+| `hermes-dashboard.service` | Hermes Agent Web Dashboard |
+| `hermes-gateway-watchdog.timer` | Cron watchdog for hermes-gateway, Telegram alerts |
+| `netplan-wpa-wlan0.service` | WLAN WPA supplicant |
+| `nfs-blkmap.service` | pNFS block layout mapping |
+| `opencode-web.service` | OpenCode Web Interface |
+| `rpcbind.service` | RPC portmapper |
+| `rsyslog.service` | System logging |
+| `snapd.service` | Snap daemon |
+| `ssh.service` | OpenSSH server |
+| `unattended-upgrades.service` | Automatic security updates |
+| `user@1000.service` | User session manager |
+
+## Docker Containers
+
+| Container | Port | Purpose |
+|-----------|------|---------|
+| `camofox` | 9377 | Firefox browser automation |
+| `hermes-dashboard` | — | Hermes Agent web UI |
+| `opencode-web` | 4096 | OpenCode web interface |
+
+## Docker Networks
+
+`bridge`, `host`, `none` (default drivers only — no custom overlay networks)
+
+## NFS Mounts
+
+None configured on ice.
+
+## Hermes Gateway Watchdog
+
+`/home/bear/hermes-gateway-watchdog.sh` runs via system cron on ice:
+1. Checks if hermes-gateway is responsive
+2. On failure: direct restart → tmux+OpenCode rescue if still down
+3. Sends Telegram notification on failure to topic 1033 "Cron Jobs" (bot: `836803270:AAH-Ac5Y`)
+
+## GitOps Context
+
+1. Configs edited in `/home/bear/homelab/` (git worktrees)
+2. Pushed to Gitea (`gitea.tophermayor.com`)
+3. Runner SSHs to each host, pulls, runs `sync-configs.sh`
+4. Systemd services reload
+
+## Access
+
+```bash
+ssh bear@192.168.50.197
+```
+
+## Related
+
+- [[grizzley]] — RPi5 edge node, Traefik HA backup
+- [[ubuntu]] — Main Docker host (~70 containers)
+- [[proxmox]] — Hypervisor (may host ice as VM)
+- [[hermes-gateway]] — AI gateway on ice
+- [[truenas]] — NFS/S3 storage backend