Web Access

Quick-access directory for every web UI and admin console across scandora.net.

Access Requirements

On-network services are bound to ZeroTier IPs (192.168.194.0/24) and require ZeroTier connectivity to reach. They are not publicly accessible. Gateway admin UIs require being on the local LAN or ZeroTier. Cloud provider consoles are public URLs accessible from anywhere.

---

Monitoring Stack

All monitoring services run on Dumbo (192.168.194.131).

Credentials: Grafana admin password → dumbo_grafana_admin_password in scandora-automation vault.

Service	URL	Purpose
Grafana	http://192.168.194.131:3000	Dashboards & visualization
Prometheus	http://192.168.194.131:9090	Metrics storage & PromQL query console
AlertManager	http://192.168.194.131:9093	Active alerts, silences & inhibitions

Grafana Dashboards

Provisioned dashboards have stable UIDs — these links work regardless of dashboard title changes.

Dashboard	Link	Description
Network Reachability	/d/network-reachability/	ICMP & SSH probe status + N×N mesh reachability matrix
ZeroTier Agent Metrics	/d/zerotier-agent/	Per-host ZeroTier peer latency, packet counts & path health
GCP Cost Estimates	/d/gcp-cost-estimates/	Per-instance GCP cost breakdown (scandoraproject + coop)
Node Exporter Full	/d/rYdddlPWk/	Full Linux host metrics (community dashboard)

Prometheus Quick Links

Page	URL
Scrape targets & health	/targets
Firing alert rules	/alerts
All rules (alert + recording)	/rules
PromQL query console	/graph

---

Gateway Admin

Self-Signed TLS

OPNsense uses a self-signed certificate. Browsers will show a security warning — add a permanent exception and proceed. This is expected and normal for LAN admin interfaces.

Gateway	Primary URL	ZeroTier URL	Access Requirement
Owl (Iowa)	https://10.7.0.1	https://192.168.194.10	Owl LAN or ZeroTier
Blue (Colorado)	https://10.15.0.1	https://192.168.194.205	Blue LAN or ZeroTier

Gateway credentials are in 1Password: opnsense_api_key_owl_production / opnsense_api_key_blue_production in scandora-prd-automation.

opnsense-dev (Ephemeral)

When the OPNsense dev VM is running, access via IAP tunnel: https://localhost:8443 Provision with ./scripts/opnsense-dev/dev-up.sh — tunnels are set up automatically. SSH to the OPNsense guest is on localhost:2222.

---

DNS

Service	URL	Notes
PowerDNS web/stats	http://10.10.10.10:8081	Webserver; also serves /metrics for Prometheus
PowerDNS REST API	http://10.10.10.10:8081/api/v1	Requires X-API-Key header

The PowerDNS API key is in 1Password: powerdns_api_key_bogart_production (scandora-prd-automation vault). DNS records are managed via Terraform — see DNS Architecture.

---

Cloud Provider Consoles

Service	URL
AWS Console	https://console.aws.amazon.com
GCP Console — scandoraproject	https://console.cloud.google.com/home/dashboard?project=scandoraproject
GCP Console — coop-389306	https://console.cloud.google.com/home/dashboard?project=coop-389306
Cloudflare	https://dash.cloudflare.com
ZeroTier Central	https://my.zerotier.com/network/6ab565387a4b9177
1Password	https://my.1password.com
GitHub	https://github.com/scandora/scandora.net
GitHub Projects	https://github.com/users/scandora/projects/1

---

Metrics Endpoints (for reference)

These are machine-readable endpoints, not interactive UIs — useful for ad-hoc curl queries or verifying an exporter is alive.

Exporter	Host	Endpoint
node_exporter	All ZeroTier hosts	http://<zerotier-ip>:9100/metrics
blackbox_exporter	pluto, bogart, rocky	http://<zerotier-ip>:9115/metrics
blackbox_exporter	dumbo (Docker)	http://192.168.194.131:9115/metrics
SNMP Exporter	dumbo (Docker)	http://192.168.194.131:9116/metrics
ZeroTier Exporter	dumbo (Docker)	http://192.168.194.131:9811/metrics
GCP Cost Exporter	dumbo (host)	http://192.168.194.131:9812/metrics (scandoraproject)
GCP Cost Exporter	dumbo (host)	http://192.168.194.131:9813/metrics (coop-389306)
PowerDNS	bogart	http://192.168.194.133:8081/metrics

Testing a blackbox probe manually

To manually trigger a blackbox probe and see the result:

# ICMP probe to rocky from dumbo's blackbox exporter
curl "http://192.168.194.131:9115/probe?module=icmp&target=192.168.194.103"

# TCP probe to pluto SSH port
curl "http://192.168.194.131:9115/probe?module=tcp_connect&target=192.168.194.6:22"