Managed via Portainer. Running on Proxmox LXC Container 100 (Ubuntu 24.04, 4 cores, 16 GB RAM).

Service	Port	URL	Description
Portainer	9443	https://192.168.8.100:9443	Container management UI
Gotify	8070	http://192.168.8.100:8070	Push notification server — forwards all alerts to Telegram via bridge
Gotify-Telegram Bridge	—	—	Polls Gotify, forwards to Telegram @beenetworkbot (chat ID: 5289824155). Retry logic (3 attempts), writes health.json for external monitoring. Only advances message pointer on successful send. iMessage fallback via Mac Studio com.edmd.check-telegram-bridge launchd agent (every 30 min)
Uptime Kuma	3001	http://192.168.8.100:3001	60+ monitors — services, infrastructure, SSL certs, keyword health checks. Includes WG tunnel exit-IP check, OPNsense Web UI, Pi-hole edmd.me wildcard health, OPNsense Unbound DNS health. (Vaultwarden alive check removed May 2026 with the service.) ha-mcp farm monitor pending farm-LAN return. Alerts via Gotify → Telegram
Audiobookshelf	13378	http://192.168.8.100:13378	Audiobook & podcast server
Navidrome	4533	http://192.168.8.100:4533	Music streaming (Subsonic-compatible)
Lidarr	8686	http://192.168.8.100:8686	Music collection manager
Bookshelf	8787	http://192.168.8.100:8787	Book tracking (Hardcover)
Shelfmark	8084	http://192.168.8.100:8084	Book & audiobook search — outbound via WireGuard tunnel to UltraCC NL (Apr 29 2026). Hardcover + Anna’s Archive lookups. Public URL: shelfmark.edmd.me
Prowlarr	9696	http://192.168.8.100:9696	Indexer aggregator — outbound via WireGuard tunnel to UltraCC NL. Feeds Sonarr/Radarr/Lidarr/Shelfmark. altHUB enabled
FreshRSS	8180	http://192.168.8.100:8180	RSS feed reader
Plex	32400	http://192.168.8.100:32400/web	Media server — movies, music, photos, video, audiobooks. Plexamp for music on iOS/Mac
Calibre-Web (CWA)	8083	http://192.168.8.100:8083	Book library — auto-ingest, auto-convert, duplicate detection, metadata fetch. Filebot also installed on CT100 for movie renaming
PostgreSQL 17	5432	—	farmdb, bookdb, moviedb, nocodb_meta. User: farmuser. Used by Farm MCP, Directus, NocoDB
Directus	8055	https://directus.edmd.me	Headless CMS over farmdb — admin/form-shaped UI for 34 farm tables. All collections registered with icons + display templates (Apr 30 2026)
NocoDB	8080	https://nocodb.edmd.me	Spreadsheet UI over farmdb (alongside Directus, comparing UX). Metadata in separate nocodb_meta DB. Requires NC_ALLOW_LOCAL_EXTERNAL_DBS=true for private-IP DB connections
MakeMKV	5800	https://makemkv.edmd.me	BluRay/DVD ripper (jlesage/makemkv). VNC web UI. Reads from /mnt/seedbox/movies (read-only), outputs to /mnt/container-data/makemkv/output. Requires MAKEMKV_KEY="" to skip beta-key fetch
Kiwix	8186	https://kiwix.edmd.me	Offline Wikipedia + Project Gutenberg + Wikibooks + Wikiversity + Wikisource + Wikivoyage + ifixit + urban-prepper. ~222 GB of ZIM files on /Biggest/Kiwix
Unbound	5335	—	Recursive DNS resolver (mvance/unbound). Primary upstream for Pi-hole — resolves directly from root servers for DNS privacy (no single upstream sees all queries). Custom config at /opt/unbound/conf/unbound.conf with sane cache sizes (50m msg / 100m rrset), logging enabled, DNSSEC validation. Health check verifies NOERROR (not just response). Fixed May 10 2026: image auto-calculated 33GB cache from host RAM causing OOM
Farm Species Browser	8420	https://farm.edmd.me	Web UI for browsing the farm species catalog — search, filter by category/native status, species detail pages with growing conditions, pollinator info, and collection membership. FastAPI + asyncpg
Sonarr	8989	http://192.168.8.100:8989	TV series management — monitors, searches, downloads via Prowlarr + Transmission. Root folder /mnt/tv
Radarr	7878	http://192.168.8.100:7878	Movie collection management — monitors, searches, downloads via Prowlarr + Transmission. Root folder /mnt/movies
Recyclarr	—	—	Auto-syncs TRaSH Guides quality profiles to Sonarr + Radarr
FlareSolverr	8191	—	Cloudflare challenge bypass proxy for Prowlarr indexers
Wallabag	8081	https://wallabag.edmd.me	Read-later / article archive (+ wallabag-db PostgreSQL + wallabag-redis)
Readability	3333	—	JS-based article text extractor — used by Wallabag for clean content parsing
Authentik	9100	https://auth.edmd.me	SSO identity provider — forward-domain auth for all *.edmd.me services via Caddy. Embedded outpost, OAuth2/OIDC. Cookie domain edmd.me means one login covers everything. See Authentik page
Grafana	3200	https://grafana.edmd.me	Dashboards and visualization — Prometheus + Loki datasources
Prometheus	9090	—	Metrics collection — scrapes node-exporter, cAdvisor, weather-exporter
Loki	3100	—	Log aggregation — receives journald + container logs via Alloy from hpve + all CTs + Mac Studio
Alertmanager	9093	—	Prometheus alert routing — forwards to Gotify via alertmanager-gotify bridge
cAdvisor	8180	—	Container resource metrics for Prometheus
Node Exporter	9100	—	Host-level metrics (CPU, RAM, disk, network) for Prometheus
Weather Exporter	—	—	Custom Prometheus exporter for local weather data
ConvertX	3000	https://convertx.edmd.me	File format converter (documents, images, media)
Aurral	8095	—	Music discovery companion for Lidarr — finds new releases and recommendations
Watchtower	—	—	Auto-updates Docker container images on a schedule
Dozzle	9999	https://dozzle.edmd.me	Real-time Docker container log viewer
Homepage	3000	https://home.edmd.me	Homelab dashboard — service status, bookmarks, widgets

Dedicated LXC container on hpve, Debian 12, 4 cores, 8 GB RAM, 16 GB rootfs on nvme-ct. Runs Roon Server with music library access via bind mount from nvmepool.

Service	Port	URL	Description
Roon Server	9100-9200	—	Music server — manages Tidal integration + local library. Roon clients (iOS, Mac, web) connect via discovery or NetBird. Systemd: roonserver.service

Music storage: /mnt/music (bind mount from /nvmepool/music on hpve)

NetBird: Connected as peer roon (100.123.169.114) in BeeDifferent group. Roon ARC connects remotely via NetBird mesh.

CT104 hosted Vaultwarden (192.168.8.55) until May 2026, when both the LXC and the service were decommissioned. Credentials moved to ~/Sync/ED/SECRETS.md + per-service secrets.env files. The 192.168.8.55 address is unused. See Vaultwarden tombstone.

Two Seagate 20TB drives (ST20000NE000) in ZFS mirror via USB ASMT enclosures. ORICO 9858T3 Thunderbolt 3 enclosure on order to replace USB connection. Special vdev (Optane) and cache SSD removed Apr 7 2026. Pool is now a clean 2-drive mirror.

Dataset	Size	Contents
Biggest/Maple/Amigo	3.0 TB	Biggie, Cell Photos, ISO, TV, Video
Biggest/Maple/Ichabod	2.7 TB	Movies (source copy), Music, Databases, Podcasts, Remote Backup
Biggest/Maple/Monte	2.7 TB	Dropbox backups, Mystuff, PDF, Photos

Deleted Apr 7: Speedy, TimeMachineOne (4.3TB), Ichabod/Sort (232GB), Amigo/delgross (4TB), Amigo/Youtube (148GB). Pool went from 90% → 41%.

Service	Port	URL	Description
Proxmox VE	8006	https://192.168.8.221:8006	Hypervisor web UI
Cockpit	9090	https://192.168.8.221:9090	System admin panel
Syncthing	8384	http://192.168.8.221:8384	File sync hub — always-on relay for Mac Studio and MacBook
NetBird	—	—	Mesh VPN daemon (netbird.service); advertises 192.168.8.0/24 to mesh
Transmission RPC (tunneled)	13010	—	SSH tunnel → seedbox Transmission. Used by *arr apps for download management
SMB Shares	445	smb://192.168.8.221/<share>	Network file shares: nvmepool (all NVMe media), Seedbox (downloads), Biggest (archive), Sync (read-only), Big. Avahi/mDNS advertised as “PVE”

Service	Port	URL	Description
Hugo Hub	1313	http://192.168.8.180:1313	BeeDifferent documentation site
SyncThing	8384	http://192.168.8.180:8384	File sync between devices
Paperless-NGX	8100	http://192.168.8.180:8100	Document management system
Life Archive API	8900	http://192.168.8.180:8900	Life Archive RAG search API
Life Archive MCP	8901	http://192.168.8.180:8901/mcp	MCP server for remote Claude clients
Embed Server	1235	http://localhost:1235	gte-Qwen2-7B on MPS (local only)
SSH	22	ssh bee@192.168.8.180	Remote shell
Screen Sharing	5900	vnc://192.168.8.180	macOS VNC

Service	Port	URL	Description
Caddy (public)	443	troglodyteconsulting.com	Public web server for troglodyteconsulting.com (HTTP-01 cert)
Cockpit	9090	https://<vps-ip>:9090	System admin panel
NetBird	—	—	Mesh peer — NetBird IP 100.123.69.155
SSH	22	ssh admin@<vps-ip>	Remote shell

Pangolin retired April 19, 2026. The VPS no longer hosts a Pangolin dashboard. Remote access is via NetBird mesh; public web hosting moved to Caddy directly.

Services on the seedbox are accessed via SSH tunnels through Proxmox (hpve, 192.168.8.221) and CT100 (192.168.8.100).

Service	Local Tunnel	Description
Transmission RPC	hpve :13010	BitTorrent download management — transmission-tunnel.service on hpve
Transmission RPC	CT100 :13010	Same, via autossh-transmission.service on CT100
NZBGet	CT100 :16789	Usenet downloader — autossh-nzbget.service on CT100

Farm runs on the 192.168.0.x subnet (separate from home’s 192.168.8.x). Connected via NetBird mesh — fpve peer at 192.168.0.191 advertises 192.168.0.0/24 to the mesh. Farm services use f-prefixed hostnames (fpve.edmd.me, fpihole.edmd.me, etc.).

Service	Port	URL	Description
Home Assistant	8123	ha.edmd.me	Smart home automation, irrigation, cameras
Farm Proxmox	8006	fpve.edmd.me	Farm hypervisor, NetBird peer (fpve)
Farm Portainer	9443	fportainer.edmd.me	Farm container management
Farm Pi-hole	—	fpihole.edmd.me	Farm DNS + ad blocking
Farm Uptime Kuma	3001	fkuma.edmd.me	Farm uptime monitoring
Farm Gotify	8070	fgotify.edmd.me	Farm push notifications
Omada Controller	—	omada.edmd.me	TP-Link Omada controller

Device	IP	URL	Description
OPNsense Router	192.168.8.1	https://192.168.8.1	Home router, hostname orchard.edmd.me. Replaced GL.iNet on Apr 29 2026
Homey	192.168.8.224	—	Smart home hub
Weather Station	192.168.8.245	—	Orchard-Weather