{ "schemaVersion": "1.0.0", "updated": "2026-04-09", "description": "Operational template: Proxmox VE nodes, LAN/WAN, NPMplus ingress, workloads (VMID/IP/hostname/FQDN), Besu peering summary, and deployment prerequisites. Authoritative detail remains in docs/04-configuration/ALL_VMIDS_ENDPOINTS.md and config/ip-addresses.conf \u2014 update those first, then sync this file. Proxmox hypervisor mgmt FQDN: mgmt_fqdn on each proxmox_nodes[] entry = short-hostname.sankofa.nexus (see PROXMOX_FQDN_*). Live inventory: Order VMIDs 10000/10001/10020 on r630-01; five-node SSH audit default. Prior: 2026-04-05 Hyperledger recovery, VMID 2410, 7806.", "canonicalSources": [ "config/ip-addresses.conf", "docs/04-configuration/ALL_VMIDS_ENDPOINTS.md", "docs/11-references/NETWORK_CONFIGURATION_MASTER.md", "docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md", "docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md" ], "network": { "management_lan": { "cidr": "192.168.11.0/24", "gateway": "192.168.11.1", "vlan_id": 11, "vlan_name": "MGMT-LAN", "dns_resolvers_preferred": [ "1.1.1.1", "1.0.0.1" ] }, "public_ipv4_block_spectrum": { "cidr": "76.53.10.32/28", "gateway": "76.53.10.33", "udm_pro_port_forwards": "80/443/81 per NPMplus instance; see npmplus_instances[]" } }, "proxmox_nodes": [ { "hostname": "ml110", "mgmt_fqdn": "ml110.sankofa.nexus", "mgmt_ipv4": "192.168.11.10", "role": "legacy_cluster_member_or_wan_aggregator", "ui_url": "https://192.168.11.10:8006", "notes": "Repurpose to OPNsense/pfSense WAN aggregator planned; migrate workloads to R630s before cutover. See NETWORK_CONFIGURATION_MASTER.md." }, { "hostname": "r630-01", "mgmt_fqdn": "r630-01.sankofa.nexus", "mgmt_ipv4": "192.168.11.11", "role": "primary_compute_chain138_rpc_ccip_relay_sankofa", "ui_url": "https://192.168.11.11:8006", "cluster_name": "h" }, { "hostname": "r630-02", "mgmt_fqdn": "r630-02.sankofa.nexus", "mgmt_ipv4": "192.168.11.12", "role": "firefly_npmplus_secondary_mim4u_mifos_support", "ui_url": "https://192.168.11.12:8006", "cluster_name": "h" }, { "hostname": "r630-03", "mgmt_fqdn": "r630-03.sankofa.nexus", "mgmt_ipv4": "192.168.11.13", "role": "spare_compute_storage_thin_pools_core_rpc2", "ui_url": "https://192.168.11.13:8006", "cluster_name": "h", "notes": "Besu core RPC 2102 and related when placed here; often empty of guests. See NETWORK_CONFIGURATION_MASTER.md." }, { "hostname": "r630-04", "mgmt_fqdn": "r630-04.sankofa.nexus", "mgmt_ipv4": "192.168.11.14", "role": "spare_compute_ceph_osd", "ui_url": "https://192.168.11.14:8006", "cluster_name": "h", "notes": "Spare guests; Ceph OSDs per hardware plan." } ], "cluster_peering": { "stack": "Proxmox VE + corosync", "cluster_name": "h", "ring0": { "network": "192.168.11.0/24", "description": "Management LAN; all nodes reach gateway 192.168.11.1" }, "firewall_udp": [ "5405-5412" ], "documentation": [ "docs/04-configuration/UDM_PRO_PROXMOX_CLUSTER.md" ] }, "besu_chain138_peering_model": { "chain_id": 138, "summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131510) \u2194 RPC tier (2101\u20132103 core/admin, 2201 public, 230x/2400/2420\u20132480 permissioned-private, 2401\u20132403 thirdweb specialized). Use canonical roles doc for allowed adjacencies and ops.", "p2p_port_tcp_udp": 30303, "doc_ref": "docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md" }, "deployment_requirements": { "infrastructure": [ "UDM Pro: VLAN 11, gateway, port forwards to NPMplus internal IPs", "Proxmox: quorate cluster; vmbr0 (VLAN-aware) on each node; storage for CT/VM disks", "DNS: public A/AAAA or Cloudflare for d-bis.org, sankofa.nexus, defi-oracle.io hostnames", "NPMplus proxy hosts aligned with ALL_VMIDS_ENDPOINTS NPMplus table (fix stale targets e.g. rpc.public-0138 \u2192 192.168.11.240:443)" ], "chain138_contracts": [ "Core RPC VMID 2101 http://192.168.11.211:8545 for deploy only", "smom-dbis-138/.env: PRIVATE_KEY, RPC_URL_138, gas/nonce discipline per DEPLOYMENT_ORDER_OF_OPERATIONS.md Phase 0" ], "operator_automation": [ "Repo root .env + smom-dbis-138/.env for operator scripts (load-project-env.sh)", "Phoenix Deploy API optional: PHOENIX_RAILING_URL on Sankofa API; manifest GET /api/v1/public-sector/programs" ] }, "npmplus_instances": [ { "vmid": 10233, "internal_ipv4": [ "192.168.11.166", "192.168.11.167" ], "primary_ingress_ip": "192.168.11.167", "public_ipv4": "76.53.10.36", "purpose": "Main d-bis.org, explorer, Option B RPC hostnames, MIM4U, primary ingress" }, { "vmid": 10234, "internal_ipv4": [ "192.168.11.168" ], "public_ipv4": "76.53.10.37", "purpose": "Secondary / HA NPMplus (verify running; doc may show stopped)", "status_note": "Confirm on cluster before relying on HA" }, { "vmid": 10235, "internal_ipv4": [ "192.168.11.169" ], "public_ipv4": "76.53.10.38", "designated_public_ip_alt": "76.53.10.42", "purpose": "rpc-core-2, Alltra, HYBX \u2014 see NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md" }, { "vmid": 10236, "internal_ipv4": [ "192.168.11.170" ], "public_ipv4": "76.53.10.40", "purpose": "Dev/Codespaces tunnel, Gitea, Proxmox admin UI" }, { "vmid": 10237, "internal_ipv4": [ "192.168.11.171" ], "purpose": "Mifos NPMplus front; mifos.d-bis.org \u2192 VMID 5800" } ], "services": [ { "vmid": 100, "hostname": "proxmox-mail-gateway", "ipv4": "192.168.11.32", "preferred_node": "r630-03", "category": "infra", "purpose": "Proxmox Mail Proxy / LAN SMTP relay for apps (dbis_core, alerts); Postfix 25+587+465 live on CT (2026-03-30)", "ports": [ { "port": 25, "name": "smtp" }, { "port": 587, "name": "submission" }, { "port": 465, "name": "smtps" } ], "fqdns": [] }, { "vmid": 101, "hostname": "proxmox-datacenter-manager", "ipv4": "192.168.11.33", "preferred_node": "r630-02", "category": "infra", "ports": [ { "port": 8006, "name": "pve-ui" } ], "fqdns": [] }, { "vmid": 104, "hostname": "gitea", "ipv4": "192.168.11.31", "preferred_node": "r630-02", "category": "infra", "ports": [ { "port": 80, "name": "http" }, { "port": 443, "name": "https" } ], "fqdns": [] }, { "vmid": 105, "hostname": "nginxproxymanager", "ipv4": "192.168.11.26", "preferred_node": "r630-01", "category": "legacy_proxy", "ports": [ { "port": 80 }, { "port": 81 }, { "port": 443 } ], "fqdns": [] }, { "vmid": 130, "hostname": "monitoring-1", "ipv4": "192.168.11.27", "preferred_node": "r630-01", "category": "monitoring", "ports": [ { "port": 80 }, { "port": 443 } ], "fqdns": [] }, { "vmid": 1000, "hostname": "besu-validator-1", "ipv4": "192.168.11.100", "preferred_node": "r630-01", "category": "besu_validator", "ports": [ { "port": 30303, "name": "p2p" }, { "port": 9545, "name": "metrics" } ], "peering_layer": "validators_to_sentries", "fqdns": [] }, { "vmid": 1001, "hostname": "besu-validator-2", "ipv4": "192.168.11.101", "preferred_node": "r630-01", "category": "besu_validator", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "validators_to_sentries", "fqdns": [] }, { "vmid": 1002, "hostname": "besu-validator-3", "ipv4": "192.168.11.102", "preferred_node": "r630-01", "category": "besu_validator", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "validators_to_sentries", "fqdns": [] }, { "vmid": 1003, "hostname": "besu-validator-4", "ipv4": "192.168.11.103", "preferred_node": "r630-03", "category": "besu_validator", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "validators_to_sentries", "fqdns": [] }, { "vmid": 1004, "hostname": "besu-validator-5", "ipv4": "192.168.11.104", "preferred_node": "r630-03", "category": "besu_validator", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "validators_to_sentries", "fqdns": [] }, { "vmid": 1500, "hostname": "besu-sentry-1", "ipv4": "192.168.11.150", "preferred_node": "r630-01", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1501, "hostname": "besu-sentry-2", "ipv4": "192.168.11.151", "preferred_node": "r630-01", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1502, "hostname": "besu-sentry-3", "ipv4": "192.168.11.152", "preferred_node": "r630-01", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1503, "hostname": "besu-sentry-4", "ipv4": "192.168.11.153", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1504, "hostname": "besu-sentry-ali", "ipv4": "192.168.11.154", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1505, "hostname": "besu-sentry-alltra-1", "ipv4": "192.168.11.213", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1506, "hostname": "besu-sentry-alltra-2", "ipv4": "192.168.11.214", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 2101, "hostname": "besu-rpc-core-1", "ipv4": "192.168.11.211", "preferred_node": "r630-01", "category": "rpc_core", "ports": [ { "port": 8545, "name": "jsonrpc-http" }, { "port": 8546, "name": "jsonrpc-ws" }, { "port": 30303, "name": "p2p" } ], "peering_layer": "rpc_tier", "fqdns": [ "rpc-http-prv.d-bis.org", "rpc-ws-prv.d-bis.org" ] }, { "vmid": 2102, "hostname": "besu-rpc-core-2", "ipv4": "192.168.11.212", "preferred_node": "r630-03", "category": "rpc_core", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [ "rpc-core-2.d-bis.org" ], "notes": "Nathan core-2; NPMplus 10235 / tunnel per NPMPLUS_FOUR_INSTANCES_MASTER.md" }, { "vmid": 2201, "hostname": "besu-rpc-public-1", "ipv4": "192.168.11.221", "preferred_node": "r630-02", "category": "rpc_public", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [ "rpc-http-pub.d-bis.org", "rpc-ws-pub.d-bis.org" ] }, { "vmid": 2301, "hostname": "besu-rpc-private-1", "ipv4": "192.168.11.232", "preferred_node": "r630-03", "category": "rpc_private", "ports": [ { "port": 8545 }, { "port": 8546 } ], "peering_layer": "rpc_tier", "fqdns": [], "status_note": "Documented stopped at times; verify before production dependency" }, { "vmid": 2303, "hostname": "besu-rpc-ali-0x8a", "ipv4": "192.168.11.233", "preferred_node": "r630-02", "category": "rpc_named", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2304, "hostname": "besu-rpc-ali-0x1", "ipv4": "192.168.11.234", "preferred_node": "r630-03", "category": "rpc_named", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2305, "hostname": "besu-rpc-luis-0x8a", "ipv4": "192.168.11.235", "preferred_node": "r630-02", "category": "rpc_named", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2306, "hostname": "besu-rpc-luis-0x1", "ipv4": "192.168.11.236", "preferred_node": "r630-02", "category": "rpc_named", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2307, "hostname": "besu-rpc-putu-0x8a", "ipv4": "192.168.11.237", "preferred_node": "r630-02", "category": "rpc_named", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2308, "hostname": "besu-rpc-putu-0x1", "ipv4": "192.168.11.238", "preferred_node": "r630-02", "category": "rpc_named", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2400, "hostname": "thirdweb-rpc-1", "ipv4": "192.168.11.240", "preferred_node": "r630-03", "category": "rpc_thirdweb", "runtime_state": "active", "notes": "Thirdweb permissioned/private RPC with translator. No ADMIN API.", "ports": [ { "port": 443, "name": "nginx" }, { "port": 8545 }, { "port": 8546 }, { "port": 9645, "name": "translator-http" }, { "port": 9646, "name": "translator-ws" } ], "peering_layer": "rpc_tier", "fqdns": [ "rpc.public-0138.defi-oracle.io" ] }, { "vmid": 2410, "hostname": "info-defi-oracle-web", "ipv4": "192.168.11.218", "preferred_node": "r630-02", "category": "dapp", "runtime_state": "active_public_site", "notes": "Dedicated nginx static host for the Chain 138 info site and token-aggregation reverse proxy. Live CT config on 2026-04-05 confirmed hostname info-defi-oracle-web, onboot=1, and running state.", "ports": [ { "port": 80, "name": "nginx" } ], "fqdns": [ "info.defi-oracle.io", "www.info.defi-oracle.io" ] }, { "vmid": 2401, "hostname": "besu-rpc-thirdweb-0x8a-1", "ipv4": "192.168.11.241", "preferred_node": "r630-02", "category": "rpc_thirdweb_specialized", "runtime_state": "active_specialized_rpc", "notes": "Thirdweb specialized RPC. No ADMIN API. HTTP profile: ETH, NET, WEB3, DEBUG, TRACE. WS profile: ETH, NET, WEB3.", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2402, "hostname": "besu-rpc-thirdweb-0x8a-2", "ipv4": "192.168.11.242", "preferred_node": "r630-03", "category": "rpc_thirdweb_specialized", "runtime_state": "active_specialized_rpc", "notes": "Thirdweb specialized RPC. No ADMIN API. HTTP profile: ETH, NET, WEB3, DEBUG, TRACE. WS profile: ETH, NET, WEB3.", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2403, "hostname": "besu-rpc-thirdweb-0x8a-3", "ipv4": "192.168.11.243", "preferred_node": "r630-03", "category": "rpc_thirdweb_specialized", "runtime_state": "active_specialized_rpc", "notes": "Thirdweb specialized RPC. No ADMIN API. HTTP profile: ETH, NET, WEB3, DEBUG, TRACE. WS profile: ETH, NET, WEB3.", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 5000, "hostname": "blockscout-1", "ipv4": "192.168.11.140", "preferred_node": "r630-01", "category": "explorer", "ports": [ { "port": 80 }, { "port": 443 }, { "port": 4000, "name": "blockscout-api" } ], "fqdns": [ "explorer.d-bis.org" ] }, { "vmid": 3500, "hostname": "oracle-publisher-1", "ipv4": "192.168.11.29", "preferred_node": "r630-02", "category": "oracle", "ports": [], "fqdns": [] }, { "vmid": 3501, "hostname": "ccip-monitor-1", "ipv4": "192.168.11.28", "preferred_node": "r630-02", "category": "ccip", "ports": [], "fqdns": [] }, { "vmid": 5200, "hostname": "cacti-1", "ipv4": "192.168.11.80", "preferred_node": "r630-02", "category": "monitoring", "runtime_state": "active_besu_connector_gateway", "notes": "Live Besu-facing Hyperledger Cacti gateway reverified on 2026-04-05; local API on 4000 and local gRPC sidecar on 5000 are healthy.", "ports": [ { "port": 80 }, { "port": 443 }, { "port": 4000 }, { "port": 5000 } ], "fqdns": [] }, { "vmid": 6000, "hostname": "fabric-1", "ipv4": "192.168.11.113", "preferred_node": "r630-02", "category": "dlt", "runtime_state": "active_sample_network", "notes": "Restored and reverified on 2026-04-05 as an operational Hyperledger Fabric sample network with one orderer and two peers on mychannel. Boot recovery is handled by fabric-sample-network.service inside the CT.", "ports": [ { "port": 7051 }, { "port": 7050 }, { "port": 9443 }, { "port": 9444 }, { "port": 9445 } ], "fqdns": [] }, { "vmid": 6400, "hostname": "indy-1", "ipv4": "192.168.11.64", "preferred_node": "r630-02", "category": "dlt", "runtime_state": "active_validator_pool", "notes": "Reverified on 2026-04-05 as a healthy four-node local Indy validator pool with listeners bound on 9701-9708.", "ports": [ { "port": 9701, "name": "indy-range-start" } ], "fqdns": [] }, { "vmid": 6200, "hostname": "firefly-1", "ipv4": "192.168.11.35", "preferred_node": "r630-02", "category": "firefly", "runtime_state": "active_minimal_gateway", "notes": "Restored 2026-03-28 as a minimal local FireFly gateway on ghcr.io/hyperledger/firefly:v1.2.0; reverified on 2026-04-05 with API, Postgres, IPFS, and firefly.service all healthy after normalizing the compose version line for the installed docker-compose.", "ports": [ { "port": 80 }, { "port": 443 }, { "port": 5000 } ], "fqdns": [] }, { "vmid": 6201, "hostname": "firefly-ali-1", "ipv4": "192.168.11.57", "preferred_node": "r630-02", "category": "firefly", "runtime_state": "retired_standby_until_rebuilt", "notes": "CT exists in inventory only. As of 2026-03-28 it is stopped, its rootfs is effectively empty, and no valid FireFly deployment payload is present. Do not treat as an active secondary node.", "ports": [ { "port": 80 }, { "port": 443 }, { "port": 5000 } ], "fqdns": [] }, { "vmid": 10100, "hostname": "dbis-postgres-primary", "ipv4": "192.168.11.105", "preferred_node": "r630-01", "category": "dbis", "ports": [ { "port": 5432 } ], "fqdns": [] }, { "vmid": 10101, "hostname": "dbis-postgres-replica-1", "ipv4": "192.168.11.106", "preferred_node": "r630-01", "category": "dbis", "ports": [ { "port": 5432 } ], "fqdns": [] }, { "vmid": 10120, "hostname": "dbis-redis", "ipv4": "192.168.11.125", "preferred_node": "r630-01", "category": "dbis", "ports": [ { "port": 6379 } ], "fqdns": [] }, { "vmid": 10130, "hostname": "dbis-frontend", "ipv4": "192.168.11.130", "preferred_node": "r630-01", "category": "dbis", "ports": [ { "port": 80 }, { "port": 443 } ], "fqdns": [ "dbis-admin.d-bis.org", "secure.d-bis.org" ] }, { "vmid": 10150, "hostname": "dbis-api-primary", "ipv4": "192.168.11.155", "preferred_node": "r630-01", "category": "dbis", "purpose": "Reserved for dbis_core API; live CT runs python http.server placeholder; /tmp/smtp.env.example for SMTP when Node deployed", "ports": [ { "port": 3000 } ], "fqdns": [ "dbis-api.d-bis.org" ] }, { "vmid": 10151, "hostname": "dbis-api-secondary", "ipv4": "192.168.11.156", "preferred_node": "r630-01", "category": "dbis", "purpose": "Same as 10150: placeholder static server until dbis_core Node API deployed", "ports": [ { "port": 3000 } ], "fqdns": [ "dbis-api-2.d-bis.org" ] }, { "vmid": 7810, "hostname": "mim-web-1", "ipv4": "192.168.11.37", "preferred_node": "r630-02", "category": "mim4u", "ports": [ { "port": 80 }, { "port": 443 } ], "fqdns": [ "mim4u.org", "www.mim4u.org", "secure.mim4u.org", "training.mim4u.org" ], "notes": "nginx proxies /api/ to 7811" }, { "vmid": 7811, "hostname": "mim-api-1", "ipv4": "192.168.11.36", "preferred_node": "r630-02", "category": "mim4u", "ports": [ { "port": 3001, "name": "api-backend" } ], "fqdns": [] }, { "vmid": 7800, "hostname": "sankofa-api-1", "ipv4": "192.168.11.50", "preferred_node": "r630-01", "category": "sankofa_phoenix", "ports": [ { "port": 4000, "name": "graphql" } ], "fqdns": [ "phoenix.sankofa.nexus", "www.phoenix.sankofa.nexus" ] }, { "vmid": 7801, "hostname": "sankofa-portal-1", "ipv4": "192.168.11.51", "preferred_node": "r630-01", "category": "sankofa_phoenix", "runtime_state": "active_client_sso_surface", "notes": "Client SSO Next.js surface for portal.sankofa.nexus and admin.sankofa.nexus. Corporate apex ownership moved to VMID 7806.", "ports": [ { "port": 3000 } ], "fqdns": [ "portal.sankofa.nexus", "admin.sankofa.nexus" ] }, { "vmid": 7802, "hostname": "sankofa-keycloak-1", "ipv4": "192.168.11.52", "preferred_node": "r630-01", "category": "sankofa_phoenix", "ports": [ { "port": 8080 } ], "fqdns": [] }, { "vmid": 7803, "hostname": "sankofa-postgres-1", "ipv4": "192.168.11.53", "preferred_node": "r630-01", "category": "sankofa_phoenix", "ports": [ { "port": 5432 } ], "fqdns": [] }, { "vmid": 7804, "hostname": "gov-portals-dev", "ipv4": "192.168.11.54", "preferred_node": "r630-01", "category": "sankofa_phoenix", "ports": [ { "port": 80 } ], "fqdns": [ "*.xom-dev.phoenix.sankofa.nexus" ], "notes": "Sole owner of 192.168.11.54 (gov portals). Order-legal (10070) uses IP_ORDER_LEGAL / 192.168.11.87." }, { "vmid": 7805, "hostname": "sankofa-studio", "ipv4": "192.168.11.72", "preferred_node": "r630-01", "category": "sankofa_phoenix", "ports": [ { "port": 8000 } ], "fqdns": [ "studio.sankofa.nexus" ] }, { "vmid": 7806, "hostname": "sankofa-public-web", "ipv4": "192.168.11.63", "preferred_node": "r630-01", "category": "sankofa_phoenix", "runtime_state": "active_public_site", "notes": "Corporate / marketing Next.js surface for sankofa.nexus. Live CT config on 2026-04-05 confirmed hostname sankofa-public-web, onboot=1, and running state.", "ports": [ { "port": 3000, "name": "nextjs" } ], "fqdns": [ "sankofa.nexus", "www.sankofa.nexus" ] }, { "vmid": 8640, "hostname": "vault-phoenix-1", "ipv4": "192.168.11.200", "preferred_node": "r630-01", "category": "vault", "ports": [ { "port": 8200 } ], "fqdns": [] }, { "vmid": 8641, "hostname": "vault-phoenix-2", "ipv4": "192.168.11.215", "preferred_node": "r630-01", "category": "vault", "ports": [ { "port": 8200 } ], "fqdns": [] }, { "vmid": 8642, "hostname": "vault-phoenix-3", "ipv4": "192.168.11.202", "preferred_node": "r630-01", "category": "vault", "ports": [ { "port": 8200 } ], "fqdns": [] }, { "vmid": 5800, "hostname": "mifos-fineract", "ipv4": "192.168.11.85", "preferred_node": "r630-02", "category": "mifos", "ports": [ { "port": 80 } ], "fqdns": [ "mifos.d-bis.org" ] }, { "vmid": 5802, "hostname": "rtgs-scsm-1", "ipv4": "192.168.11.89", "preferred_node": "r630-02", "category": "rtgs-sidecar", "runtime_state": "active_internal_health_ok", "notes": "Deployed 2026-03-28/29 as the DBIS RTGS SCSM sidecar. systemd service active, local Redis active, and /actuator/health returned UP. Live Fineract reachability to 5800 is confirmed at the HTTP layer; authenticated production flow still requires final tenant/auth freeze.", "ports": [ { "port": 8080 }, { "port": 6379 } ], "fqdns": [] }, { "vmid": 5803, "hostname": "rtgs-funds-1", "ipv4": "192.168.11.90", "preferred_node": "r630-02", "category": "rtgs-sidecar", "runtime_state": "active_internal_health_ok", "notes": "Deployed 2026-03-28/29 as the DBIS RTGS server-funds sidecar. systemd service active, local Redis active, and /actuator/health returned UP. Live Fineract reachability to 5800 is confirmed at the HTTP layer; authenticated production flow still requires final tenant/auth freeze.", "ports": [ { "port": 8080 }, { "port": 6379 } ], "fqdns": [] }, { "vmid": 5804, "hostname": "rtgs-xau-1", "ipv4": "192.168.11.92", "preferred_node": "r630-02", "category": "rtgs-sidecar", "runtime_state": "active_internal_health_ok", "notes": "Deployed 2026-03-28/29 as the DBIS RTGS off-ledger-to-on-ledger XAU sidecar. systemd service active and /actuator/health returned UP. Live Fineract reachability to 5800 is confirmed at the HTTP layer; authenticated production flow still requires final tenant/auth freeze.", "ports": [ { "port": 8080 }, { "port": 6379 } ], "fqdns": [] }, { "vmid": 5801, "hostname": "dapp-smom", "ipv4": "192.168.11.58", "preferred_node": "r630-02", "category": "dapp", "ports": [ { "port": 80 } ], "fqdns": [ "dapp.d-bis.org" ] }, { "vmid": 5700, "hostname": "dev-vm-gitops", "ipv4": "192.168.11.59", "preferred_node": "any", "category": "dev", "ports": [], "fqdns": [], "notes": "Shared dev / Gitea; see DEV_VM_GITOPS_PLAN.md" }, { "vmid": 5751, "hostname": "op-stack-deployer-1", "ipv4": "192.168.11.69", "preferred_node": "r630-02", "category": "ai_app", "ports": [ { "port": 22, "name": "ssh" } ], "fqdns": [], "notes": "OP Stack deployer/operator workspace on r630-02 thin5: op-deployer, op-validator, manifests, rollup/genesis artifacts." }, { "vmid": 5752, "hostname": "op-stack-ops-1", "ipv4": "192.168.11.70", "preferred_node": "r630-02", "category": "ai_app", "ports": [ { "port": 22, "name": "ssh" } ], "fqdns": [], "notes": "OP Stack runtime/service staging on r630-02 thin5: op-geth, op-node, batcher, proposer, challenger." }, { "vmid": 10230, "hostname": "order-vault", "ipv4": "192.168.11.55", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 8200 } ], "fqdns": [] }, { "vmid": 10232, "hostname": "ct10232", "ipv4": "192.168.11.56", "preferred_node": "r630-01", "category": "general", "ports": [], "fqdns": [] }, { "vmid": 10060, "hostname": "order-dataroom", "ipv4": "192.168.11.42", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 80 } ], "fqdns": [] }, { "vmid": 10070, "hostname": "order-legal", "ipv4": "192.168.11.87", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [], "notes": "Moved off .54 2026-03-25 (ARP conflict with VMID 7804). Use IP_ORDER_LEGAL in ip-addresses.conf." }, { "vmid": 10210, "hostname": "order-haproxy", "ipv4": "192.168.11.39", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 80 }, { "port": 443 } ], "fqdns": [ "the-order.sankofa.nexus", "www.the-order.sankofa.nexus" ], "notes": "NPMplus → HTTP :80; TLS at NPM (LE). VMID 10210." }, { "vmid": 10020, "hostname": "order-redis", "ipv4": "192.168.11.38", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 6379 } ], "fqdns": [], "notes": "Dedicated Order Redis LXC (VMID 10020); ORDER_REDIS_IP in ip-addresses.conf." }, { "vmid": 3000, "hostname": "ml-node-1", "ipv4": "192.168.11.60", "preferred_node": "r630-03", "category": "monitoring", "notes": "Legacy monitor / RPC-adjacent Ubuntu guest. systemd-networkd was re-enabled on 2026-04-05 so the configured static LAN IP is active again.", "ports": [], "fqdns": [] }, { "vmid": 3001, "hostname": "ml-node-2", "ipv4": "192.168.11.61", "preferred_node": "r630-03", "category": "monitoring", "notes": "Legacy monitor / RPC-adjacent Ubuntu guest. systemd-networkd was re-enabled on 2026-04-05 so the configured static LAN IP is active again.", "ports": [], "fqdns": [] }, { "vmid": 3002, "hostname": "ml-node-3", "ipv4": "192.168.11.62", "preferred_node": "r630-03", "category": "monitoring", "notes": "Legacy monitor / RPC-adjacent Ubuntu guest. systemd-networkd was re-enabled on 2026-04-05 so the configured static LAN IP is active again.", "ports": [], "fqdns": [] }, { "vmid": 3003, "hostname": "ml-node-4", "ipv4": "192.168.11.66", "preferred_node": "r630-03", "category": "monitoring", "notes": "Legacy monitor / RPC-adjacent Ubuntu guest. Readdressed from 192.168.11.63 to 192.168.11.66 on 2026-04-05 to remove the live LAN conflict with VMID 7806 (sankofa-public-web), and systemd-networkd was re-enabled the same day.", "ports": [], "fqdns": [] }, { "vmid": 10233, "hostname": "npmplus-primary", "ipv4": "192.168.11.167", "preferred_node": "r630-01", "category": "npmplus", "ports": [ { "port": 80 }, { "port": 81 }, { "port": 443 } ], "fqdns": [], "notes": "Also .166 on eth0; ingress .167 per NETWORK_CONFIGURATION_MASTER" }, { "vmid": 10234, "hostname": "npmplus-secondary", "ipv4": "192.168.11.168", "preferred_node": "r630-02", "category": "npmplus", "ports": [ { "port": 80 }, { "port": 81 }, { "port": 443 } ], "fqdns": [] }, { "vmid": 10235, "hostname": "npmplus-alltra-hybx", "ipv4": "192.168.11.169", "preferred_node": "r630-02", "category": "npmplus", "ports": [ { "port": 80 }, { "port": 81 }, { "port": 443 } ], "fqdns": [] }, { "vmid": 10236, "hostname": "npmplus-fourth-dev", "ipv4": "192.168.11.170", "preferred_node": "r630-02", "category": "npmplus", "ports": [ { "port": 80 }, { "port": 81 }, { "port": 443 } ], "fqdns": [] }, { "vmid": 10237, "hostname": "npmplus-mifos", "ipv4": "192.168.11.171", "preferred_node": "r630-02", "category": "npmplus", "ports": [ { "port": 80 }, { "port": 81 }, { "port": 443 } ], "fqdns": [] }, { "vmid": 102, "hostname": "cloudflared", "ipv4": "192.168.11.34", "preferred_node": "r630-01", "category": "tunnel", "ports": [], "fqdns": [], "notes": "Cloudflare tunnel / ingress helper" }, { "vmid": 1507, "hostname": "besu-sentry-hybx-1", "ipv4": "192.168.11.244", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1508, "hostname": "besu-sentry-hybx-2", "ipv4": "192.168.11.245", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [] }, { "vmid": 1509, "hostname": "besu-sentry-thirdweb-01", "ipv4": "192.168.11.219", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [], "runtime_state": "active", "notes": "Active Thirdweb sentry on r630-03" }, { "vmid": 1510, "hostname": "besu-sentry-thirdweb-02", "ipv4": "192.168.11.220", "preferred_node": "r630-03", "category": "besu_sentry", "ports": [ { "port": 30303 }, { "port": 9545 } ], "peering_layer": "sentry_boundary", "fqdns": [], "runtime_state": "active", "notes": "Active Thirdweb sentry on r630-03" }, { "vmid": 2103, "hostname": "besu-rpc-core-thirdweb", "ipv4": "192.168.11.217", "preferred_node": "r630-01", "category": "rpc_core", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "peering_layer": "rpc_tier", "fqdns": [] }, { "vmid": 2420, "hostname": "besu-rpc-alltra-1", "ipv4": "192.168.11.172", "preferred_node": "r630-01", "category": "rpc_alltra_hybx", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "fqdns": [] }, { "vmid": 2430, "hostname": "besu-rpc-alltra-2", "ipv4": "192.168.11.173", "preferred_node": "r630-01", "category": "rpc_alltra_hybx", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "fqdns": [] }, { "vmid": 2440, "hostname": "besu-rpc-alltra-3", "ipv4": "192.168.11.174", "preferred_node": "r630-01", "category": "rpc_alltra_hybx", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "fqdns": [] }, { "vmid": 2460, "hostname": "besu-rpc-hybx-1", "ipv4": "192.168.11.246", "preferred_node": "r630-01", "category": "rpc_alltra_hybx", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "fqdns": [] }, { "vmid": 2470, "hostname": "besu-rpc-hybx-2", "ipv4": "192.168.11.247", "preferred_node": "r630-01", "category": "rpc_alltra_hybx", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "fqdns": [] }, { "vmid": 2480, "hostname": "besu-rpc-hybx-3", "ipv4": "192.168.11.248", "preferred_node": "r630-01", "category": "rpc_alltra_hybx", "ports": [ { "port": 8545 }, { "port": 8546 }, { "port": 30303 } ], "fqdns": [] }, { "vmid": 5010, "hostname": "tsunamiswap", "ipv4": "192.168.11.91", "preferred_node": "r630-01", "category": "defi", "ports": [ { "port": 80 } ], "fqdns": [] }, { "vmid": 5201, "hostname": "cacti-alltra-1", "ipv4": "192.168.11.177", "preferred_node": "r630-02", "category": "monitoring", "runtime_state": "active_public_cacti_surface", "notes": "Public Alltra Cacti surface reverified on 2026-04-05 with nginx on 80/443 and the local Hyperledger Cacti API healthy on 4000.", "ports": [ { "port": 80 }, { "port": 443 }, { "port": 4000 } ], "fqdns": [] }, { "vmid": 5202, "hostname": "cacti-hybx-1", "ipv4": "192.168.11.251", "preferred_node": "r630-02", "category": "monitoring", "runtime_state": "active_public_cacti_surface", "notes": "Public HYBX Cacti surface reverified on 2026-04-05 with nginx on 80/443 and the local Hyperledger Cacti API healthy on 4000.", "ports": [ { "port": 80 }, { "port": 443 }, { "port": 4000 } ], "fqdns": [] }, { "vmid": 5702, "hostname": "ai-inf-1", "ipv4": "192.168.11.82", "preferred_node": "r630-01", "category": "ai_infra", "ports": [], "fqdns": [] }, { "vmid": 5705, "hostname": "ai-inf-2", "ipv4": "192.168.11.86", "preferred_node": "r630-01", "category": "ai_infra", "ports": [], "fqdns": [] }, { "vmid": 6001, "hostname": "fabric-alltra-1", "ipv4": "192.168.11.178", "preferred_node": "r630-02", "category": "dlt", "runtime_state": "reserved_placeholder_stopped", "notes": "As of 2026-03-28 this CT has been reclassified as a reserved placeholder and stopped. Earlier app-native checks found no active Fabric payload, processes, or listeners.", "ports": [ { "port": 7051 } ], "fqdns": [] }, { "vmid": 6002, "hostname": "fabric-hybx-1", "ipv4": "192.168.11.252", "preferred_node": "r630-02", "category": "dlt", "runtime_state": "reserved_placeholder_stopped", "notes": "As of 2026-03-28 this CT has been reclassified as a reserved placeholder and stopped. Earlier app-native checks found no active Fabric payload, processes, or listeners.", "ports": [ { "port": 7051 } ], "fqdns": [] }, { "vmid": 6401, "hostname": "indy-alltra-1", "ipv4": "192.168.11.179", "preferred_node": "r630-02", "category": "dlt", "runtime_state": "reserved_placeholder_stopped", "notes": "As of 2026-03-28 this CT has been reclassified as a reserved placeholder and stopped. Earlier app-native checks found no active Indy payload, processes, or listeners.", "ports": [], "fqdns": [] }, { "vmid": 6402, "hostname": "indy-hybx-1", "ipv4": "192.168.11.253", "preferred_node": "r630-02", "category": "dlt", "runtime_state": "reserved_placeholder_stopped", "notes": "As of 2026-03-28 this CT has been reclassified as a reserved placeholder and stopped. Earlier app-native checks found no active Indy payload, processes, or listeners.", "ports": [], "fqdns": [] }, { "vmid": 6500, "hostname": "aries-1", "ipv4": "192.168.11.88", "preferred_node": "r630-02", "category": "identity_agent", "runtime_state": "active_identity_agent", "notes": "ACA-Py / askar-anoncreds primary agent reverified on 2026-04-05 with DIDComm on 8030, admin API on 8031, and the local Indy genesis mounted.", "ports": [ { "port": 8030 }, { "port": 8031 } ], "fqdns": [] }, { "vmid": 6600, "hostname": "caliper-1", "ipv4": "192.168.11.93", "preferred_node": "r630-02", "category": "benchmark", "runtime_state": "active_benchmark_workspace", "notes": "Hyperledger Caliper workspace reverified on 2026-04-05 with the Besu 1.4 binding and outbound Chain 138 RPC reachability.", "ports": [], "fqdns": [] }, { "vmid": 10000, "hostname": "order-postgres-primary", "ipv4": "192.168.11.44", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 5432 } ], "fqdns": [], "notes": "Sovereign Cloud / Order band; ORDER_POSTGRES_PRIMARY in ip-addresses.conf." }, { "vmid": 10001, "hostname": "order-postgres-replica", "ipv4": "192.168.11.45", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 5432 } ], "fqdns": [], "notes": "ORDER_POSTGRES_REPLICA in ip-addresses.conf." }, { "vmid": 10030, "hostname": "order-identity", "ipv4": "192.168.11.40", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [] }, { "vmid": 10040, "hostname": "order-intake", "ipv4": "192.168.11.41", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [] }, { "vmid": 10050, "hostname": "order-finance", "ipv4": "192.168.11.49", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [] }, { "vmid": 10080, "hostname": "order-eresidency", "ipv4": "192.168.11.43", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [] }, { "vmid": 10090, "hostname": "order-portal-public", "ipv4": "192.168.11.36", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 80 } ], "fqdns": [], "notes": "Candidate backend for the-order.sankofa.nexus when wired" }, { "vmid": 10091, "hostname": "order-portal-internal", "ipv4": "192.168.11.35", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [] }, { "vmid": 10092, "hostname": "order-mcp-legal", "ipv4": "192.168.11.94", "preferred_node": "r630-01", "category": "order", "ports": [], "fqdns": [], "notes": "Moved off 192.168.11.37 on 2026-03-29 after ARP conflict with VMID 7810 mim-web-1. Use IP_ORDER_MCP_LEGAL in ip-addresses.conf." }, { "vmid": 10200, "hostname": "order-prometheus", "ipv4": "192.168.11.46", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 9090 } ], "fqdns": [] }, { "vmid": 10201, "hostname": "order-grafana", "ipv4": "192.168.11.47", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 3000 } ], "fqdns": [] }, { "vmid": 10202, "hostname": "order-opensearch", "ipv4": "192.168.11.48", "preferred_node": "r630-01", "category": "order", "ports": [ { "port": 9200 } ], "fqdns": [] } ] }