boma/docs/hardware/reference.md
sjat 349d10d65c docs: record ubongo physical build (2026-06-11)
Move ubongo to 'Built (partial)' in STATUS; fill real M70q hardware specs
(i3-10100T, 16 GB, 256 GB SanDisk X600 SATA, no disk encryption). Record in
ADR-015 the dedicated claude AI-worker identity, LAN-SSH-only operational
reality, and the no-encryption decision; close the rbw offline-cache
recovery-verification item (ADR-015 + rotate-secrets). Add accepted-risk R5
(control-node disk unencrypted at rest) with its compensating controls.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 10:32:26 +02:00

3.6 KiB
Raw Permalink Blame History

Hardware reference — boma

Hand-maintained source of truth for physical compute + network gear and workload placement intent. The two machine-readable tables (Node capacity, Workload placement) are parsed by scripts/capacity-scan.py — keep their headers intact. Evaluated by /capacity-review. See ADR-012.

Status: skeleton. Replace example rows with real hardware once the cluster is stood up (STATUS.md tracks real-vs-planned).

1. Physical compute

pve0

  • Model / form factor: TBD (e.g. Minisforum MS-01, mini-PC)
  • CPU: TBD (e.g. i9-13900H, 14C/20T)
  • RAM: _TBD total; max _; free DIMM slots _
  • Storage: TBD (disks → pools, e.g. 2× 2 TB NVMe → local-zfs)
  • NICs: eno1 trunk (vmbr0), eno2 corosync (vmbr1)
  • Notes: warranty, quirks

ubongo (control node — outside the cluster)

  • Model / form factor: Lenovo ThinkCentre M70q Tiny (machine type 11DUS7XP00); 1-litre tiny/USFF
  • CPU: Intel Core i3-10100T — 4 cores / 8 threads, 35 W TDP
  • RAM: 16 GB DDR4-3200 (2×8 GB SODIMM)
  • Storage: 256 GB SanDisk X600 SATA 2.5" SSD (model SD9TB8W256G1001; TCG Opal-capable, Opal unused — no disk encryption)
  • NICs: wired GbE, interface eno1, MAC 88:a4:c2:e0:ee:da
  • BIOS: Lenovo M2WKT5AA (2023-06-20)
  • Notes: always-on; control plane + AI-worker (dedicated claude user) + local test runner (Molecule/Docker) per ADR-015; not a Proxmox guest; remote access currently LAN SSH only (mesh deferred)

fisi (backup node — outside the cluster; provisional)

  • Model / form factor: HP Elite 600 G9 (tower)
  • CPU: i-series (12th-gen), x86-64 — featherweight for a data-only restic node
  • RAM: 16 GB+ (TBD exact)
  • Storage: OS NVMe + 2× 8 TB HDD in a mirror (ZFS/mdraid → 8 TB usable, survives one disk)
  • NICs: wired GbE
  • Notes: off-cluster pull backup node (ADR-022); owns the restic repo, runs rclone→pCloud, docks the rotated USB air-gap drives. Pending: SATA power cable to the HDDs. Crown-jewel host → full base hardening. Assignment provisional (revisit when all hardware on hand).

(repeat for pve1, pve2, askari)

2. Network gear

device model ports poe throughput uplinks notes
opnsense TBD TBD n/a TBD WAN+LAN dedicated hardware
switch TBD TBD TBD TBD trunk managed, 802.1q
ap1 TBD TBD TBD TBD trunk multi-SSID per VLAN

3. Workload placement & intent

The numeric columns (cores, ram_mb, disk_gb) feed capacity-scan.py; the free-text columns feed /capacity-review's judgement.

workload node cores ram_mb disk_gb criticality ha_intent profile constraints growth
dns1 pve0 1 512 10 high pair/dns2 tiny/steady anti-affinity: dns2 on a different node flat
dns2 pve1 1 512 10 high pair/dns1 tiny/steady anti-affinity: dns1 on a different node flat

4. Node capacity (machine-readable)

Physical totals per node. Integers; ram_gb and disk_gb may be decimals.

node cores ram_gb disk_gb
pve0 20 64 4000
pve1 20 64 4000
ubongo 4 16 250
fisi 4 16 8000

5. Capacity notes

Free-text running notes for the evaluator (trends, planned moves, upgrade ideas).