--- name: Full Infrastructure Setup - 5060ihome description: Complete private cloud, Cloudflare, Gitea, K8s, MAAS, and all services installed on 5060ihome (2026-04-16) type: project originSessionId: 7a5d7140-8724-47d5-b862-13e66e2c0212 --- ## Machine: 5060ihome (this machine) - **IP Tailscale**: 100.90.81.47 - **CPU**: Intel i5-14400F (10 cores, 16 threads) - **RAM**: 32GB - **GPU**: NVIDIA RTX 5060 Ti (driver 590.48.01 installed, needs reboot to load) - **OS**: Ubuntu 24.04 Noble - **Disks**: nvme0n1 (1TB WD Blue), sda (465GB Toshiba), sdb (224GB SanDisk - Gitea), sdc (112GB Transcend), sdd (447GB SanDisk) ## Installed Services ### Gitea (Git Server) - RUNNING - Port: 3000 (HTTP), 2222 (SSH) - Data: /srv/gitea on sdb (ext4, mounted, in fstab) - Admin: yohay / Biton24680#@$ - 6 repos: claude-memory-{storai,gama,dgx,dgx2,arcai,shared} - 5 users: claude-{storai,gama,dgx,dgx2,arcai} with write access - Auto-sync timer: claude-memory-sync.timer (every 5 min) - URL: https://git.yohay.ai ### MicroK8s (Kubernetes) - RUNNING - Version: 1.32 - Addons enabled: dns, hostpath-storage, ingress, dashboard, metallb (10.64.140.43-49), registry (localhost:32000), metrics-server - GPU addon enabled but needs reboot for NVIDIA 590 driver - Dashboard token available via: microk8s kubectl describe secret -n kube-system microk8s-dashboard-token - Dashboard exposed on NodePort 30443 - URL: https://k8s.yohay.ai (API), https://dash.yohay.ai (Dashboard) ### MAAS (Bare Metal Provisioning) - RUNNING - Version: 3.5 - Port: 5240 - DB: PostgreSQL (maas:Biton24680@localhost/maasdb) - Admin: yohay / Biton24680#@$ / bar@yohay.ai - URL: https://maas.yohay.ai ### LXD (Containers/VMs) - RUNNING - Version: 6.7 - Port: 8443 (HTTPS) - Storage pool: default (btrfs, 100GB) - Network: lxdbr0 (10.99.0.1/24) - URL: https://lxd.yohay.ai ### Juju (Orchestrator) - INSTALLED - Version: 3.6.21 ### Nomad - RUNNING (joined cluster) - Connected to cluster via 100.124.217.84:4647 (10-100-102-241) - Node name: meni-office0-0001 (was already set up from previous session on meni-office0-0001) - Port: 4646 - URL: https://nomad.yohay.ai ### Tailscale - RUNNING - Node name: 5060ihome - IP: 100.90.81.47 ### Cloudflared (Cloudflare Tunnel) - RUNNING - Tunnel ID: 117e8f06-753f-4ef7-8d58-b065a74a3ba0 - Tunnel name: 5060ihome - Connected to: tlv03, fra17, fra18 (Israel + Frankfurt) - Config version: 3 ### NVIDIA Driver - Installed: 590.48.01 (upgraded from 580) - Status: NEEDS REBOOT to load new driver ## Cloudflare Configuration ### Account - Account ID: a182e69b048ebabb970ffd4e91cc741b - Email: meni@biton.pro - Zone: yohay.ai (ID: 729e5afe1753f82f06c3416dc2e1aca0) ### API Tokens (from OVH KMS) - Global API Key: cfk_PEbNE7Xq4ulKAHaENVHew3nTaabJGCdX0kKw7P8V5654f0d8 (use with X-Auth-Email: meni@biton.pro) - Provisioner Token: cfut_79EHtlXBHzkjVXnJI3gl8P9ONgG5DJ09ns5db6do21163b36 (Bearer token, has Tunnel+DNS perms) ### Tunnel Ingress Rules (version 3) | Hostname | Service | Notes | |----------|---------|-------| | git.yohay.ai | http://localhost:3000 | Gitea | | nomad.yohay.ai | http://localhost:4646 | Nomad | | maas.yohay.ai | http://localhost:5240 | MAAS | | k8s.yohay.ai | https://localhost:16443 | K8s API (noTLSVerify) | | dash.yohay.ai | https://localhost:30443 | K8s Dashboard (noTLSVerify) | | lxd.yohay.ai | https://localhost:8443 | LXD (noTLSVerify) | | portainer.yohay.ai | http://localhost:9000 | | | vault.yohay.ai | http://localhost:8200 | | | minio.yohay.ai | http://localhost:9001 | | | elk.yohay.ai | http://localhost:5601 | | | uptime.yohay.ai | http://localhost:3001 | | | monitor.yohay.ai | http://localhost:9090 | | | n8n.yohay.ai | http://localhost:5678 | | | nodered.yohay.ai | http://localhost:1880 | | | home.yohay.ai | http://localhost:8123 | | | chat.yohay.ai | http://localhost:8065 | | | matrix.yohay.ai | http://localhost:8008 | | | meet.yohay.ai | http://localhost:8443 | CONFLICT with LXD! | | wiki.yohay.ai | http://localhost:3000 | CONFLICT with Gitea! | | draw.yohay.ai | http://localhost:8080 | | | comfyui.yohay.ai | http://localhost:8188 | | | webui.yohay.ai | http://localhost:7860 | | | ollama.yohay.ai | http://localhost:11434 | | | frigate.yohay.ai | http://localhost:5000 | | | rustdesk.yohay.ai | http://localhost:21114 | | | aster.yohay.ai | http://localhost:5989 | | | api.yohay.ai | http://localhost:8080 | | | sso.yohay.ai | http://localhost:9000 | | | registry.yohay.ai | http://localhost:32000 | K8s Registry | ### SSL/Certificates - Wildcard cert: *.yohay.ai (advanced, active) - SSL mode: full ### Cloudflare Access (Zero Trust) - App: "yohay.ai - All Services" (ID: 46458e7d-dfb5-4f40-9c6b-9e1498e00bf2) - Domain: *.yohay.ai - Auth: Google Workspace (IDP: 6ce8a0ab-b3fd-4174-9d8b-87eacd2e2e97) - Also: One-time PIN (IDP: b2e75643-bcb4-4c0d-88be-c006aad06823) - Policy: Allow @yohay.ai and @biton.pro emails - Session: 24h - Access portal: bitonpro.cloudflareaccess.com ### DNS Records Created (CNAME -> tunnel) git, nomad, maas, k8s, dash, lxd, portainer, vault, minio, elk, uptime, monitor, n8n, nodered, home, chat, matrix, meet, wiki, draw, comfyui, webui, frigate, rustdesk, api, sso, registry ## OVH KMS - KMS ID: 17212333-c57e-481e-a3d2-07d3ff1a192c - Region: eu-west-gra (Gravelines, France) - Client cert: d05a39c2-99c1-4f6f-8780-c7e32e683a53 (on meni-office0-0001 Downloads) - Secrets stored: cloudflare/global-api-key, cloudflare/provisioner-token, google/oauth, tailscale/api-key ## Tailscale Network (key nodes) | Node | IP | Tags | Status | |------|----|------|--------| | 5060ihome | 100.90.81.47 | - | online (this machine) | | arcai | 100.81.132.108 | tagged-devices | online | | gama-2 | 100.122.148.62 | tagged-devices | online | | storai-1 | 100.92.89.14 | tagged-devices | online | | stor130 | 100.103.249.102 | tag:ai-core | online | | stor181 | 100.95.72.88 | tag:ai-core | online | | meni-office0-0001-1 | 100.103.133.48 | tag:off | online | | 10-100-102-240 | 100.78.185.72 | tagged-devices | online | | 10-100-102-241 | 100.124.217.84 | tagged-devices | online (Nomad server) | ## Passwords (user's lab, closed VPN) - yohay on 5060ihome: Biton24680#@$ - yohay on other servers: Bar2526#@$, Biton24680@!, Bazp383189! - Tailscale auth key: tskey-auth-kx4QSRdqy321CNTRL-Dm6PrFTqN9KnaKSmKMNQ8KEq4QNtpQjw ## TODO (next session) 1. REBOOT for NVIDIA 590 driver to load 2. After reboot: enable GPU in MicroK8s, deploy AI workloads (Ollama, ComfyUI, WebUI) 3. Fix port conflicts: meet.yohay.ai (8443 conflicts with LXD), wiki.yohay.ai (3000 conflicts with Gitea) 4. Deploy remaining services in K8s: Portainer, Vault, MinIO, ELK, Uptime, n8n, Node-RED, etc. 5. Connect other nodes to MicroK8s cluster (stor130, stor181, etc.) - blocked by Tailscale ACL 6. Fix Tailscale ACL: tag:off needs SSH access to tag:ai-core nodes 7. Set up Kubeflow for ML pipeline on GPU