Appearance
Approved IP Addresses
REFERENCE — consult when SSHing or configuring network access. See reference_approved-file-paths for write permissions.
Infrastructure nodes
| Node | Tailscale hostname | Tailscale IP | LAN IP | Role | SSH user |
|---|---|---|---|---|---|
| Z2 Mini (Proxmox host) | hinata-z2 | 100.120.141.100 | 192.168.1.153 | Hypervisor — always-on data plane. All services endstate. | root |
| Jimmy VPS | jimmy-vps | 100.93.206.57 | — | Public edge — Zuko portfolio recruiter front end (michael-engineer.dev) ONLY (ruling 2026-06-11). All other VPS services migrate to Z2 — task 800145. | nnamdi |
| Mac (primary) | nnamdis-macbook-pro | 100.80.32.32 | 192.168.1.197 | Development workstation. Mac-gated scripts only (HealthKit, Shortcuts inputs). | nnamdi |
VPS role (perpetual)
Michael ruling 2026-06-11: "only zuko portfolio recruiter front end lives on vps everything else should be z2 hosted." VPS keeps the michael-engineer.dev portfolio front end (cloudflared edge for it) and nothing else. Migrating to Z2 under task 800145: hinata-collector multi-tenant FastAPI, VPS-local crons (morning briefing, Orochimaru evening, vault sync), any non-portfolio tunnel hostnames. The five
jimmy-vps-add-*-tenant.shscripts were deleted 2026-06-11 — no new VPS tenants, ever.
Z2 Proxmox containers
| CT ID | Container name | LAN IP | Service | Cores | RAM | Disk |
|---|---|---|---|---|---|---|
| 100 | jimmy-neutron-postgres | 192.168.1.253 | PostgreSQL (tasks, events, state) + brain-ops scripts | 1 | 1024 MB | 16G |
| 101 | heimerdinger-nlp | 192.168.1.185 | NLP classifier (email + text), ASR | 2 | 2048 MB | 32G |
| 102 | iroh-mail-poller | 192.168.1.142 | Mail IMAP poller (4 accounts) | 1 | 512 MB | 4G |
| 103 | itachi-security | 192.168.1.250 | Vaultwarden, credential management | 1 | 512 MB | 8G |
| 104 | l-research | 192.168.1.189 | Research agent container | 2 | 2048 MB | 16G |
| 105 | nujabes-audio | 192.168.1.127 | Audio processing (ASR, music analysis) | 2 | 2048 MB | 16G |
| 106 | minato-telegram | 192.168.1.132 | Telegram bot fleet (Hinata comms) | 1 | 512 MB | 4G |
| 107 | orochimaru-transcripts | 192.168.1.236 | Transcript storage (.md files, constant writes) | 1 | 512 MB | 4G |
| 108 | zoro-fitness | 192.168.1.248 | Fitness data processing + sync | 1 | 1024 MB | 8G |
| 109 | bulma-finance | 192.168.1.214 | Monzo + TrueLayer (NatWest) polls + Bulma analytics/alerts (six systemd timers; live data bind-mount /mnt/data/hinata/data/bulma; collector via LAN 192.168.1.153:8090 — host Tailscale IP unreachable from LXC) | 1 | 1024 MB | 8G |
Z2 storage
| Mount | Device | Size | Filesystem | Purpose |
|---|---|---|---|---|
/ (rootfs) | NVMe | 68G | ext4 | OS, Proxmox, container rootfs |
/mnt/data | 2TB HDD | 1.8T | ext4 | Active data (email, ML models, fitness, audio, postgres) |
/mnt/shared-data | NVMe | — | — | Cross-container shared data (igbo-training-data, mail-archive) |
/opt/hinata-sandpit | NVMe (pve-root) | 68G (shared) | ext4 | Local working clone of hinata-sandpit — read-only bind into CTs (109 mp1); updates via Z2 bare repo pull |
Common SSH commands
bash
# Z2 Proxmox host (direct)
ssh hinata-z2
# From Z2 host into containers
pct enter 100 # jimmy-neutron-postgres
pct enter 101 # heimerdinger-nlp
pct enter 102 # iroh-mail-poller
pct enter 103 # itachi-security
pct enter 104 # l-research
pct enter 105 # nujabes-audio
pct enter 106 # minato-telegram
pct enter 107 # orochimaru-transcriptsTailscale network
| Property | Value |
|---|---|
| Tailnet | TBD |
| MagicDNS | enabled — use hostnames not IPs |
| ACL source | Tailscale admin console |
Port mapping
| Service | Location | Port | Protocol | Exposed to |
|---|---|---|---|---|
| PostgreSQL | ct100 (jimmy-postgres) | 5432 | TCP | Tailscale only |
| Heim NLP API | ct101 (heimerdinger-nlp) | 8000 | HTTP | Tailscale only |
| Vaultwarden | ct103 (itachi) | 443 | HTTPS | Tailscale only |
| Proxmox UI | Z2 host | 8006 | HTTPS | Tailscale only |
| Email Intelligence API (email-p4-api) | Z2 host | 8080 | HTTP | Tailscale only |
| Bulma Finance API (bulma-api) | Z2 host | 8081 | HTTP | Tailscale only |
| Weather API (weather-api) | Z2 host | 8082 | HTTP | Tailscale only |
| Collector: Bulma + Zoro (collector-bulma) | Z2 host | 8090 | HTTP | Tailscale only |
| Collector: Events (collector-events) | Z2 host | 8091 | HTTP | Tailscale only |
| Collector: Football (collector-football) | Z2 host | 8092 | HTTP | Tailscale only |
| Collector: Mastery (collector-mastery) | Z2 host | 8093 | HTTP | Tailscale only |
| Collector: MusicMastery (collector-musicmastery) | Z2 host | 8094 | HTTP | Tailscale only |
| SSH | All | 22 | TCP | Tailscale only |
Cloudflare tunnels
| Tunnel | Origin | Public hostname |
|---|---|---|
| portfolio | Z2 (or Mac fallback) | michael-engineer.dev |
| studio | Z2 | studio.michael-engineer.dev |
GitHub repositories
| Repo | Purpose | Status |
|---|---|---|
mnnamah/hinata-v2 | Vault — primary knowledge base | Active (origin for this vault) |
mnnamah/hinata-z2 | Infrastructure-as-code for Z2 Proxmox deployment | Active |
mnnamah/hinata-sandpit | Operational scripts, applications, studio | Active — connecting via project instances |
mnnamah/hinata-brain | DECOMMISSIONING — legacy vault repo, replaced by hinata-v2 | Archive then delete |
See also: reference_approved-file-paths · deploy-policy · runtime-workflow