hermes-ice/homelab/entities/panda.md

title, created, updated, type, tags, confidence

title	created	updated	type	tags	confidence
Panda (Home Assistant Host)	2026-05-10	2026-05-10	entity	hosts rpi home-assistant iot smart-home hub	high

Panda — Home Assistant Host

Dedicated Raspberry Pi running Home Assistant OS (HAOS) — the central smart home automation hub for the homelab.

Overview

Field	Value
Hostname	a0d7b954-ssh (HAOS SSH add-on container)
Hardware	Raspberry Pi (BCM)
OS	Home Assistant Operating System
Role	Smart home hub, IoT controller, automation engine
VLAN	IoT VLAN 30 (primary) + Server VLAN 50
IP (VLAN 30)	192.168.30.196
IP (VLAN 50)	192.168.50.196 (currently unreachable via .50)
Domain	ha.tophermayor.com
Port	8123 (HTTP)
Physical Path	UGC Ultra Port 2 → SG108PE trunk

Network

• Primary IP: 192.168.30.196 on IoT VLAN 30 — directly on the IoT subnet for device discovery
• Secondary IP: 192.168.50.196 on Server VLAN 50 — for management access from server network
• Traefik Proxy: Both ubuntu and grizzley Traefik instances route ha.tophermayor.com → 192.168.30.196:8123
• DNS: Cloudflare *.tophermayor.com → Traefik

Network Reconfiguration History

A planned reconfiguration exists at scripts/homelab/HOMEASSISTANT-NETWORK-RECONFIGURE.md to swap the primary interface:

• Target: end0 on VLAN 50 (192.168.50.196) as primary, end0.30 on VLAN 30 (192.168.30.196) as secondary
• This would improve management access while keeping IoT discovery on VLAN 30

SSH Access

• Port 22: Requires password auth (bear user, password-protected)
• Port 22222: Connection refused (Advanced SSH add-on not listening here)
• SSH add-on: "Advanced SSH & Web Terminal" is installed and configured with multiple authorized keys
• Note: Grizzley's SSH key (bear@grizzley) needs to be added to the add-on's authorized_keys for agent access

Active Integrations

Controllers & Hubs

• Matter — Built-in Matter controller via home-assistant-connect-zbt-2
• Thread — Thread Border Router via home-assistant-connect-zbt-2
• ZHA — Zigbee Home Automation via home-assistant-connect-zbt-2
• Apple TV — Office Apple TV 4K gen 3
• Nest — Google Nest Thermostat (Glendora)
• Alexa — Amazon Echo devices via alexa_devices integration
• Shelly — 2× Shelly 1PM Gen4 (local Wi-Fi)
• Govee — 4× Govee lights (local LAN API)
• TP-Link — 4× Kasa devices (cloud + LAN)
• webOS — LG OLED65C5AUA TV
• VeSync — Vital 200S air purifier
• ESPHome — Home Assistant Voice PE
• Wyoming — Whisper (STT), Piper (TTS), openWakeWord

External Hubs

• aqara-hub-m3 — Aqara Hub M3 (Matter-compatible, bridges Aqara devices)
• Aqara Camera Hub G3 — Camera + Aqara hub

Installed Add-ons

• Advanced SSH & Web Terminal
• File Editor
• HACS (Home Assistant Community Store)
• ESPHome
• Whisper (STT)
• Piper (TTS)
• openWakeWord
• go2rtc

Automations & Voice

• Voice Pipeline: openWakeWord → Whisper (STT) → HA Assist → Piper (TTS)
• Voice Hardware: Home Assistant Voice PE (ESPHome)
• iBeacon Tracker: BLE presence detection

Storage

• TrueNAS mount: Configured via Home Assistant Mount integration for backups/media

Relationships

• Managed by ubuntu and grizzley Traefik via reverse proxy
• Integrates with aqara-hub-m3 for Aqara device bridging
• Uses home-assistant-connect-zbt-2 as Zigbee/Thread coordinator
• Connects to ubuntu mounted storage via NFS
• Part of the matter-multi-fabric architecture

Troubleshooting

• SSH access: Must use password auth until grizzley key is added to SSH add-on config
• VLAN 50 IP unreachable: The .50.196 address doesn't respond to ping. Only .30.196 works. Check if VLAN trunk is properly configured on the switch port.
• HA CLI: ha commands require supervisor token — accessible only from within HAOS supervisor context, not from SSH add-on shell without proper auth