Files
claudetools/wiki/systems/jupiter.md
Mike Swanson 4321dbbbc0 sync: auto-sync from GURU-5070 at 2026-06-27 04:42:51
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-27 04:42:51
2026-06-27 04:44:53 -07:00

10 KiB

type, name, display_name, last_compiled, compiled_by, sources, backlinks
type name display_name last_compiled compiled_by sources backlinks
system jupiter Jupiter 2026-06-26 GURU-5070/claude-main
credentials.md
.claude/memory/infra_office_network.md
2026-06-26 plexrequest Overseerr->Seerr migration (mike)
systems/gururmm-build
systems/pluto
systems/uranus

Jupiter

Identity

  • Hostname: Jupiter
  • IP: 172.16.3.20
  • Role: Primary Unraid NAS — virsh VM host + Docker container host for ACG infrastructure
  • Location: ACG office
  • OS: Unraid (version not documented; presumed current)
  • Hardware: Dell (iDRAC present — likely PowerEdge; exact model not documented)

Specs

Not documented. iDRAC available at 172.16.1.73 (DHCP) for OOB management.

Services

Docker Containers

Container Port(s) Notes
npm 1880 (HTTP), 18443 (HTTPS), 7818 (admin) Nginx Proxy Manager — handles all external reverse proxying
gitea 3000 (HTTP), 2222 (SSH) Internal Gitea git server; http://172.16.3.20:3000
seafile + mysql + elasticsearch + memcached 8082 Seafile Pro file sync stack
dns-relay br0 172.16.3.50:53 DNS relay — dnsmasq (4km3/dnsmasq) forwarding all queries to the gateway 172.16.0.1 (pfSense unbound). Stood up 2026-06-26 to revive the dead 172.16.3.50 resolver IP so every device/config hardcoded to .50 works without being touched. --no-resolv --no-hosts --server=172.16.0.1 --cache-size=1000, --restart unless-stopped, first in the autostart list (DNS up before other containers). dnsmasq's default local-service limits answers to the 172.16.0.0/22 LAN (not an open resolver). No Unraid template (created via docker run).
Seerr br0 172.16.3.31:5055 Plex request manager (Overseerr successor). Runs on br0 with a static IP + --init --user 99:100, --restart unless-stopped. Image ghcr.io/seerr-team/seerr:latest, appdata /mnt/user/appdata/seerr. Template my-Seerr.xml fixed to br0/.31 on 2026-06-26 (was bridge — a UI re-apply in bridge mode would break the NPM .31 target). Not yet in Unraid autostart list — toggle on in the Docker tab so it survives an array stop/start.

NPM → 443 routing: iptables PREROUTING rule on Jupiter: dpt:443 → 172.17.0.2:443 (NPM Docker bridge IP). Persisted in /boot/config/go so it survives reboots.

Virtual Machines (virsh)

VM IP State Role
GuruRMM 172.16.3.30 decommissioned 2026-06-12 Former GuruRMM VM — migrated to a physical box that took the .30 IP (2026-06-11); virsh domain destroyed + disk deleted 2026-06-12. No longer on Jupiter.
Claude-Builder (Pluto) 172.16.3.36 running Windows Server 2019 — MSI + cargo builds
OwnCloud 172.16.3.22 running OwnCloud file sync VM (cloud.acghosting.com)
Unifi 172.16.3.29 running UOS Server — self-hosted UniFi OS controller (~49 sites). Rocky 9; app+Mongo in rootless podman uosserver. Access + DB query: uos-server
Windows 7 shut off
Windows Server 2016 (none — APIPA) running Windows guest ACG-DWP-X-BB; e1000 NIC vnet8 on br0, DHCP not leasing — see Known Issues
Windows Server 2016_Template shut off

Access

  • SSH: ssh root@172.16.3.20 port 22
  • Password: op://Infrastructure/Jupiter (Unraid Primary)/password
  • Unraid Web UI: http://172.16.3.20 (same password)
  • NPM Admin: http://172.16.3.20:7818
  • iDRAC: https://172.16.1.73 (DHCP — IP may change)
    • User: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC User
    • Password: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC Password
    • IPMI Key: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.IPMI Key
  • Vault path: op://Infrastructure/Jupiter (Unraid Primary)/
  • SSH keys authorized: claude-code@localadmin (ed25519), root@GuruSync (ed25519), guru@wsl (ed25519), guru@gururmm-build (ed25519)

NPM Proxy Hosts (as of credentials.md — may be stale)

External Host Internal Target Notes
emby.azcomputerguru.com 172.16.2.99:8096 Emby media server
git.azcomputerguru.com 172.16.3.20:3000 Gitea (Cloudflare-fronted — blocks direct curl; use http://172.16.3.20:3000 internally)
rmm-api.azcomputerguru.com 172.16.3.20:3001 STALE — actual GuruRMM API is on 172.16.3.30:3001; update this in NPM admin
unifi.azcomputerguru.com 172.16.3.29:11443 UOS Server (UniFi OS). Verified from NPM API 2026-06-15 — earlier .28:8443 was stale. The real HTTPS port is 11443 (8443/443 are closed). See uos-server.
sync.azcomputerguru.com 172.16.3.20:8082 Seafile Pro
plexrequest.azcomputerguru.com 172.16.3.31:5055 Seerr (Plex request manager) — Seerr Docker container on br0 172.16.3.31, appdata /mnt/user/appdata/seerr. Migrated Overseerr -> Seerr 3.2.0 on 2026-06-26 (Overseerr is being abandoned; Seerr is its successor). Cloudflare-fronted, so bare curl returns 403 — test with a browser UA. See Known Issues for the outage that prompted the migration.

[ACTION REQUIRED] Update rmm-api.azcomputerguru.com proxy target from 172.16.3.20:3001172.16.3.30:3001 in NPM admin (http://172.16.3.20:7818).

Gitea

  • Internal URL: http://172.16.3.20:3000 (use this for API calls and curl — git.azcomputerguru.com is Cloudflare-fronted and blocks direct curl)
  • SSH clone: ssh://azcomputerguru@172.16.3.20:2222/azcomputerguru/repo.git
  • External URL: https://git.azcomputerguru.com (browser only)
  • API Token: op://Infrastructure/Gitea/API.API Token

Known Issues & Quirks

  • [HOST-WIDE] Primary DNS 172.16.3.50 is DEAD but still Jupiter's first resolver (found 2026-06-26): /etc/resolv.conf (generated by rc.inet1 from Unraid network settings) lists nameserver 172.16.3.50 first, then 8.8.8.8, 1.1.1.1. 172.16.3.50 is down (100% ping loss, host-unreachable, :53 times out ~5s). Result: every cache-miss DNS lookup on the host AND in every container that forwards to the host eats a ~5s timeout before falling back to 8.8.8.8 — slows all DNS-heavy containers (Seerr was the worst-hit). Per-container workaround applied to Seerr (--dns 1.1.1.1 8.8.8.8). FIXED 2026-06-26 via a DNS relay: stood up the dns-relay container (dnsmasq on br0 172.16.3.50, see Docker table) forwarding to 172.16.0.1.50 now answers again (0.3s cold / 0.04s cached, verified from a LAN client), so every device/config hardcoded to .50 works without being repointed. Caveat — Jupiter's OWN host DNS: the host's /etc/resolv.conf still lists .50 first, but ipvlan blocks a host from reaching its own br0 container, so the host itself can't use the relay and still eats the ~5s fallback for its own lookups. To fix the host specifically, set its DNS1 to 172.16.0.1 directly in Unraid Settings -> Network Settings (/boot/config/network.cfg DNS_SERVER1). LAN clients and other-host devices are unaffected by this caveat — only Jupiter-the-host.
  • iptables PREROUTING for port 443 persists via /boot/config/go — if NPM routing breaks after a reboot, check this file first.
  • iDRAC IP is DHCP (172.16.1.73) — may drift. Verify before relying on it for OOB access.
  • guruRMM API proxy stale — see NPM table above. Fix before it causes a routing incident.
  • Post-power-failure recovery order matters — see .claude/POWER_FAILURE_RUNBOOK.md for the full recovery sequence (Tailscale routes, libvirt/VMs, Seafile, NPM/DNS in order).
  • VM "Windows Server 2016" (ACG-DWP-X-BB) — no LAN (2026-06-07): guest stuck on APIPA 169.254.157.152, no DHCP lease. Host side is healthy (vnet8 bridged to br0, forwarding, receiving LAN broadcast); fault is guest-side — single e1000 NIC set to DHCP, pfSense (172.16.0.1) not leasing it. Diagnose via virsh domifaddr 9 --source agent and qemu guest-exec ipconfig /all. Fix path: ipconfig /renew in-guest (stuck-client case) or assign a static IP if that is the intended config. PAUSED pending Mike's DHCP-vs-static decision.
  • plexrequest (Seerr) outage + Overseerr->Seerr migration (2026-06-26): Reported down. Root cause: the Seerr container (NPM target 172.16.3.31:5055) had been removed entirely (gone from docker ps -a; everything else came back after a Docker restart, Seerr didn't) — it was a half-finished May-27 migration left initialized:false. The old working instance was binhex-overseerr (also stopped). Fix: recreated the Seerr container on br0 .31, then migrated the real Overseerr data into it (copied /mnt/user/appdata/binhex-overseerr/overseerr -> /mnt/user/appdata/seerr, chown 99:100, started Seerr -> auto-migration "Overseerr to Seerr migration completed successfully"). Verified initialized, Plex/Radarr/Sonarr config + 191 requests + users preserved, public 200. Backups: old source untouched + /mnt/user/appdata/_migbackup_20260626/overseerr-source.tgz; pre-migration empty config at /mnt/user/appdata/seerr.empty.preMig. Autostart: added Seerr to /var/lib/docker/unraid-autostart (replaced the stale binhex-overseerr). "Really slow" -> DNS: Seerr felt very slow because every external lookup (TMDB metadata/posters) took ~4s — the container forwarded DNS to the host, whose primary resolver 172.16.3.50 is DEAD (see separate entry). Fixed by recreating Seerr with --dns 1.1.1.1 --dns 8.8.8.8 (bypasses .50) and LOG_LEVEL=info (the template default debug dumped a full Radarr JSON per title — heavy log IO). In-container lookups went 4s -> ~0s. Follow-up: the [Plex Scan] job errors post-migration (Cannot read properties of undefined (reading 'some')) — re-select Plex libraries in Seerr settings to clear it.
  • systems/gururmm-build — GuruRMM was a VM here (virsh domain "GuruRMM"); decommissioned 2026-06-12, now a physical box at 172.16.3.30
  • systems/pluto — Claude-Builder VM hosted here (virsh domain "Claude-Builder")
  • systems/uranus — secondary storage Unraid node (separate machine, not hosted here)