name, description, type, originSessionId
| name |
description |
type |
originSessionId |
| Full Infrastructure Setup - 5060ihome |
Complete private cloud, Cloudflare, Gitea, K8s, MAAS, and all services installed on 5060ihome (2026-04-16) |
project |
7a5d7140-8724-47d5-b862-13e66e2c0212 |
Machine: 5060ihome (this machine)
- IP Tailscale: 100.90.81.47
- CPU: Intel i5-14400F (10 cores, 16 threads)
- RAM: 32GB
- GPU: NVIDIA RTX 5060 Ti (driver 590.48.01 installed, needs reboot to load)
- OS: Ubuntu 24.04 Noble
- Disks: nvme0n1 (1TB WD Blue), sda (465GB Toshiba), sdb (224GB SanDisk - Gitea), sdc (112GB Transcend), sdd (447GB SanDisk)
Installed Services
Gitea (Git Server) - RUNNING
- Port: 3000 (HTTP), 2222 (SSH)
- Data: /srv/gitea on sdb (ext4, mounted, in fstab)
- Admin: yohay / Biton24680#@$
- 6 repos: claude-memory-{storai,gama,dgx,dgx2,arcai,shared}
- 5 users: claude-{storai,gama,dgx,dgx2,arcai} with write access
- Auto-sync timer: claude-memory-sync.timer (every 5 min)
- URL: https://git.yohay.ai
MicroK8s (Kubernetes) - RUNNING
- Version: 1.32
- Addons enabled: dns, hostpath-storage, ingress, dashboard, metallb (10.64.140.43-49), registry (localhost:32000), metrics-server
- GPU addon enabled but needs reboot for NVIDIA 590 driver
- Dashboard token available via: microk8s kubectl describe secret -n kube-system microk8s-dashboard-token
- Dashboard exposed on NodePort 30443
- URL: https://k8s.yohay.ai (API), https://dash.yohay.ai (Dashboard)
MAAS (Bare Metal Provisioning) - RUNNING
LXD (Containers/VMs) - RUNNING
- Version: 6.7
- Port: 8443 (HTTPS)
- Storage pool: default (btrfs, 100GB)
- Network: lxdbr0 (10.99.0.1/24)
- URL: https://lxd.yohay.ai
Juju (Orchestrator) - INSTALLED
Nomad - RUNNING (joined cluster)
- Connected to cluster via 100.124.217.84:4647 (10-100-102-241)
- Node name: meni-office0-0001 (was already set up from previous session on meni-office0-0001)
- Port: 4646
- URL: https://nomad.yohay.ai
Tailscale - RUNNING
- Node name: 5060ihome
- IP: 100.90.81.47
Cloudflared (Cloudflare Tunnel) - RUNNING
- Tunnel ID: 117e8f06-753f-4ef7-8d58-b065a74a3ba0
- Tunnel name: 5060ihome
- Connected to: tlv03, fra17, fra18 (Israel + Frankfurt)
- Config version: 3
NVIDIA Driver
- Installed: 590.48.01 (upgraded from 580)
- Status: NEEDS REBOOT to load new driver
Cloudflare Configuration
Account
- Account ID: a182e69b048ebabb970ffd4e91cc741b
- Email: meni@biton.pro
- Zone: yohay.ai (ID: 729e5afe1753f82f06c3416dc2e1aca0)
API Tokens (from OVH KMS)
- Global API Key: cfk_PEbNE7Xq4ulKAHaENVHew3nTaabJGCdX0kKw7P8V5654f0d8 (use with X-Auth-Email: meni@biton.pro)
- Provisioner Token: cfut_79EHtlXBHzkjVXnJI3gl8P9ONgG5DJ09ns5db6do21163b36 (Bearer token, has Tunnel+DNS perms)
Tunnel Ingress Rules (version 3)
SSL/Certificates
- Wildcard cert: *.yohay.ai (advanced, active)
- SSL mode: full
Cloudflare Access (Zero Trust)
- App: "yohay.ai - All Services" (ID: 46458e7d-dfb5-4f40-9c6b-9e1498e00bf2)
- Domain: *.yohay.ai
- Auth: Google Workspace (IDP: 6ce8a0ab-b3fd-4174-9d8b-87eacd2e2e97)
- Also: One-time PIN (IDP: b2e75643-bcb4-4c0d-88be-c006aad06823)
- Policy: Allow @yohay.ai and @biton.pro emails
- Session: 24h
- Access portal: bitonpro.cloudflareaccess.com
DNS Records Created (CNAME -> tunnel)
git, nomad, maas, k8s, dash, lxd, portainer, vault, minio, elk, uptime, monitor, n8n, nodered, home, chat, matrix, meet, wiki, draw, comfyui, webui, frigate, rustdesk, api, sso, registry
OVH KMS
- KMS ID: 17212333-c57e-481e-a3d2-07d3ff1a192c
- Region: eu-west-gra (Gravelines, France)
- Client cert: d05a39c2-99c1-4f6f-8780-c7e32e683a53 (on meni-office0-0001 Downloads)
- Secrets stored: cloudflare/global-api-key, cloudflare/provisioner-token, google/oauth, tailscale/api-key
Tailscale Network (key nodes)
| Node |
IP |
Tags |
Status |
| 5060ihome |
100.90.81.47 |
- |
online (this machine) |
| arcai |
100.81.132.108 |
tagged-devices |
online |
| gama-2 |
100.122.148.62 |
tagged-devices |
online |
| storai-1 |
100.92.89.14 |
tagged-devices |
online |
| stor130 |
100.103.249.102 |
tag:ai-core |
online |
| stor181 |
100.95.72.88 |
tag:ai-core |
online |
| meni-office0-0001-1 |
100.103.133.48 |
tag:off |
online |
| 10-100-102-240 |
100.78.185.72 |
tagged-devices |
online |
| 10-100-102-241 |
100.124.217.84 |
tagged-devices |
online (Nomad server) |
Passwords (user's lab, closed VPN)
- yohay on 5060ihome: Biton24680#@$
- yohay on other servers: Bar2526#@$, Biton24680@!, Bazp383189!
- Tailscale auth key: tskey-auth-kx4QSRdqy321CNTRL-Dm6PrFTqN9KnaKSmKMNQ8KEq4QNtpQjw
TODO (next session)
- REBOOT for NVIDIA 590 driver to load
- After reboot: enable GPU in MicroK8s, deploy AI workloads (Ollama, ComfyUI, WebUI)
- Fix port conflicts: meet.yohay.ai (8443 conflicts with LXD), wiki.yohay.ai (3000 conflicts with Gitea)
- Deploy remaining services in K8s: Portainer, Vault, MinIO, ELK, Uptime, n8n, Node-RED, etc.
- Connect other nodes to MicroK8s cluster (stor130, stor181, etc.) - blocked by Tailscale ACL
- Fix Tailscale ACL: tag:off needs SSH access to tag:ai-core nodes
- Set up Kubeflow for ML pipeline on GPU
