Network & Homelab Reference
Last modified: 2026-04-01 07:35 AM MT
Homelab Quick Reference
Full Documentation: C:\oc\infrastructure\homelab
Last Updated: 2026-03-31 (CL-187: luctrus.com public domain + Pangolin tunnel stack live)
Network Overview
| Item | Value |
|---|---|
| Network | 10.160.0.0/24 |
| Gateway | FR201 Router (fr201.lcl) |
| DNS/DHCP | AdGuard Home on FR201 |
| WiFi AP | Calix Bridge (10.160.0.2) |
Key Servers
| Device | IP | Services | Status |
|---|---|---|---|
| K410 | k410.lcl | GitLab EE (5005), Pangolin, Traefik, Gerbil, K410 Dashboard v2 (8888), Prometheus+cAdvisor+NodeExporter | Active |
| UbuntuServer1 | ubuntuserver1.lcl | GitLab migrated to K410 | Active |
Workstations
| Device | IP | Notes |
|---|---|---|
| XPS8950 | nathan-xps8950.lcl | Primary workstation (wired) |
| NateG7 | nateg7.lcl | Mini PC (WiFi) |
| NateSurface | natesurface.lcl | Surface tablet (WiFi) |
| SamsungS24 | 10.160.0.23 | Mobile (WiFi) |
| NateMSS1 (Win) | natemss1.lcl | MS-S1 MAX AI Workstation - Windows boot |
| NateMSS1 (Ubuntu) | natemss1-ubuntu.lcl | MS-S1 MAX AI Workstation - Ubuntu boot |
Services Used by cl-workspace
| Service | URL | Host |
|---|---|---|
| GitLab EE | http://gitlab.lcl:5005 | K410 (k410.lcl) |
| GitLab SSH | ssh://git@k410.lcl:2222 | K410 (k410.lcl) |
| Container Registry | http://k410.lcl:5050 | K410 (k410.lcl) |
| Llama Server | http://natemss1-ubuntu.lcl:8081 | NateMSS1 Ubuntu (natemss1-ubuntu.lcl) |
| AdGuard Home | http://fr201.lcl:3000 | FR201 Router |
MSS1 LLM Server (NateMSS1 Ubuntu)
Hardware: MSI MS-S1 MAX AI Workstation, AMD Ryzen AI Max+ 395, 128GB unified memory
| Setting | Value |
|---|---|
| BIOS UMA Frame Buffer Size | 96 GB (increased from AMD default ~21 GB) |
| Vulkan Heap (total) | 111.24 GB (15.24 GB local + 96 GB host-visible) |
| Vulkan Heap (free at startup) | ~108 GB |
| GPU Driver | AMDVLK (not Mesa RADV) |
| GPU Layers | 89/89 (full offload) |
| Throughput (Qwen 2.5 32B Q4_K_M) | 2.97 t/s |
| Previous (RADV, 70-layer cap) | 2.36 t/s |
| Improvement | +26% |
| Service | systemd llama-server.service |
| ExecStartPre | Cache drop (sync && sysctl -w vm.drop_caches=3) |
WiFi Networks
| SSID | Purpose | Network |
|---|---|---|
| ForestFortressSecure | Primary WiFi | 10.160.0.0/24 |
| ForestFortressIOT | IoT devices | 10.160.0.0/24 |
| ForestFortressGuest | Guest (isolated) | 192.168.12.x |
IP Allocation Ranges
| Range | Purpose |
|---|---|
| 10.160.0.1-9 | Infrastructure (router, APs) |
| 10.160.0.10-19 | Servers |
| 10.160.0.20-29 | Workstations |
| 10.160.0.30-69 | IoT devices |
| 10.160.0.70-99 | Special purpose (printers, cameras, NAS) |
| 10.160.0.100-249 | DHCP dynamic pool |
SSH Access
All homelab machines share a passwordless SSH mesh — any machine can SSH into any other without a password prompt.
From XPS8950 (and all other machines), use short aliases:
ssh k410 # K410 server
ssh natemss1-ubuntu # NateMSS1 Ubuntu boot
ssh natemss1 # NateMSS1 Windows boot (when active)
ssh nateg7 # NateG7 mini PC
ssh natesurface # Surface tablet
ssh ubuntuserver1 # UbuntuServer1
ssh fr201 # FR201 router (root)
SSH Mesh Setup (established 2026-03-29, issue HL-29)
| Machine | Key Label | Key Fingerprint |
|---|---|---|
| XPS8950 | natea@Nathan-XPS8950 |
SHA256:...XoTD |
| NateSurface | natea@NateSurface |
SHA256:hcRMn6Bz...3Ts |
| NateG7 | natea@cl-workspace |
SHA256:...Ygk |
| K410 | natea@k410 |
SHA256:h8Y/neVWI8...T0 |
| NateMSS1 Ubuntu | natea@natemss1-ubuntu |
SHA256:D0Nw3Evb...FHA |
| UbuntuServer1 | natea@ubuntuserver1 |
SHA256:6slhwk8u...B0U |
Notes:
- Windows machines (XPS8950, NateG7, NateSurface) use C:\ProgramData\ssh\administrators_authorized_keys (admin users)
- Linux machines use ~/.ssh/authorized_keys
- UbuntuServer1 cannot resolve .lcl hostnames (netbird DNS); SSH config on that machine uses IPs
- NateMSS1 Win (natemss1.lcl, 10.160.0.24) not yet configured — add when next booted to Windows
AdGuard Home
URL: http://fr201.lcl:3000 Credentials: See password manager (AdGuard Home admin)
Provides: - DNS filtering and ad-blocking - DHCP with static reservations - Query logging
Router Management
FR201 (OpenWrt 23.05.5)
- LuCI Web UI: http://fr201.lcl
- SSH: ssh root@fr201.lcl
Public Domain (luctrus.com)
Established: 2026-03-31 (CL-187)
| Item | Value |
|---|---|
| Domain | luctrus.com |
| Registrar | Porkbun (API keys: LUCT_PORKBUN_KEY / LUCT_PORKBUN_S env vars) |
| Public IP | 206.124.10.240 (FR201 WAN) |
| DNS | Porkbun — A records: luctrus.com + *.luctrus.com -> 206.124.10.240 |
| TLS | Let's Encrypt via Traefik ACME (HTTP challenge, auto-renew) |
| Stack | Pangolin (self-hosted tunnel) on K410 — /opt/pangolin/ |
| Dashboard | https://dashboard.luctrus.com |
| Admin | admin@luctrus.com |
| Org | Luctrus |
Pangolin Stack (K410)
| Container | Purpose | Ports |
|---|---|---|
| pangolin | Control plane (Next.js + API) | 3000 (API), 3002 (frontend), internal only |
| gerbil | WireGuard tunnel manager | host 51821 -> container 51820/udp |
| traefik | Reverse proxy + TLS termination | 80, 443 (forwarded from FR201) |
Config files: /opt/pangolin/config/
- config.yml — domain, cors, flags
- traefik/traefik_config.yml — ACME email, provider URL (http://172.18.0.3:3000)
- traefik/dynamic_config.yml — manual routes for dashboard.luctrus.com
Port forwarding on FR201: - TCP 80 -> K410:80 (HTTP / ACME challenge) - TCP 443 -> K410:443 (HTTPS) - UDP 51821 -> K410:51821 (Gerbil WireGuard — NOTE: remapped from 51820 to avoid NetBird conflict)
Architecture:
Internet -> FR201 (206.124.10.240) -> K410 Gerbil (WireGuard) -> Newt (ubuntuserver1) -> nginx -> app
NetBird coexistence: NetBird holds port 51820 (wt0 interface). Gerbil uses 51821 on host. They do not conflict.
Pending (AS-115): Configure resource routes for homelab services (TRE dashboard first).
Related Files
- Full homelab docs:
C:\oc\infrastructure\homelab - Network Topology:
C:\oc\infrastructure\homelab\docs\network_topology.md - IP Schema:
C:\oc\infrastructure\homelab\docs\ip_schema.md - Port Registry:
C:\cl\Governance\PortRegistry.json - GitLab README:
C:\cl\Infrastructure\GitLab\README.md