Hosts Reference¶

All Hosts¶

Host	Type	Location	Internal IP	Public IP	SSH Access
owl	Gateway	Iowa	10.7.0.1	46.110.77.34	`joe@192.168.194.10`
blue	Gateway	Colorado	10.15.0.1	(dynamic)	`joe@10.15.0.1`
pluto	Cloud	AWS us-west-2	10.0.0.10	52.32.80.62	`joe@pluto`
mickey	Cloud	AWS us-west-2	10.0.0.20	(ephemeral)	`joe@mickey`
dumbo	Cloud	GCE us-central1	10.1.0.110	34.44.33.3	`joe@dumbo`
bogart	Cloud	GCE us-west1	10.10.10.10	35.209.219.216	`joe@bogart`
rocky	Cloud	Meanservers	10.2.0.1	193.8.172.100	`joe@rocky`
luna	Workstation	Portable (see .location)	Varies by site	-	Local
triton	LAN Host	Iowa (Owl)	10.7.1.20	-	`docker@triton-docker`
rpios	LAN Host	Colorado (Blue)	10.15.1.50 / .51 (wifi)	-	`joe@rpios.blue.scandora.net`
demeter	LAN Host	Colorado (Blue)	10.15.1.200 / .210 (wifi)	-	-

Gateways¶

Owl (Iowa)¶

Attribute	Value
Hardware	DEC700
ISP	Metronet
LAN	10.7.0.0/16
Gateway IP	10.7.0.1
ZeroTier IP	192.168.194.10
Public IP	46.110.77.34 (static)
IPv6	HE Tunnel

Blue (Colorado)¶

Attribute	Value
Hardware	Protectli UP-2420
ISP	Starlink
LAN	10.15.0.0/16
Gateway IP	10.15.0.1
ZeroTier IP	192.168.194.x
Public IP	Dynamic (CGNAT)
IPv6	DHCPv6-PD

Cloud Instances¶

AWS¶

Instance	Type	Region	Internal	Public	Purpose
pluto	t3.micro	us-west-2	10.0.0.10	52.32.80.62	Production
mickey	t3a.medium	us-west-2	10.0.0.20	(ephemeral)	Dev/IaC

GCE¶

Instance	Type	Zone	Internal	Public	Purpose
dumbo	e2-medium	us-central1-a	10.1.0.110	34.44.33.3	General
bogart	e2-micro	us-west1-?	10.10.10.10	35.209.219.216	PowerDNS

Meanservers¶

Instance	Type	Internal	Public	Purpose
rocky	Bare metal	10.2.0.1	193.8.172.100	TBD

LAN Hosts¶

Hosts on site LANs that don't have ZeroTier directly installed. Accessed via gateway routing.

Triton (Owl LAN)¶

Attribute	Value
Hardware	Raspberry Pi 5
OS	Debian 12 (bookworm) / Raspberry Pi OS
Architecture	ARM64 (aarch64)
LAN IP	10.7.1.20
Gateway	Owl (10.7.0.1)
SSH	`docker@triton-docker` (via ~/.ssh/config)
IaC Status	❌ Not managed (complex Docker setup)
Monitoring	✅ node_exporter v1.8.2

Services running on Triton:

Various Docker containers (not IaC-managed)
node_exporter (manually installed, matches Ansible patterns)

SSH Access:

# Via SSH config alias (uses docker user + key)
ssh triton-docker

# Routing: luna → ZeroTier → owl → Owl LAN → triton

Rpios (Blue LAN)¶

Attribute	Value
Hardware	Raspberry Pi
OS	Debian 12 (bookworm) / Raspberry Pi OS
Architecture	ARM64 (aarch64)
LAN IP (wired)	10.15.1.50
LAN IP (wifi)	10.15.1.51
Gateway	Blue (10.15.0.1)
SSH	`joe@rpios.blue.scandora.net`
IaC Status	❌ Not managed
Monitoring	✅ node_exporter v1.8.2

Services running on Rpios:

node_exporter (manually installed, matches Ansible patterns)

SSH Access:

ssh joe@rpios.blue.scandora.net

# Routing: luna → Blue LAN → rpios

Luna (Portable Workstation)¶

Attribute	Value
Hardware	Apple MacBook Pro (M4 Max)
OS	macOS
Architecture	ARM64 (Apple Silicon)
Hardware MAC	84:2f:57:b0:52:8e
Current Location	See `.location` file in repo root
IaC Status	❌ Not managed (workstation)
Monitoring	N/A (workstation)

IP Addresses by Site:

Site	Wired	Wireless
Owl (Iowa)	10.7.1.100	10.7.1.110
Blue (Colorado)	10.15.1.100	10.15.1.110

Notes:

Primary development workstation that moves between sites
Current location tracked in ~/src/scandora.net/.location file
Wi-Fi Private Address disabled so hardware MAC is used for DHCP
Static DHCP reservations configured at both sites for consistent IPs

Demeter (Portable Workstation)¶

Attribute	Value
Hardware	Apple MacBook Pro
OS	macOS
Architecture	ARM64 (Apple Silicon)
WiFi MAC	60:3e:5f:4a:58:73
IaC Status	❌ Not managed
Monitoring	N/A

IP Addresses by Site:

Site	Wired	Wireless
Owl (Iowa)	10.7.1.200	10.7.1.210
Blue (Colorado)	10.15.1.200	10.15.1.210

Notes:

Lisa's portable workstation that moves between sites
Static DHCP reservations configured at both sites for consistent IPs

Trust Model¶

Host	Trust	1Password SA	Notes
pluto	✅ Trusted	✅ Yes	Production
dumbo	✅ Trusted	✅ Yes	General workloads
mickey	✅ Trusted	❌ No	Ephemeral secrets only
bogart	⚠️ Untrusted	❌ No	No secrets
rocky	⚠️ TBD	❌ No	SSH via ZeroTier (public SSH blocked)

SSH Quick Reference¶

Cloud Instances¶

ssh joe@pluto       # AWS production
ssh joe@dumbo       # GCE general
ssh joe@bogart      # GCE PowerDNS
ssh joe@mickey      # AWS dev (check current IP)

Gateways¶

ssh joe@192.168.194.10  # Owl via ZeroTier
ssh joe@10.15.0.1       # Blue (from Blue LAN)

Emergency Access¶

# AWS (SSM)
aws ssm start-session --target i-05e7dd5e009d6d766 --region us-west-2

# GCE (IAP)
gcloud compute ssh dumbo --zone=us-central1-a --tunnel-through-iap

Services by Host¶

Host	ZeroTier	fail2ban	cloudflared	DDNS	PowerDNS	node_exporter
owl	✅	N/A	❌	✅	❌	✅ (plugin)
blue	✅	N/A	❌	✅	❌	✅ (plugin)
pluto	✅	✅	✅	✅	❌	✅
dumbo	✅	✅	Planned	✅	❌	✅
bogart	✅	✅	❌	✅	✅	✅
rocky	✅	✅	❌	❌	❌	✅
triton	❌ (via owl)	❌	❌	❌	❌	✅ (manual)
rpios	❌ (via blue)	❌	❌	❌	❌	✅ (manual)

DNS Names¶

Primary Records (ZeroTier/Internal)¶

Name	A Record	AAAA Record	Description
owl.scandora.net	10.7.0.1	-	Owl gateway
blue.scandora.net	10.15.0.1	-	Blue gateway
pluto.scandora.net	10.0.0.10	-	AWS instance
dumbo.scandora.net	10.1.0.110	fd6a:b565:387a:4b91:7799:93c1:af41:ee70	GCE instance
bogart.scandora.net	10.10.10.10	fd6a:b565:387a:4b91:7799:935a:fe44:b5f4	PowerDNS server
rocky.scandora.net	10.2.0.1	fd6a:b565:387a:4b91:7799:933a:4a47:5ef8	Meanservers
ns1.scandora.net	10.10.10.10	-	Nameserver alias
ha.owl.scandora.net	10.7.1.99	-	Home Assistant
rpios.blue.scandora.net	10.15.1.50	-	Raspberry Pi wired (Blue LAN)
rpios-wifi.blue.scandora.net	10.15.1.51	-	Raspberry Pi wireless (Blue LAN)
luna.owl.scandora.net	10.7.1.100	-	Joe's MacBook Pro wired (Owl site)
luna-wifi.owl.scandora.net	10.7.1.110	-	Joe's MacBook Pro wireless (Owl site)
luna.blue.scandora.net	10.15.1.100	-	Joe's MacBook Pro wired (Blue site)
luna-wifi.blue.scandora.net	10.15.1.110	-	Joe's MacBook Pro wireless (Blue site)
demeter.owl.scandora.net	10.7.1.200	-	Lisa's MacBook Pro wired (Owl site)
demeter-wifi.owl.scandora.net	10.7.1.210	-	Lisa's MacBook Pro wireless (Owl site)
demeter.blue.scandora.net	10.15.1.200	-	Lisa's MacBook Pro wired (Blue site)
demeter-wifi.blue.scandora.net	10.15.1.210	-	Lisa's MacBook Pro wireless (Blue site)

Direct Access Records ("d" suffix)¶

These bypass ZeroTier for emergency access (internal DNS only):

Name	A Record	AAAA Record	Description
owld.scandora.net	46.110.77.34	2001:470:c09c:1::1	Owl public/HE tunnel
plutod.scandora.net	52.32.80.62	-	Pluto AWS EIP
dumbod.scandora.net	34.44.33.3	2600:1900:4000:5bfa:0:27::	Dumbo GCE
bogartd.scandora.net	35.209.219.216	2600:1900:4001:dca:0:3::	Bogart GCE
blued.scandora.net	-	(dynamic)	Blue Starlink IPv6

SSH Config Aliases

Emergency fallback SSH entries are configured in ~/.ssh/config:

ssh owld    # Direct to 46.110.77.34
ssh plutod  # Direct to 52.32.80.62
ssh dumbod  # Direct to 34.44.33.3
ssh bogartd # Direct to 35.209.219.216

Instance IDs¶

Host	Provider	Instance ID
pluto	AWS	i-05e7dd5e009d6d766
mickey	AWS	(varies)
dumbo	GCE	dumbo
bogart	GCE	bogart

Static IP Registry¶

DO NOT RELEASE THESE IPs

IP	Cloud	Allocation ID	Instance
52.32.80.62	AWS	eipalloc-05fa588c23ff2037e	pluto
35.85.90.224	AWS	eipalloc-02c6ee27c4a74bdb9	(unused)
34.44.33.3	GCE	threefour	dumbo
35.209.219.216	GCE	?	bogart