TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4d91aadf968847e84a84f31c806d8f408ac4488
hermes-ice/homelab/entities/grizzley.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

124 lines
4.4 KiB
Markdown
Raw Blame History

---
title: grizzley
created: 2026-04-28
updated: 2026-04-29
type: entity
tags: [hosts, rpi, edge, ha]
sources: []
---
# grizzley
**Role:** Edge node — Traefik HA backup, Jellyfin media server, Hermes Gateway secondary
**IP:** 192.168.50.84
**Hostname:** grizzley
**Uptime:** 1 day, 14h (as of 2026-04-28 — recently rebooted)
## Overview
grizzley is the edge node of the homelab cluster. It serves as the Traefik HA backup node (via keepalived VRRP), runs Jellyfin for media streaming, and hosts the secondary Hermes Gateway instance. It also has `/mnt/fast_share` as a fast local SSD mount.
## Hardware
| Spec | Detail |
|------|--------|
| Model | Raspberry Pi 5 |
| CPU | ARM Cortex-A76 (4 cores) |
| RAM | 7.7 GB total, 3.7 GB available, 4.0 GB used |
| Swap | 6.0 GB total, 2.0 GB used |
| Storage | 917 GB (`/dev/sdc2`, 8% used, 68 GB) |
| Fast Storage | 916 GB `/mnt/fast_share` (`/dev/sdb1`, 1% used, 4.1 GB) — fast SSD mount |
| Network | Gigabit Ethernet |
| IP | 192.168.50.84 |
## Systemd Services (Running)
| Service | Purpose |
|---------|---------|
| `alert-bridge.service` | Prometheus → Telegram alert bridge (zero AI) |
| `chrony.service` | NTP client/server |
| `containerd.service` | Container runtime |
| `docker.service` | Docker engine |
| `fail2ban.service` | Intrusion prevention |
| `hermes-dashboard.service` | Hermes Agent Web Dashboard |
| `hermes-gateway.service` | Hermes Agent Gateway — messaging platform integration |
| `keepalived.service` | VRRP for Traefik HA (BACKUP mode) |
| `nfs-blkmap.service` | pNFS block layout mapping daemon |
| `nfs-idmapd.service` | NFSv4 ID-name mapping |
| `nfs-mountd.service` | NFS mount daemon |
| `nfsdcld.service` | NFSv4 client tracking |
| `opencode-web.service` | OpenCode Web Interface |
| `rpc-statd.service` | NFS status monitor |
| `rpcbind.service` | RPC portmapper |
| `rsyslog.service` | System logging |
| `snapd.service` | Snap daemon |
| `ssh.service` | OpenSSH server |
| `snap.cups.*` | CUPS printing services |
## Docker Containers
| Container | Port(s) | Status | Purpose |
|-----------|---------|--------|---------|
| `aiomanager` | 1610/tcp | healthy | AI orchestration |
| `aiomanager_db` | 5432/tcp | healthy | PostgreSQL for aiomanager |
| `aiometadata` | 1337/tcp | healthy | AI metadata service |
| `aiometadata-redis` | 6379/tcp | healthy | Redis for aiometadata |
| `aiostreams` | 3002/tcp | healthy | AI streaming service |
| `homepage-grizzley` | 3000/tcp | healthy | Homepage dashboard |
| `jellyfin` | 8096, 9090/tcp | healthy | Media server |
| `komodo` | 9120/tcp | healthy | AI service |
| `komodo-mongo` | 27017/tcp | — | MongoDB for komodo |
| `traefik-pi` | 80,443,2222,8080/tcp; 19132,19134,443/udp | healthy | Traefik edge ingress (HA cert generation) |
| `uptime-kuma` | 3001/tcp | healthy | Uptime monitoring |
| `vaultwarden` | 80/tcp | healthy | Password manager |
## Docker Networks
| Network | Driver | Purpose |
|---------|--------|---------|
| `aiomanager_default` | bridge | aiomanager stack |
| `aiometadata_aiometadata-internal` | bridge | aiometadata internal |
| `komodo_komodo-internal` | bridge | komodo internal |
| `homepage_default` | bridge | Homepage |
| `traefik-proxy` | bridge | Traefik ingress |
| `desktop-test_default` | bridge | Desktop test stack |
## NFS Mounts
```
192.168.50.12:/mnt/TrueNAS/traefik-certs/grizzley → /mnt/truenas/traefik-certs/grizzley (nfs4, rw, tcp, hard)
```
TrueNAS NFS share for Traefik TLS certificate sync. Both traefik-pi (grizzley) and traefik (ubuntu) share the same wildcard cert via this mount.
## Traefik HA (Keepalived VRRP)
grizzley is the **BACKUP** Traefik node. VRRP runs on `eth0.50` (VLAN 50):
```
virtual_router_id: 51
priority: 90 (BACKUP — ubuntu is PRIMARY at higher priority)
virtual_ipaddress: 192.168.50.80/27
auth_type: PASS, auth_pass: HomelabH
check_script: /etc/keepalived/check_traefik.sh (interval 2s, fall 2, rise 2)
```
When ubuntu Traefik fails, keepalived promotes grizzley to MASTER and the virtual IP moves here.
## Access
```bash
ssh bear@192.168.50.84
```
**Note:** NFS client services run automatically. `/etc/keepalived/keepalived.conf` has the VRRP config.
## Related
- [[ice]] — Control plane, primary agent host
- [[ubuntu]] — Main Docker host, Traefik PRIMARY partner
- [[truenas]] — NFS storage backend (cert sync)
- [[traefik]] — Traefik entity
- [[jellyfin]] — Media server running on grizzley
- [[hermes-gateway]] — Hermes Gateway secondary
Reference in New Issue View Git Blame Copy Permalink