prox¶
| Field | Value |
|---|---|
| ID | prox |
| Class | host |
| Role | hypervisor |
| Status | active |
| Primary IP | 192.168.6.71 |
| Tailscale | proxbox-cube — 100.97.134.65 (tag:server) |
Overview¶
Primary Proxmox VE hypervisor (Debian 13 / PVE 9). Runs infra-services VM,
saltierpoop VM, and most lab LXCs/VMs. Inventory:
inventory/hosts/prox.yaml.
Management: SSH as root only (ssh proxbox → 192.168.6.71). ansible-pull
is live (30-min timer) as of 2026-06-23. No someone operator account.
Access¶
| Method | URL / command |
|---|---|
| Proxmox UI | https://192.168.6.71:8006 |
| SSH | ssh proxbox (owner config: root, ~/.ssh/proxbox) |
| Tailscale | 100.97.134.65 |
Configuration notes¶
- Patching:
patching_wave1; push-mode upgrades from infra-services asroot(host_vars/prox.yml). See coordinated OS patching. - Graylog syslog:
graylog-syslog-clienton ansible-pull — forwards harbor-registry, pulse, and octoprint (when running) to Graylog viapct. See central syslog Graylog. - SSH:
common_ssh_permit_root: prohibit-password— do not use defaultno(locks out root-only host). - NTP:
common_manage_timesyncd: false— PVE has nosystemd-timesyncd. - Firewall:
common_manage_firewall: false— uses pve-firewall, not UFW - MTU:
9000onenp2s0/vmbr0(VLAN-aware bridge) - Tailscale: Accept routes enabled; does not advertise subnet routes
- ARA:
/etc/homelab/ara-callback.env+arapip (records ansible-pull runs) - Secrets:
/etc/homelab/age-key.txt+/root/.ssh/github_deploy(not in git)
Bootstrap reference¶
Full first-time bootstrap: push from infra-services with patch-controller key — see coordinated OS patching — prox bootstrap.
Runbooks¶
- Coordinated OS patching
- Phase 7 owner actions — Tailscale §5b
- Proxmox API token — labctl guest-agent exec
- Documentation validation
Related¶
- infra-services — primary VM on prox
- Network live — Servers VLAN