obsidian/wiki/infrastructure/_index.md

---
tags: [infrastructure, index]
updated: 2026-04-27
---

# Infrastructure — Index

Server inventory for all SSH-accessible machines. Last audited: 2026-04-24. Update this section whenever you SSH in and notice changes.

## Oliver Agency Servers (GCP)

| Article | Server | IP | Role |
|---------|--------|----|------|
| [[wiki/infrastructure/server-optical\|server-optical]] | optical-web-1 | 10.220.168.5 | Main AI prod — 35+ apps, systemd |
| [[wiki/infrastructure/server-optical-dev\|server-optical-dev]] | optical-dev | 10.220.168.9 | Docker staging — ppt-tool, cc-dashboard, semblance, 15+ apps |
| [[wiki/infrastructure/server-optical-prod\|server-optical-prod]] | optical-prod | 10.220.168.8 | Minimal / secondary prod |
| [[wiki/infrastructure/server-librechat\|server-librechat]] | librechat-dev + prod | 10.220.168.2 / .4 | LibreChat AI chat platform (both envs) |
| [[wiki/infrastructure/server-modocmms\|server-modocmms]] | modcomms-01 | 10.220.168.6 | ModoCMMS staging + prod (Apache) |
| [[wiki/infrastructure/server-baic\|server-baic]] | web-03 | 10.220.72.13 | Main web host — 40+ domains, oliver.agency |
| [[wiki/infrastructure/server-box-cli\|server-box-cli]] | box-cli-01 | 10.220.176.3 | Ford/L'Oréal hotfolder, CentOS 7, 1TB NFS |

## Personal / Aimpress

| Article | Server | IP | Role |
|---------|--------|----|------|
| [[wiki/infrastructure/server-aimpress\|server-aimpress]] | c2-15-uk1 | 57.128.160.249 | Aimpress VPS — Mailcow, n8n, Traefik |
| [[wiki/infrastructure/server-pve\|server-pve]] | pve | 192.168.1.48 | Proxmox homelab — 8 containers + Kali VM |

## Quick Reference

| Article | Purpose |
|---------|---------|
| [[wiki/infrastructure/ssh-aliases\|ssh-aliases]] | All aliases, IPs, keys, health-check one-liner |
| [[wiki/infrastructure/network-topology\|network-topology]] | Internet→router→NPM→services flow, LAN subnet map, DNS paths, Tailscale overlay |

## ⚠ Known Issues

> Add date when you discover an issue. Move to ✅ Resolved when fixed, then delete after 2 weeks.

### 🔴 Critical
- `optical` `2026-04-24` — **DISK 99% FULL** — 5.9 GB free on 533 GB. Top offenders: `/opt/ferrero-opentext` 12 GB, `/opt/backups` 8.9 GB, `/opt/sandbox-notebookllamalm-nextjs` 8.5 GB — **action needed**
- `optical` `2026-04-24` — **SSL cert expires May 8 2026** — ai-sandbox.oliver.solutions — renew before May 8
- `optical` `2026-04-24` — **notebookllama-backend.service FAILED** — crashed, taking 8.5 GB disk

### 🟠 Security
- `optical` `2026-04-24` — All databases bound to `0.0.0.0`: Redis ×3 (:6379/:6380/:6399), PostgreSQL ×3 (:5432/:5433/:5437), MongoDB ×3 (:27017/:27019/:27021), Neo4j (:7474/:7475/:7687/:7688)
- `librechat-prod` `2026-04-24` — MongoDB :27017 on `0.0.0.0` — publicly exposed, no auth config found
- `baic` `2026-04-24` — PostgreSQL :5432 + rpcbind :111 on `0.0.0.0`
- `optical-dev` `2026-04-24` — PostgreSQL :5436/:5491/:5493 + olivas :8000 + cc-dashboard :8800 on `0.0.0.0`
- `baic` `2026-04-21` — Grafana default `admin:admin` password unchanged

### 🟡 Capacity
- `librechat-prod` `2026-04-24` — data directory **197 GB** (484 GB total, 65%) — monitor growth
- `pve` usb-backup `2026-05-03` — **37.58%** (345GB/916GB) — was 12% — growing fast, check vzdump retention
- `pve` vm-102-disk-0 `2026-05-03` — thin-pool 99.39% allocated — run `fstrim` in CT102 (df shows 36% — not urgent but should be cleaned)
- `aimpress` `2026-04-24` — 26.58 GB reclaimable Docker images (`docker image prune -a`)
- `baic` `2026-04-24` — large vhosts: ustudio.global 22 GB, ustudiostaging2 19 GB, ie.oliver.agency 13 GB

### 🟠 Security
- `optical` `2026-04-24` — All databases bound to `0.0.0.0`: Redis ×3 (:6379/:6380/:6399), PostgreSQL ×3 (:5432/:5433/:5437), MongoDB ×3 (:27017/:27019/:27021), Neo4j (:7474/:7475/:7687/:7688)
- `librechat-prod` `2026-04-24` — MongoDB :27017 on `0.0.0.0` — publicly exposed, no auth config found
- `baic` `2026-04-24` — PostgreSQL :5432 + rpcbind :111 on `0.0.0.0`
- `optical-dev` `2026-04-24` — PostgreSQL :5436/:5491/:5493 + olivas :8000 + cc-dashboard :8800 on `0.0.0.0`
- `baic` `2026-04-21` — Grafana default `admin:admin` password unchanged
- `pve` CT102 `2026-05-03` — **docker-socket-proxy on 0.0.0.0:2376** — Docker API accessible on LAN (should be 127.0.0.1)

### 🔵 Maintenance
- `optical-dev` `2026-04-24` — hp-prod-tracker + dow-prod-tracker containers unhealthy (healthcheck misconfigured, apps running fine)
- `box-cli` `2026-04-24` — CentOS 7 EOL since Jun 2024 — needs OS migration
- `pve` CT105 `2026-05-03` — **Immich STOPPED** — fix: `pct set 105 --delete dev1 && pct set 105 --delete dev2 && pct start 105`
- `pve` CT101 `2026-05-03` — **Legacy AdGuard still running** — router DHCP DNS still points to 192.168.1.62, needs update to 192.168.1.225
- `pve` CT102 `2026-05-03` — **Stirling-PDF broken** — OIDC points to deleted Authentik — fix: set SECURITY_OAUTH2_ENABLED=false
- `pve` CT102 `2026-05-03` — **Loki without Promtail** — logs not flowing
- `pve` CT102 `2026-05-03` — **CrowdSec without bouncer** — IPS observing but not blocking
- `pve` CT102 `2026-05-03` — **5 dead NPM proxy hosts** — id=5,6,8,12 (delete), id=10 (change to CT102 AdGuard :8053)
- `pve` host `2026-05-03` — rpcbind :111 open on 0.0.0.0 — disable if no NFS: `systemctl disable --now rpcbind rpcbind.socket`
- `pve` `2026-05-03` — Tailscale no subnet-router — LAN not accessible remotely without port forwarding

### ✅ Resolved
- `pve` local-lvm `2026-05-03` — improved to 58.85% (was 71%) — old stale LXCs (CT103/104/107/109/110) destroyed
- `pve` CT 102 (docker) — resolved 2026-04-24 — Docker data-root moved to `/mnt/data/docker`, now 51%
- `pve` CT 105 (immich) — resolved 2026-04-24 — PostgreSQL + cache moved to data-hdd, now 62%
- `pve` — resolved 2026-04-24 — Proxmox security updates applied (libngtcp2, cluster libs)
- `optical` `2026-04-24` — SSL cert ai-sandbox.oliver.solutions — track separately (check if renewed)