hermes-ice/homelab/entities/ice.md

---
title: ice
created: 2026-04-28
updated: 2026-04-29
type: entity
tags: [hosts, rpi, control-plane]
sources: []
---

# ice

**Role:** Control plane node — primary Hermes Agent host, GitOps origin
**IP:** 192.168.50.197
**Hostname:** ice
**Uptime:** 15 days, 10h (as of 2026-04-28)

## Overview

ice is the control plane of the homelab cluster. It runs the primary Hermes Agent instance and OpenCode backend. All GitOps workflows originate here — configs are edited in the repo (`/home/bear/homelab/`), committed, and pushed to Gitea, which triggers runners on each host.

## Hardware

| Spec | Detail |
|------|--------|
| Model | Raspberry Pi 4 |
| CPU | ARM Cortex-A72 (4 cores) |
| RAM | 7.6 GB total, 2.4 GB available, 5.2 GB used |
| Storage | 939 GB microSD/USB SSD (`/dev/sda2`), 45 GB used (5%) |
| Swap | None |
| Network | Gigabit Ethernet |
| IP | 192.168.50.197 |

## Systemd Services (Running)

| Service | Purpose |
|---------|---------|
| `cabo-voting.service` | Cabo Bachelor Party Voting App |
| `chrony.service` | NTP client/server |
| `containerd.service` | Container runtime |
| `docker.service` | Docker engine |
| `fail2ban.service` | Intrusion prevention |
| `hermes-dashboard.service` | Hermes Agent Web Dashboard |
| `hermes-gateway-watchdog.timer` | Cron watchdog for hermes-gateway, Telegram alerts |
| `netplan-wpa-wlan0.service` | WLAN WPA supplicant |
| `nfs-blkmap.service` | pNFS block layout mapping |
| `opencode-web.service` | OpenCode Web Interface |
| `rpcbind.service` | RPC portmapper |
| `rsyslog.service` | System logging |
| `snapd.service` | Snap daemon |
| `ssh.service` | OpenSSH server |
| `unattended-upgrades.service` | Automatic security updates |
| `user@1000.service` | User session manager |

## Docker Containers

| Container | Port | Purpose |
|-----------|------|---------|
| `camofox` | 9377 | Firefox browser automation |
| `hermes-dashboard` | — | Hermes Agent web UI |
| `opencode-web` | 4096 | OpenCode web interface |

## Docker Networks

`bridge`, `host`, `none` (default drivers only — no custom overlay networks)

## NFS Mounts

None configured on ice.

## Hermes Gateway Watchdog

`/home/bear/hermes-gateway-watchdog.sh` runs via system cron on ice:
1. Checks if hermes-gateway is responsive
2. On failure: direct restart → tmux+OpenCode rescue if still down
3. Sends Telegram notification on failure to topic 1033 "Cron Jobs" (bot: `836803270:AAH-Ac5Y`)

## GitOps Context

1. Configs edited in `/home/bear/homelab/` (git worktrees)
2. Pushed to Gitea (`gitea.tophermayor.com`)
3. Runner SSHs to each host, pulls, runs `sync-configs.sh`
4. Systemd services reload

## Access

```bash
ssh bear@192.168.50.197
```

## Related

- [[grizzley]] — RPi5 edge node, Traefik HA backup
- [[ubuntu]] — Main Docker host (~70 containers)
- [[proxmox]] — Hypervisor (may host ice as VM)
- [[hermes-gateway]] — AI gateway on ice
- [[truenas]] — NFS/S3 storage backend