HomelabDesignV5/current-hardware.md

# Current Hardware — baobab.band Homelab

A snapshot of physical and virtual hardware in operation as of April 2026. Purpose: inform design decisions for V5 by documenting what exists and has been proven in service.

---

## Network Infrastructure

| Device | Role | IP | Notes |
|---|---|---|---|
| simba | OPNsense firewall/router | 10.20.10.1 | SSH on port 7576 |
| punda | Managed switch | 10.20.1.2 | SNMP-monitored |
| tai1 | TP-Link EAP610 v3 AP | 10.20.1.4 | Floor 3, SNMP-monitored |
| tai2 | TP-Link EAP610 v2 AP | 10.20.1.5 | Floor 2, SNMP-monitored |

**Subnets in use:**
- `10.20.10.0/24` — main LAN (servers + laptops)
- `10.20.1.0/24` — IoT / network equipment VLAN
- `10.20.2.0/24` — management VLAN
- `10.20.30.0/24` — home automation VLAN
- `10.8.0.0/24` — WireGuard VPN tunnel

---

## Home Servers

### fisi — 10.20.10.17
Primary application server. Runs almost all containerised services.

- **CPU/GPU:** Intel with integrated GPU (Quick Sync capable; render device `/dev/dri/renderD128`)
- **Storage:**
  - OS NVMe: `/dev/nvme0n1`
  - Data NVMe: `/dev/nvme1n1`, ext4 (label `nvme0n1-data`, 1% reserved, TRIM enabled), mounted at `/mnt/nvme0n1`
- **NFS client:** mounts `/storage/baobab_media` from papa at `/mnt/nfs/papa_media`
- **Public IP:** 91.226.145.80 (behind Cloudflare DNS)

### tembo — 10.20.10.10
Monitoring stack and family kiosk display.

- **CPU/GPU:** Intel with UHD Graphics 630 (Quick Sync capable; render device `/dev/dri/renderD128`)
- **Storage:**
  - Data drive: `/dev/sda1`, ext4 (label `sda1-data`, `noatime`), mounted at `/mnt/sda1`

### papa — 10.20.10.11
Pure NAS. No containers beyond monitoring agent.

- **Storage:**
  - 2× Seagate 8TB HDD (ST8000DM004) in ZFS mirror
    - `ata-ST8000DM004-2U9188_WSC2JY19`
    - `ata-ST8000DM004-2U9188_ZR160G0K`
    - Pool properties: `ashift=12` (4K sectors), `autoexpand=on`, `compression=lz4`, `atime=off`
    - Mounted at `/storage`
  - 1× WD 1TB HDD (WD10EARS, `WD-WCAZA9240348`), ext4, mounted at `/mnt/data`

### kobe — 10.20.10.23
Dedicated backup target.

- **Storage:**
  - 2× drives (`/dev/sdb`, `/dev/sdc`) in ZFS mirror
    - Pool properties: `ashift=12`, `autoexpand=on`, `compression=lz4`, `atime=off`
    - Mounted at `/backup`

---

## Raspberry Pis

| Host | IP | Role |
|---|---|---|
| kuku | 10.20.10.118 | WireGuard VPN gateway (also 10.8.0.1) |
| faru | 10.20.2.2 | Management VLAN node, monitoring agent |

Both run Debian and are Ansible-managed. kuku requires `NET_ADMIN` cap for WireGuard metrics.

---

## Home Automation

### twiga — 10.20.30.2
Home Assistant OS instance on the home automation VLAN. Accessed via SSH on port 7576. Ansible manages automation config (not the OS itself) via a dedicated `haos_hosts` play.

---

## VPS Hosts

| Host | Public IP | Provider |
|---|---|---|
| baobab.band | 135.181.111.135 | Hetzner |
| makerfloss | 88.99.32.236 | (unknown) |
| rullebiler.dk | 91.226.145.80 (same as fisi) | Reverse-proxied through fisi |

All VPS hosts connect back to the homelab via WireGuard (kuku as hub). baobab.band and rullebiler.dk have Borg backup to papa over the tunnel. makerfloss is isolated — no WireGuard tunnel, no backup currently.

---

## Laptops

All run Debian + XFCE. All have Borg backup clients and WireGuard VPN clients (except mbuzi which has no WireGuard config).

| Host | IP | Primary users | Notes |
|---|---|---|---|
| paka | 10.20.10.20 | sjat, kine | HiDPI display (144 DPI), Chinese input (fcitx5 Pinyin) |
| mamba | 10.20.10.50 | sjat, sarah, kine, ash | Shared family machine |
| swala | 10.20.10.108 | ash | |
| mbuzi | — | sarah | No WireGuard config in Ansible |

---

## Summary: Storage Approach

| Location | Type | Capacity | Purpose |
|---|---|---|---|
| fisi NVMe data | ext4 | — | Container data (config, databases, PhotoPrism, Nextcloud, Forgejo) |
| papa ZFS mirror | ZFS | 8 TB | Media library, NFS export to fisi, Borg backup target |
| papa WD 1TB | ext4 | 1 TB | General data, cloud-sync staging |
| tembo sda1 | ext4 | — | Container data on tembo (PhotoPrism copy) |
| kobe ZFS mirror | ZFS | — | rsnapshot backup target |
| pCloud | Cloud | — | Off-site sync for 4 family members (via rclone on papa) |
-												Add current hardware and software inventory reports

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-30 08:55:16 +02:00
+								# Current Hardware — baobab.band Homelab
 								A snapshot of physical and virtual hardware in operation as of April 2026. Purpose: inform design decisions for V5 by documenting what exists and has been proven in service.
 								---
 								## Network Infrastructure
 								| Device | Role | IP | Notes |
 								|---|---|---|---|
 								| simba | OPNsense firewall/router | 10.20.10.1 | SSH on port 7576 |
 								| punda | Managed switch | 10.20.1.2 | SNMP-monitored |
 								| tai1 | TP-Link EAP610 v3 AP | 10.20.1.4 | Floor 3, SNMP-monitored |
 								| tai2 | TP-Link EAP610 v2 AP | 10.20.1.5 | Floor 2, SNMP-monitored |
 								**Subnets in use:**
 								- `10.20.10.0/24` — main LAN (servers + laptops)
 								- `10.20.1.0/24` — IoT / network equipment VLAN
 								- `10.20.2.0/24` — management VLAN
 								- `10.20.30.0/24` — home automation VLAN
 								- `10.8.0.0/24` — WireGuard VPN tunnel
 								---
 								## Home Servers
 								### fisi — 10.20.10.17
 								Primary application server. Runs almost all containerised services.
 								- **CPU/GPU:** Intel with integrated GPU (Quick Sync capable; render device `/dev/dri/renderD128`)
 								- **Storage:**
 								  - OS NVMe: `/dev/nvme0n1`
 								  - Data NVMe: `/dev/nvme1n1`, ext4 (label `nvme0n1-data`, 1% reserved, TRIM enabled), mounted at `/mnt/nvme0n1`
 								- **NFS client:** mounts `/storage/baobab_media` from papa at `/mnt/nfs/papa_media`
 								- **Public IP:** 91.226.145.80 (behind Cloudflare DNS)
 								### tembo — 10.20.10.10
 								Monitoring stack and family kiosk display.
 								- **CPU/GPU:** Intel with UHD Graphics 630 (Quick Sync capable; render device `/dev/dri/renderD128`)
 								- **Storage:**
 								  - Data drive: `/dev/sda1`, ext4 (label `sda1-data`, `noatime`), mounted at `/mnt/sda1`
 								### papa — 10.20.10.11
 								Pure NAS. No containers beyond monitoring agent.
 								- **Storage:**
 								  - 2× Seagate 8TB HDD (ST8000DM004) in ZFS mirror
 								    - `ata-ST8000DM004-2U9188_WSC2JY19`
 								    - `ata-ST8000DM004-2U9188_ZR160G0K`
 								    - Pool properties: `ashift=12` (4K sectors), `autoexpand=on`, `compression=lz4`, `atime=off`
 								    - Mounted at `/storage`
 								  - 1× WD 1TB HDD (WD10EARS, `WD-WCAZA9240348`), ext4, mounted at `/mnt/data`
 								### kobe — 10.20.10.23
 								Dedicated backup target.
 								- **Storage:**
 								  - 2× drives (`/dev/sdb`, `/dev/sdc`) in ZFS mirror
 								    - Pool properties: `ashift=12`, `autoexpand=on`, `compression=lz4`, `atime=off`
 								    - Mounted at `/backup`
 								---
 								## Raspberry Pis
 								| Host | IP | Role |
 								|---|---|---|
 								| kuku | 10.20.10.118 | WireGuard VPN gateway (also 10.8.0.1) |
 								| faru | 10.20.2.2 | Management VLAN node, monitoring agent |
 								Both run Debian and are Ansible-managed. kuku requires `NET_ADMIN` cap for WireGuard metrics.
 								---
 								## Home Automation
 								### twiga — 10.20.30.2
 								Home Assistant OS instance on the home automation VLAN. Accessed via SSH on port 7576. Ansible manages automation config (not the OS itself) via a dedicated `haos_hosts` play.
 								---
 								## VPS Hosts
 								| Host | Public IP | Provider |
 								|---|---|---|
 								| baobab.band | 135.181.111.135 | Hetzner |
 								| makerfloss | 88.99.32.236 | (unknown) |
 								| rullebiler.dk | 91.226.145.80 (same as fisi) | Reverse-proxied through fisi |
 								All VPS hosts connect back to the homelab via WireGuard (kuku as hub). baobab.band and rullebiler.dk have Borg backup to papa over the tunnel. makerfloss is isolated — no WireGuard tunnel, no backup currently.
 								---
 								## Laptops
 								All run Debian + XFCE. All have Borg backup clients and WireGuard VPN clients (except mbuzi which has no WireGuard config).
 								| Host | IP | Primary users | Notes |
 								|---|---|---|---|
 								| paka | 10.20.10.20 | sjat, kine | HiDPI display (144 DPI), Chinese input (fcitx5 Pinyin) |
 								| mamba | 10.20.10.50 | sjat, sarah, kine, ash | Shared family machine |
 								| swala | 10.20.10.108 | ash | |
 								| mbuzi | — | sarah | No WireGuard config in Ansible |
 								---
 								## Summary: Storage Approach
 								| Location | Type | Capacity | Purpose |
 								|---|---|---|---|
 								| fisi NVMe data | ext4 | — | Container data (config, databases, PhotoPrism, Nextcloud, Forgejo) |
 								| papa ZFS mirror | ZFS | 8 TB | Media library, NFS export to fisi, Borg backup target |
 								| papa WD 1TB | ext4 | 1 TB | General data, cloud-sync staging |
 								| tembo sda1 | ext4 | — | Container data on tembo (PhotoPrism copy) |
 								| kobe ZFS mirror | ZFS | — | rsnapshot backup target |
 								| pCloud | Cloud | — | Off-site sync for 4 family members (via rclone on papa) |