Infrastructure
| Item | Status | Notes |
|---|---|---|
| Proxmox VE 9.1.1 | ✓ Complete | Kernel 6.17.2-1-pve, fully upgraded |
| ZFS Pool (vmpool) | ✓ Complete | 20.9T ONLINE, ashift=12, lz4 |
| ZFS Datasets | ✓ Complete | 7 datasets: prod, prod-db, dev, dev-db, workstation, backups, migration |
| pvesm Storage Pools | ✓ Complete | vmpool-prod, vmpool-prod-db, vmpool-dev, vmpool-dev-db, vmpool-ws, vmpool-backups |
| Resource Pools | ✓ Complete | prod, dev, workstation |
| Network Bond | ✓ Complete | bond0 active-backup (nic2+nic3), vmbr0 @ 10.1.50.11/24 |
| vmbr1 | ✓ Complete | VLAN-aware bridge on nic0, VIDs 2–4094 |
| PERC H710P | ✓ Verified | 26 drives optimal, BBU healthy, 0 errors |
| Tailscale | ⏳ Pending Auth | https://login.tailscale.com/a/13d98ea001f4b7 |
| iDRAC | ⚠ Temporary | 10.1.50.211 (temp) — target: 10.1.10.10 after switch VLAN config |
Virtual Machines
| VM | ID | Status | Spec | Notes |
|---|---|---|---|---|
| ubuntu-2404-template | 9000 | ✓ Complete | 2 core / 2 GB | Cloud-init base, SSH keys, qemu-agent |
| prod-postgres | 112 | ✓ Running | 8 core / 16 GB | PG16 @ 10.1.50.112, 200GB ZFS data disk, n8n DB restored (74 tables) |
| prod-n8n | 113 | ✓ Running | 4 core / 8 GB | 10.1.50.118 (IP conflict — .113 taken by switch device dc:e5:5b:62:35:ff) |
| dev-postgres | 114 | ✓ Running | 4 core / 8 GB | PG16 @ 10.1.50.114, 100GB data disk, n8n_dev + nexus_dev DBs |
| dev-docker | 115 | ✓ Running | 4 core / 8 GB | 10.1.50.115, n8n dev stack + cloudflared → dev.cloudmagicgroup.com |
| pbs01 (Proxmox Backup) | 110 | 📋 Planned | — | Week 2 — scheduled VM snapshot + offsite |
| prod-splunk | 116 | 📋 Planned | — | Week 2 — migrate from ThinkPad Docker |
| home-workstation | 117 | 📋 Planned | — | Week 2 — WSL2 projects VM |
Services
| Service | Status | URL / Location | Notes |
|---|---|---|---|
| n8n Production | ✓ Live | n8n.cloudmagicgroup.com | Cutover complete. Old n8n-cmtg (10.1.50.206) fully stopped. Tunnel fe21786c, 4 edge connections |
| n8n Development | ✓ Live | dev.cloudmagicgroup.com | Fresh DB (n8n_dev), dev credentials, tunnel 41ea6413. Login: admin / n8n_dev_admin_2026! |
| PostgreSQL 16 — Prod | ✓ Running | 10.1.50.112:5432 | n8n DB (74 tables restored), data on ZFS vmpool-prod-db |
| PostgreSQL 16 — Dev | ✓ Running | 10.1.50.114:5432 | n8n_dev + nexus_dev DBs, data on ZFS vmpool-dev-db |
| CF Tunnel pve01-prod | ℹ Idle | 61d9695e | Available for new prod services — not yet assigned to a hostname |
| Status Dashboard | ✓ Live | pve01-status.cloudmagicgroup.com | CF Pages, auto-refreshes 60s |
| Splunk | ⚠ ThinkPad | 10.1.50.132:8000 | Still on ThinkPad Docker — migration to VM 116 planned Week 2 |
| Tailscale | ⏳ Needs Auth | Auth URL | Installed on pve01, awaiting account creation + activation |
Open Items & Exceptions
| Item | Priority | Status | Notes |
|---|---|---|---|
| VM 113 IP conflict | 🟡 INFO | ⚠ Noted | 10.1.50.113 taken by unknown LAN device (MAC dc:e5:5b:62:35:ff) — VM runs on .118. Identify and reassign that device if .113 is needed. |
| Tailscale account + auth | 🟡 MEDIUM | ⏳ Blocked — needs account | Create free account at tailscale.com, then visit auth URL |
| iDRAC final IP | 🟡 MEDIUM | ⚠ Temp @ .211 | Currently 10.1.50.211 — move to 10.1.10.10 after switch VLAN 10 trunk port config |
| Switch trunk ports (nic0/nic1) | 🟡 MEDIUM | ⚠ Not cabled | nic0/nic1 not connected to switch. Required for vmbr1 VLAN-aware routing (prod/dev VLAN separation) |
| Anthropic API key (OpenClaw) | 🟡 INFO | ✓ Rotated | Was hardcoded in docker-compose.yml — moved to .env, new key applied May 17 |
| pve01 root password | 🟡 INFO | ℹ Deferred | Intentionally not rotating at this time per owner decision |
Migrations
| Service | Source | Target | Status | Notes |
|---|---|---|---|---|
| n8n Production | n8n-cmtg (10.1.50.206) | VM 113 (10.1.50.118) | ✓ Complete | Cutover May 17. Old server fully stopped. |
| n8n Database | n8n-cmtg postgres | VM 112 (10.1.50.112) | ✓ Complete | pg_restore, 74 tables, encryption key preserved |
| Dev n8n + Databases | — | VM 114 + 115 | ✓ Complete | Fresh env built May 17. n8n_dev + nexus_dev DBs ready. |
| Splunk | ThinkPad (10.1.50.132) | VM 116 | 📋 Week 2 | ThinkPad Splunk remains active until VM 116 is built |
| WSL Projects | WSL + ThinkPad | VM 117 | 📋 Week 2 | rsync already keeps WSL↔ThinkPad in sync |
Supabase Instances — Prod & Dev Gap Analysis
💡
Dev Strategy Decision Needed: All 11 existing Supabase instances are production-only (cloud). For dev we have two options: A) Create 8+ new cloud Supabase projects (~$0 on free tier, but complex to manage), or B) Deploy one self-hosted Supabase stack on VM 115 / new VM 119 — all dev databases in one Docker install, no per-project cost, one endpoint for everything. Recommendation: Option B — self-host on pve01.
| Project | Project Ref | Used By | Grant Migration | Dev Environment |
|---|---|---|---|---|
| nextgen-crm | wkjujqcgccxmjiijfjkm | Nexus CRM (booknexus.app) — main product | ⏳ Pending | ⚠ ThinkPad local only |
| internal-dashboard | dpixsxrvqwhdkylmbsfa | CMSG ops dashboard (cloudmagic.software) | 📋 Not affected | ✗ No dev DB |
| shuri | eksdpvazfcwssvptcnqi | Credential intelligence platform | ✓ Applied | ✗ No dev DB |
| leadgen | atmzbxpbvmyqfohkzyle | Lead generation platform | ⏳ Pending | ✗ No dev DB |
| per-fin | vufeioysqgdojytshrbl | Personal finance dashboard (Chris & Jen) | ⏳ Pending | ✗ No dev DB |
| ginete-app | xyeynclnoyijipvujlgr | Ginete app | ⏳ Pending | ✗ No dev DB |
| claude-claw | kyboxrlbwctvpzmcaore | WSL2 multi-agent orchestration runtime | ⏳ Pending | ✗ No dev DB |
| avaya | wjuavuucarznaioipitu | Avaya landing / portal | ⏳ Pending | ✗ No dev DB |
| msp-quote | pejhlbsncukzvgevjrok | MSP quoting system | 📋 Check needed | ✗ No dev DB |
| fovea | vhmwzcdxkcjnzqyroxuj | Internal analytics | 📋 Check needed | ✗ No dev DB |
| secure-online / svo-free | ⚠ Not configured | Secure Verify Online (SVO) | ⏳ Pending | ✗ No dev DB |
Grant migration deadline: October 30, 2026 — 8 projects pending. Notion tracker: View tracker
Immediate Build Queue (This Week)
| Task | VM / Target | Why Now | Notes |
|---|---|---|---|
| Splunk VM (prod-splunk) | VM 116 | 🔴 Blocking | Splunk is required for all service telemetry and compliance. ThinkPad Splunk is a single point of failure. Build VM 116, migrate Docker stack, update all project HEC endpoints. ThinkPad Splunk stops after cutover verified. |
| Supabase self-hosted (dev) | VM 119 or VM 115 | 🔴 Dev Blocked | All 11 Supabase instances are prod-only. One self-hosted Docker install on pve01 gives dev databases for all projects — no per-project cloud cost. Need decision: add to VM 115 or new dedicated VM 119. |
| PBS VM (pbs01) | VM 110 | 🟡 Risk | No VM backups currently. Build Proxmox Backup Server pointed at vmpool-backups ZFS dataset. Snapshot schedule: daily for prod VMs, weekly for dev. |
| Tailscale activation | pve01 + VMs | 🟡 Access | Create free Tailscale account → auth URL. Then install on VMs 112-115. Removes dependency on VPN clients for remote access. |
Backlog
| Task | VM / Target | Depends On | Notes |
|---|---|---|---|
| Switch trunk port cabling | Physical | — | Connect nic0/nic1. Enables vmbr1 VLAN-aware routing for prod/dev network separation. |
| iDRAC final IP move | 10.1.10.10 | Switch trunk config | Move from 10.1.50.211 → 10.1.10.10 (IPMI VLAN) |
| Supabase grant migrations | Cloud (8 projects) | — | Deadline Oct 30, 2026. Run supabase db push per project. See Supabase table above. |
| Ollama + open-webui | VM 115 | VM 115 running ✓ | CPU-only Ollama + open-webui. Expose via pve01-dev tunnel or dedicated hostname. |
| Home workstation VM | VM 117 | PBS operational | Ubuntu desktop or WSL2 VM on vmpool-ws storage. |