INFRASTRUCTURE
Network overview and system architecture • Core Documentation
Infrastructure Reference
Last updated: 2026-02-28
Database connections: See DATABASES.md
DNS management: AdGuard Home at http://adguard.lan (#dns_rewrites)
Credentials: ~/.credentials (per-host passwords), project-level in each repo's private/credentials
---
Network Overview
Two subnets on the domestic LAN, each served by a dedicated Proxmox host:
| Subnet | Gateway | Proxmox Host | Purpose |
| --- | --- | --- | --- |
| 192.168.1.0/24 | 192.168.1.1 | titan.lan (.1.22) | Legacy VMs/CTs, NAS, DNS, network services |
| 192.168.2.0/24 | 192.168.2.1 | phoebe.lan (.2.16) | Primary workloads, LLM, production VMs |
DNS for *.lan is managed by AdGuard Home on ca-server (192.168.1.97).
---
IP Allocation Scheme
192.168.2.0/24 (phoebe.lan)
| Range | Category | Current Assignments |
| --- | --- | --- |
| .1 | Gateway | Router |
| .10-.19 | Physical hosts / bare metal | delphi.lan=.15, phoebe.lan=.16 |
| .20-.29 | (reserved) | iris1.lan=.21 |
| .30-.39 | Production VMs | naiad01.lan=.31, orcus.lan=.32 |
| .40-.49 | LLM / AI services | ollama-phoebe.lan=.40, janus01.lan=.41 |
| .50-.59 | Dev / test | cursor-demo.lan=.50, zeno.lan=.51, dev.lan=.52 |
| .60-.69 | Infrastructure services | torrent-search.lan=.60 |
| .70-.79 | (free) | |
| .80-.89 | Databases | merlin-db.phoebe.lan=.81, surrealdb01.lan=.80 — see DATABASES.md |
| .90-.99 | (free) |
192.168.1.0/24 (titan.lan)
| Range | Category | Current Assignments |
| --- | --- | --- |
| .1 | Gateway | Router |
| .9-.14 | Jason CTs (dev/test containers) | energystats=.9, sybil=.10, merlin01=.11, jason04=.12, jason05=.13, jason06=.14 |
| .17 | End-user machines | paris.lan (Windows 11) |
| .19 | VPN containers | vpn-fetch.lan |
| .20-.23 | Proxmox hosts + misc VMs | ovid=.20, juno=.21, titan=.22, hyperion=.23 |
| .40-.44 | LLM / AI | ollama-titan.lan=.40, delphi01=.43, delphi-dt-12=.44 |
| .50-.54 | Web / app VMs | zeus01=.50, zeus01-dev=.51, pindar=.52, neon=.53, argon=.54 |
| .70-.71 | File services | hephaestus=.70, nextcloud-test=.71 |
| .80 | Databases | resolve-pg14.lan |
| .96-.99 | Network infrastructure | lucerna/pi-hole=.96, adguard/ca-server=.97, pharos=.99 |
| .200-.202 | NAS / storage | ds916=.200, ds1571=.201, atrium=.202 |
Rule
Before assigning a new static IP, always:
ip neigh show | grep "192.168.X\."---
Physical Hosts
| Hostname | IP | Hardware | OS | Purpose |
| --- | --- | --- | --- | --- |
| phoebe.lan | 192.168.2.16 | AMD desktop, RTX 3060 (12GB) | Proxmox VE 8.2 | Primary hypervisor |
| titan.lan | 192.168.1.22 | Server | Proxmox VE 7.1 | Secondary hypervisor |
| delphi.lan | 192.168.2.15 | 2x RTX 3090 (48GB VRAM) | Ubuntu (bare metal) | LLM inference, SearXNG |
| atrium.lan | 192.168.1.202 | Synology DS916+ | DSM | NAS (~35TB), CIFS shares |
| ds1571 | 192.168.1.201 | Synology DS1571 | DSM | NAS (Textz archive) |
| paris.lan | 192.168.1.17 | Desktop | Windows 11 | End-user workstation |
---
Proxmox Inventory: phoebe.lan
Virtual Machines
| VMID | Name | IP | Status | RAM | Cores | Purpose |
| --- | --- | --- | --- | --- | --- | --- |
| 232 | orcus | 192.168.2.32 | running | 16 GB | 6 | Main dev workstation VM (Ubuntu 22.04). Hosts all web apps via Apache. |
| 252 | dev.lan | 192.168.2.52 | running | 48 GB | 4 | Development/staging server |
| 400 | ollama-phoebe | 192.168.2.40 | running | 8 GB | 4 | Ollama LLM (RTX 3060 passthrough) |
| 231 | naiad01-u24DT | 192.168.2.31 | stopped | 32 GB | 6 | Web dev VM (Ubuntu 24.04 desktop) |
| 233 | orcus-clone | -- | stopped | 16 GB | 6 | Backup clone of orcus |
| 100 | u22-DT-LVM | -- | stopped | 32 GB | 8 | Template/test (Ubuntu 22.04 desktop, LVM) |
| 101 | u22-DT-ZFS | -- | stopped | 8 GB | 6 | Template/test (Ubuntu 22.04 desktop, ZFS) |
| 102 | zeno-ZFS | 192.168.2.51 | stopped | 24 GB | 6 | Dev VM |
| 103 | zeno-LVM | -- | stopped | 32 GB | 8 | Dev VM (LVM variant) |
| 104 | zeno-test | -- | stopped | 32 GB | 8 | Test VM |
LXC Containers
| CTID | Name | IP | Status | RAM | Cores | Purpose |
| --- | --- | --- | --- | --- | --- | --- |
| 300 | vpn-fetch | 192.168.1.19 (DHCP) | running | 512 MB | 2 | Alpine Linux. PIA WireGuard VPN + transmission-daemon for torrent downloads. |
| 301 | cursor-demo | 192.168.2.50 | stopped | 1 GB | 2 | Ubuntu 22.04. Cursor demo environment. |
| 302 | torrent-search | 192.168.2.60 | running | 2 GB | 2 | Ubuntu 22.04. Docker: Jackett + FlareSolverr for 1337x torrent search. PIA VPN. |
| 303 | merlin-db (legacy) | 192.168.2.81 | stopped | 2 GB | 2 | Ubuntu 22.04 + PostgreSQL 14. Kept for rollback safety. |
| 304 | merlin-db | 192.168.2.81 | running | 2 GB | 2 | Ubuntu 22.04 + PostgreSQL 16. Production database for Merlin. Migrated from 303 (2026-02-28). Apache: http://merlin-db.phoebe.lan/ — local info page with connection details. |
Storage
| Name | Type | Total | Used | Available |
| --- | --- | --- | --- | --- |
| local | dir | 6.6 GB | 10 MB | 6.5 GB |
| local-zfs | zfspool | 7.2 GB | 656 MB | 6.5 GB |
| atrium-images | cifs | 34.9 TB | 11.5 TB | 23.4 TB |
---
Proxmox Inventory: titan.lan
Virtual Machines (active)
| VMID | Name | IP | Status | RAM | Cores | Purpose |
| --- | --- | --- | --- | --- | --- | --- |
| 102 | merlin01 | 192.168.1.11 | running | 4 GB | -- | Merlin agent / STT |
| 120 | zeus01 | 192.168.1.50 | running | 8 GB | -- | Zeus web app (production) |
| 121 | zeus01-dev | 192.168.1.51 | running | 8 GB | -- | Zeus web app (dev) |
| 400 | ollama-titan | 192.168.1.40 | running | 8 GB | -- | Ollama LLM (RTX 3060 passthrough) |
| 851 | j-u23s-01 | -- | running | 8 GB | -- | Julian's Ubuntu 23 server |
| 896 | lucerna | 192.168.1.96 | running | 4 GB | -- | Pi-hole / monitoring |
Virtual Machines (stopped -- templates, legacy, test)
| VMID | Name | Notes |
| --- | --- | --- |
| 100 | ubuntu20-template | Template |
| 101 | chronos00-clone01 | Legacy |
| 104 | u24.04-LTS | Template |
| 110 | athena01 | Auth service (stopped) |
| 210, 211 | jason210, jason211 | Test VMs |
| 220, 221 | iris0, iris1-u22-DT | ML/AI VMs (stopped) |
| 230, 231 | naiad-00, naiad01 | Web dev VMs (stopped, migrated to phoebe) |
| 701 | nextcloudtest | Test |
| 800 | surrealdb | Database VM (stopped) |
| 841 | janus01 | Messaging service (stopped) |
| 850, 860, 870 | Templates | Julian's Ubuntu/MX templates |
| 861 | j-u23d-01 | Julian's Ubuntu 23 desktop (stopped) |
| 990 | hephaestus | High-RAM compute (65 GB, stopped) |
| 995 | pve-test-ip72 | Network test |
LXC Containers
| CTID | Name | IP | Status | RAM | Purpose |
| --- | --- | --- | --- | --- | --- |
| 880 | resolve-pg14 | 192.168.1.80 | running | 2 GB | PostgreSQL 14 |
| 897 | ca-server | 192.168.1.97 | running | 512 MB | AdGuard Home DNS + certificate authority |
| 981 | jason04 | 192.168.1.12 | running | 6 GB | Dev container |
| 982 | jason05 | 192.168.1.13 | running | 6 GB | Dev container (on 2.x subnet in DNS: 192.168.2.13) |
| 986 | jason02 | 192.168.1.9 | running | 6 GB | Dev container |
| 988 | jason03 | 192.168.1.10 | running | 6 GB | Dev container |
| 989 | jason06 | 192.168.1.14 | running | 6 GB | Dev container (FastAPI, Matomo, energy charts) |
| 890 | pharos01 | 192.168.1.99 | stopped | 1 GB | Network monitoring (stopped) |
| 980 | jason-template | 192.168.1.12 | stopped | 6 GB | Template |
| 985 | jason01-defunct | 192.168.1.9 | stopped | 6 GB | Defunct |
| 987 | jason03-defunct | 192.168.1.10 | stopped | 6 GB | Defunct |
---
External Servers
| Name | IP | Provider | Purpose |
| --- | --- | --- | --- |
| du1 | 161.35.36.240 | DigitalOcean | Production hosting (philanthropy-planner, concerts.freebyrd.live) |
| du2 | 142.93.45.250 | DigitalOcean | Dev/staging (dev.philoenic.com, dev.sso.merlin-ai.com) |
SSH access: ssh jd@161.35.36.240, ssh jd@142.93.45.250
---
Key Services & Ports
On orcus.lan (192.168.2.32)
| Service | Port | URL | Notes |
| --- | --- | --- | --- |
| Apache (web apps) | 443 | https://orcus.lan | Hosts ~15 vhosts (media-manager, zap, philoenic, prospecta, etc.) |
| LLM Gateway | 443 | https://llm.orcus.lan | Apache reverse proxy to Ollama servers |
| PostgreSQL 17 | 5432 | -- | zap database, zap-projects |
| Centrifugo | 25001 | ws://orcus.lan:25001 | WebSocket server for real-time updates |
LLM Servers
| Host | Port | GPU | Models |
| --- | --- | --- | --- |
| delphi.lan | 11434 | 2x RTX 3090 (48 GB) | Large models (qwen3:30b, etc.) |
| ollama-phoebe.lan | 11434 | RTX 3060 (12 GB) | qwen3:8b (~63 tok/s) |
| ollama-titan.lan | 11434 | RTX 3060 (12 GB) | llama3.1:8b (~67 tok/s) |
Search & Torrents
| Service | Host | Port | Purpose |
| --- | --- | --- | --- |
| SearXNG | delphi.lan | 8888 | Federated web + torrent search |
| Jackett | torrent-search.lan | 9117 | Torrent indexer proxy (1337x via FlareSolverr) |
| FlareSolverr | torrent-search.lan | 8191 | Cloudflare bypass for Jackett |
| Transmission | vpn-fetch.lan | 9091 | BitTorrent client behind PIA VPN |
DNS & Network
| Service | Host | Port | Purpose |
| --- | --- | --- | --- |
| AdGuard Home | ca-server (192.168.1.97) | 80 | DNS server for *.lan, rewrite rules |
| Pi-hole | lucerna (192.168.1.96) | 80 | Secondary DNS / monitoring |
---
Storage (NAS Mounts on orcus.lan)
| Mount Point | Remote Share | Purpose |
| --- | --- | --- |
/mnt/atrium-shared | //atrium.lan/SHARED | Main shared storage |
/mnt/atrium-data | //atrium.lan/DATA | Data archive |
/mnt/media-downloader | //atrium.lan/SHARED/MOVIES-TV-AUDIO/MOVIES (in English) | Downloaded films (A-Z subfolders) |
/mnt/merlin-backups | //atrium.lan/JULIAN/backups-orcus | Database backups (7 daily + 4 weekly + 3 monthly) |
/mnt/nas/zap-recordings | //atrium.lan/DATA/zap-orcus | Zap recordings |
/mnt/atrium-celine | //atrium.lan/CELINE | Celine's share |
/mnt/ds1571-textz | //192.168.1.201/Textz | DS1571 text archive |
Content type paths on NAS:
| Type | Path | SMB Path |
| --- | --- | --- |
| Films (English) | /mnt/media-downloader | \\atrium\SHARED\MOVIES-TV-AUDIO\MOVIES (in English) |
| TV | /mnt/atrium-shared/MOVIES-TV-AUDIO/TV | \\atrium\SHARED\MOVIES-TV-AUDIO\TV |
| Documentaries | /mnt/atrium-shared/MOVIES-TV-AUDIO/DOCUMENTARIES | \\atrium\SHARED\MOVIES-TV-AUDIO\DOCUMENTARIES |
| Animation | /mnt/atrium-shared/MOVIES-TV-AUDIO/ANIMATION | \\atrium\SHARED\MOVIES-TV-AUDIO\ANIMATION |
| Foreign | /mnt/atrium-shared/MOVIES-TV-AUDIO/MOVIES (not in English) | \\atrium\SHARED\MOVIES-TV-AUDIO\MOVIES (not in English) |
---
VPN Configuration
vpn-fetch.lan (CT 300 on phoebe)
- OS: Alpine Linux
- VPN: PIA WireGuard (currently connected to PIA server; region varies)
- Purpose: Transmission torrent downloads routed through VPN
- PostUp route:
ip route add 192.168.0.0/16 via 192.168.1.1(LAN access preserved) - OS: Ubuntu 22.04
- VPN: PIA WireGuard (UK region preferred, auto-reconnect every 12h via cron)
- Purpose: Jackett + FlareSolverr Docker containers for 1337x torrent search
- PostUp route:
ip route add 192.168.0.0/16 via 192.168.2.1(LAN access preserved) - Reconnect script:
/usr/local/bin/pia-reconnect.sh - Cron:
0 /12 /usr/local/bin/pia-reconnect.sh >> /var/log/pia-reconnect.log 2>&1 - Docker: Jackett (port 9117) + FlareSolverr (port 8191), compose file at
/opt/torrent-search/docker-compose.yml - Jackett API key: stored in media-manager
private/credentials
torrent-search.lan (CT 302 on phoebe)
Web Apps on orcus.lan
All served via Apache with TLS (self-signed certs). Each vhost maps a subdomain to a /var/www/ directory.
| Subdomain | Project | Repo | Notes |
| --- | --- | --- | --- |
| zap.orcus.lan | Zap platform | merlinai-com/zap | Main platform: mail, calendar, projects, recordings |
| media-manager.orcus.lan | Media Manager | merlinai-com/media-manager | Film/TV discovery, torrent search & download |
| philoenic.orcus.lan | Philoenic | merlinai-com/philoenic.com | Wine events (local dev; deployed to dev.philoenic.com) |
| prospecta.orcus.lan | Prospecta | merlinai-com/prospecta | Business prospecting |
| philanthropy-planner.orcus.lan | Philanthropy Planner | merlinai-com/philanthropy-planner | CC data explorer (deployed to du1) |
| llm.orcus.lan | LLM Gateway | (part of zap) | Reverse proxy to Ollama servers |
| merlin-agent.orcus.lan | Merlin Agent | -- | Agent interface |
| status.orcus.lan | Status page | (part of zap) | System status dashboard |
---
DNS Entries (AdGuard Rewrites)
Managed at http://adguard.lan/#dns_rewrites. Grouped by IP:
192.168.1.x
| IP | Hostnames |
| --- | --- |
| .9 | energystats.lan |
| .10 | sybil.lan |
| .11 | merlin01.lan, merlin.lan, merlin-stt.lan |
| .12 | jason04, jason04.lan, whisper-v1.jason04.lan |
| .14 | jason06, jason06.lan, charts.energystats.lan, fastapi.jason06.lan, matomo.jason06.lan, test.multipage.lan, tls.jason06.lan |
| .17 | paris.lan |
| .19 | vpn-fetch.lan |
| .20 | ovid.lan, sibyl, sibyl.ovid.lan |
| .21 | juno.lan, wss.juno.lan |
| .22 | proxmox.lan, titan.lan |
| .23 | hyperion, hyperion.lan |
| .40 | ollama-titan.lan |
| .43 | delphi01, delphi01.lan |
| .44 | delphi-dt-12.lan |
| .50 | zeus01, zeus01.lan, zeus.lan, athena.zeus01.lan, energycharts.zeus01.lan, rd.merlin.lan, sso.zeus01.lan |
| .51 | zeus01-dev, zeus01-dev.lan, pindar.lan, athena.zeus01-dev.lan, energycharts.zeus01-dev.lan, jd.merlin.lan, tls.zeus01-dev.lan |
| .52 | pindar2.lan |
| .53 | neon.lan, test-fastcgi |
| .54 | argon.lan |
| .70 | hephaestus, hephaestus.lan |
| .71 | nextcloud-test.lan |
| .80 | resolve-pg14.lan |
| .96 | lucerna.lan, pi-hole.lan |
| .97 | adguard.lan, ca-server, ca-server.lan |
| .99 | pharos, pharos.lan, pharos01.lan |
| .200 | ds916 |
| .201 | ds1571 |
| .202 | atrium.lan |
192.168.2.x
| IP | Hostnames |
| --- | --- |
| .13 | jason05 |
| .15 | delphi, delphi.lan |
| .16 | phoebe, phoebe.lan |
| .21 | iris1, iris1.lan |
| .31 | naiad01, naiad01.lan, naiad.lan, + sub-vhosts (aifutures, energystats, felix-project, freebird, getzap, pdf-ops, philoenic, philoenos) |
| .32 | orcus.lan, + sub-vhosts (biz-cards, energystats-app, energystats, file-finder, llm, media-downloader, media-manager, merlin-agent, merlin, pdf-extraction, philanthropy-planner, philoenic, prospecta, status, zap-cal, zap-mail, zap) |
| .40 | ollama-phoebe.lan |
| .41 | janus01, janus01.lan, zap-msg.janus01.lan |
| .50 | cursor-demo.lan |
| .51 | zeno, zeno.lan |
| .52 | dev, dev.lan |
| .60 | torrent-search.lan |
| .80 | surrealdb01, surrealdb01.lan |
| .81 | merlin-db, merlin-db.phoebe.lan |