--- type: system name: jupiter display_name: Jupiter last_compiled: 2026-06-26 compiled_by: GURU-5070/claude-main sources: - credentials.md - .claude/memory/infra_office_network.md - 2026-06-26 plexrequest Overseerr->Seerr migration (mike) backlinks: - systems/gururmm-build - systems/pluto - systems/uranus --- # Jupiter ## Identity - **Hostname:** Jupiter - **IP:** 172.16.3.20 - **Role:** Primary Unraid NAS — virsh VM host + Docker container host for ACG infrastructure - **Location:** ACG office - **OS:** Unraid (version not documented; presumed current) - **Hardware:** Dell (iDRAC present — likely PowerEdge; exact model not documented) ## Specs Not documented. iDRAC available at 172.16.1.73 (DHCP) for OOB management. ## Services ### Docker Containers | Container | Port(s) | Notes | |---|---|---| | `npm` | 1880 (HTTP), 18443 (HTTPS), 7818 (admin) | Nginx Proxy Manager — handles all external reverse proxying | | `gitea` | 3000 (HTTP), 2222 (SSH) | Internal Gitea git server; http://172.16.3.20:3000 | | `seafile` + mysql + elasticsearch + memcached | 8082 | Seafile Pro file sync stack | | `dns-relay` | br0 `172.16.3.50`:53 | **DNS relay** — dnsmasq (`4km3/dnsmasq`) forwarding all queries to the gateway `172.16.0.1` (pfSense unbound). Stood up 2026-06-26 to revive the dead `172.16.3.50` resolver IP so every device/config hardcoded to `.50` works without being touched. `--no-resolv --no-hosts --server=172.16.0.1 --cache-size=1000`, `--restart unless-stopped`, **first in the autostart list** (DNS up before other containers). dnsmasq's default `local-service` limits answers to the `172.16.0.0/22` LAN (not an open resolver). No Unraid template (created via `docker run`). | | `Seerr` | br0 `172.16.3.31`:5055 | Plex request manager (Overseerr successor). Runs on br0 with a static IP + `--init --user 99:100`, `--restart unless-stopped`. Image `ghcr.io/seerr-team/seerr:latest`, appdata `/mnt/user/appdata/seerr`. Template `my-Seerr.xml` fixed to br0/.31 on 2026-06-26 (was `bridge` — a UI re-apply in bridge mode would break the NPM `.31` target). **Not yet in Unraid autostart list** — toggle on in the Docker tab so it survives an array stop/start. | **NPM → 443 routing:** iptables PREROUTING rule on Jupiter: `dpt:443 → 172.17.0.2:443` (NPM Docker bridge IP). Persisted in `/boot/config/go` so it survives reboots. ### Virtual Machines (virsh) | VM | IP | State | Role | |---|---|---|---| | ~~GuruRMM~~ | ~~172.16.3.30~~ | **decommissioned 2026-06-12** | Former GuruRMM VM — migrated to a physical box that took the .30 IP (2026-06-11); virsh domain destroyed + disk deleted 2026-06-12. No longer on Jupiter. | | Claude-Builder (Pluto) | 172.16.3.36 | running | Windows Server 2019 — MSI + cargo builds | | OwnCloud | 172.16.3.22 | running | OwnCloud file sync VM (cloud.acghosting.com) | | Unifi | 172.16.3.29 | running | **UOS Server** — self-hosted UniFi OS controller (~49 sites). Rocky 9; app+Mongo in rootless podman `uosserver`. Access + DB query: [[uos-server]] | | Windows 7 | — | shut off | — | | Windows Server 2016 | (none — APIPA) | running | Windows guest `ACG-DWP-X-BB`; e1000 NIC `vnet8` on br0, DHCP not leasing — see Known Issues | | Windows Server 2016_Template | — | shut off | — | ## Access - **SSH:** `ssh root@172.16.3.20` port 22 - **Password:** `op://Infrastructure/Jupiter (Unraid Primary)/password` - **Unraid Web UI:** http://172.16.3.20 (same password) - **NPM Admin:** http://172.16.3.20:7818 - **iDRAC:** https://172.16.1.73 (DHCP — IP may change) - User: `op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC User` - Password: `op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC Password` - IPMI Key: `op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.IPMI Key` - **Vault path:** `op://Infrastructure/Jupiter (Unraid Primary)/` - **SSH keys authorized:** claude-code@localadmin (ed25519), root@GuruSync (ed25519), guru@wsl (ed25519), guru@gururmm-build (ed25519) ## NPM Proxy Hosts (as of credentials.md — may be stale) | External Host | Internal Target | Notes | |---|---|---| | emby.azcomputerguru.com | 172.16.2.99:8096 | Emby media server | | git.azcomputerguru.com | 172.16.3.20:3000 | Gitea (Cloudflare-fronted — blocks direct curl; use http://172.16.3.20:3000 internally) | | rmm-api.azcomputerguru.com | 172.16.3.20:3001 | **STALE** — actual GuruRMM API is on 172.16.3.30:3001; update this in NPM admin | | unifi.azcomputerguru.com | 172.16.3.29:11443 | **UOS Server** (UniFi OS). Verified from NPM API 2026-06-15 — earlier `.28:8443` was stale. The real HTTPS port is **11443** (8443/443 are closed). See [[uos-server]]. | | sync.azcomputerguru.com | 172.16.3.20:8082 | Seafile Pro | | plexrequest.azcomputerguru.com | 172.16.3.31:5055 | **Seerr** (Plex request manager) — `Seerr` Docker container on **br0 `172.16.3.31`**, appdata `/mnt/user/appdata/seerr`. **Migrated Overseerr -> Seerr 3.2.0 on 2026-06-26** (Overseerr is being abandoned; Seerr is its successor). Cloudflare-fronted, so bare `curl` returns 403 — test with a browser UA. See Known Issues for the outage that prompted the migration. | **[ACTION REQUIRED]** Update `rmm-api.azcomputerguru.com` proxy target from `172.16.3.20:3001` → `172.16.3.30:3001` in NPM admin (http://172.16.3.20:7818). ## Gitea - **Internal URL:** http://172.16.3.20:3000 (use this for API calls and curl — git.azcomputerguru.com is Cloudflare-fronted and blocks direct curl) - **SSH clone:** `ssh://azcomputerguru@172.16.3.20:2222/azcomputerguru/repo.git` - **External URL:** https://git.azcomputerguru.com (browser only) - **API Token:** `op://Infrastructure/Gitea/API.API Token` ## Known Issues & Quirks - **[HOST-WIDE] Primary DNS `172.16.3.50` is DEAD but still Jupiter's first resolver (found 2026-06-26):** `/etc/resolv.conf` (generated by `rc.inet1` from Unraid network settings) lists `nameserver 172.16.3.50` first, then `8.8.8.8`, `1.1.1.1`. `172.16.3.50` is **down** (100% ping loss, host-unreachable, `:53` times out ~5s). Result: **every cache-miss DNS lookup on the host AND in every container that forwards to the host eats a ~5s timeout** before falling back to 8.8.8.8 — slows all DNS-heavy containers (Seerr was the worst-hit). Per-container workaround applied to Seerr (`--dns 1.1.1.1 8.8.8.8`). **FIXED 2026-06-26 via a DNS relay:** stood up the `dns-relay` container (dnsmasq on br0 `172.16.3.50`, see Docker table) forwarding to `172.16.0.1` — `.50` now answers again (0.3s cold / 0.04s cached, verified from a LAN client), so every device/config hardcoded to `.50` works without being repointed. **Caveat — Jupiter's OWN host DNS:** the host's `/etc/resolv.conf` still lists `.50` first, but **ipvlan blocks a host from reaching its own br0 container**, so the host itself can't use the relay and still eats the ~5s fallback for its own lookups. To fix the host specifically, set its DNS1 to `172.16.0.1` directly in Unraid **Settings -> Network Settings** (`/boot/config/network.cfg` `DNS_SERVER1`). LAN clients and other-host devices are unaffected by this caveat — only Jupiter-the-host. - **iptables PREROUTING for port 443** persists via `/boot/config/go` — if NPM routing breaks after a reboot, check this file first. - **iDRAC IP is DHCP** (172.16.1.73) — may drift. Verify before relying on it for OOB access. - **guruRMM API proxy stale** — see NPM table above. Fix before it causes a routing incident. - **Post-power-failure recovery order matters** — see `.claude/POWER_FAILURE_RUNBOOK.md` for the full recovery sequence (Tailscale routes, libvirt/VMs, Seafile, NPM/DNS in order). - **VM "Windows Server 2016" (`ACG-DWP-X-BB`) — no LAN (2026-06-07):** guest stuck on APIPA `169.254.157.152`, no DHCP lease. Host side is healthy (vnet8 bridged to br0, forwarding, receiving LAN broadcast); fault is guest-side — single e1000 NIC set to DHCP, pfSense (172.16.0.1) not leasing it. Diagnose via `virsh domifaddr 9 --source agent` and qemu guest-exec `ipconfig /all`. Fix path: `ipconfig /renew` in-guest (stuck-client case) or assign a static IP if that is the intended config. PAUSED pending Mike's DHCP-vs-static decision. - **plexrequest (Seerr) outage + Overseerr->Seerr migration (2026-06-26):** Reported down. Root cause: the `Seerr` container (NPM target `172.16.3.31:5055`) had been **removed entirely** (gone from `docker ps -a`; everything else came back after a Docker restart, Seerr didn't) — it was a half-finished May-27 migration left `initialized:false`. The old working instance was `binhex-overseerr` (also stopped). Fix: recreated the `Seerr` container on br0 `.31`, then **migrated the real Overseerr data into it** (copied `/mnt/user/appdata/binhex-overseerr/overseerr` -> `/mnt/user/appdata/seerr`, chown `99:100`, started Seerr -> auto-migration "Overseerr to Seerr migration completed successfully"). Verified initialized, Plex/Radarr/Sonarr config + 191 requests + users preserved, public 200. Backups: old source untouched + `/mnt/user/appdata/_migbackup_20260626/overseerr-source.tgz`; pre-migration empty config at `/mnt/user/appdata/seerr.empty.preMig`. **Autostart:** added `Seerr` to `/var/lib/docker/unraid-autostart` (replaced the stale `binhex-overseerr`). **"Really slow" -> DNS:** Seerr felt very slow because every external lookup (TMDB metadata/posters) took ~4s — the container forwarded DNS to the host, whose **primary resolver `172.16.3.50` is DEAD** (see separate entry). Fixed by recreating Seerr with `--dns 1.1.1.1 --dns 8.8.8.8` (bypasses `.50`) and `LOG_LEVEL=info` (the template default `debug` dumped a full Radarr JSON per title — heavy log IO). In-container lookups went 4s -> ~0s. **Follow-up:** the `[Plex Scan]` job errors post-migration (`Cannot read properties of undefined (reading 'some')`) — re-select Plex libraries in Seerr settings to clear it. ## Backlinks - [[systems/gururmm-build]] — GuruRMM **was** a VM here (virsh domain "GuruRMM"); decommissioned 2026-06-12, now a physical box at 172.16.3.30 - [[systems/pluto]] — Claude-Builder VM hosted here (virsh domain "Claude-Builder") - [[systems/uranus]] — secondary storage Unraid node (separate machine, not hosted here)