Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.moodmnky.com/llms.txt

Use this file to discover all available pages before exploring further.

This page documents the canonical operator environment file: datacenter.env. It is the central place where we keep datacenter access credentials and endpoints for:
  • edge networking (pfSense)
  • storage (TrueNAS)
  • hypervisors (Proxmox nodes)
  • overlay remote access (NetBird)
  • application edge / PaaS (Coolify; reverse proxy tier is documented elsewhere)
  • media-stack apps (Jellyfin + *arr + Jellyseerr + qBittorrent/Gluetun)
Related topology: CODE-MNKY LXC inventory (live LXCs 300/301/3001 vs VMs 3055/3056); VLAN subnets and identity (which datacenter.env blocks map to which site /24).

Safety rules (non-negotiable)

  • Do not paste secret values into docs. In Mintlify, reference variable names only.
  • datacenter.env is secret-bearing; store it in your secrets store / private operator workspace.
  • If you need to share access data, share a redacted excerpt or the variable names list.

Canonical file layout

datacenter.env is organized into stable sections so operators can find things quickly and automation can source consistent keys:
  • Edge: pfSense (PFSENSE_*)
  • Storage: TrueNAS Scale (TRUENAS_*, plus back-compat TRUNAS_*)
  • Edge client: NVIDIA Shield + TrueNAS SMB (SHIELD_MNKY_*, TRUENAS_SHIELD_SMB_*, SHIELD_RCLONE_*, optional NETBIRD_* notes for Shield remote path)
  • Hypervisors: Proxmox cluster (PROXMOX_*)
  • Hypervisors: Proxmox standalone (MNKY-HQ) (PROXMOX_MNKY_HQ_*)
  • Overlay: NetBird control plane (NETBIRD_*)
  • App platform: PaaS / reverse proxy (COOLIFY_*)
  • Media: VPN egress (PROTONVPN_*, GLUETUN_*, PORT_FORWARD_ONLY)
  • Media: qBittorrent (QB_WEBUI_*)
  • Media: Jellyfin (JELLYFIN_*)
  • *Media: arr + Jellyseerr (SONARR_*, RADARR_*, LIDARR_*, JELLYSEERR_*)

Normalization rules

  • Typos: keep existing keys for compatibility, but add preferred aliases (e.g. TRUNAS_* vs TRUENAS_*).
  • Host blocks: when a host exists, keys should be complete and predictable: *_HOST (optional), *_FQDN (optional), *_IP, *_SSH_PORT, *_USERNAME, *_PASSWORD.
  • URLs: if a service has a LAN URL and a public URL, store both explicitly.

Segment map (non-secret)

Map datacenter.env key groups to site CIDRs (full narrative: VLAN subnets and identity):
  • 10.0.0.0/24 (DATA / site core): PROXMOX_DATA_MNKY_*; TrueNAS TRUNAS_* / TRUENAS_*; SHIELD_MNKY_* and Shield SMB keys (edge clients on DATA LAN); NETBIRD_SERVER_* (self-hosted control plane); TRAEFIK_*; COOLIFY_HQ_SSH_*; MNKY_REGISTRY_*; Infisical or other infra hosts when documented on DATA.
  • 10.1.0.0/24 (MOOD): PROXMOX_MOOD_MNKY_*; COOLIFY_MOOD_SSH_* (Coolify on the MOOD node).
  • 10.2.0.0/24 (SAGE): PROXMOX_SAGE_MNKY_*.
  • 10.3.0.0/24 (CODE): PROXMOX_CODE_MNKY_* (Supabase, n8n, Ollama, and other CODE-segment workloads).
  • 10.4.0.0/24 (CASA): PROXMOX_CASA_MNKY_*.
  • Standalone HQ: PROXMOX_MNKY_HQ_* (MNKY-HQ; not one of the five cluster /24s above).
  • Overlay: NETBIRD_* (management URL, API, setup tokens) applies to all peers; routing semantics are in NetBird.

Redacted inventory (variable map)

Edge network

  • pfSense (default gateway): PFSENSE_IP, PFSENSE_SSH_PORT, PFSENSE_USERNAME, PFSENSE_PASSWORD — see pfSense.

Storage

  • TrueNAS Scale (NFS for hyper-mnky-shared): back-compat TRUNAS_*; preferred TRUENAS_* — see Storage and network.
  • TrueNAS SMB (Shield TV): TRUENAS_SHIELD_SMB_USER, TRUENAS_SHIELD_SMB_PASSWORD, TRUENAS_SHIELD_SMB_DOMAIN, share name keys TRUENAS_SHIELD_SMB_SHARE_* — paired with SHIELD_MNKY_* (SSH/ADB) and SHIELD_RCLONE_REMOTE_* for Termux rclone remotes.

Hypervisors

  • Proxmox cluster nodes: PROXMOX_DATA_MNKY_*, PROXMOX_MOOD_MNKY_*, PROXMOX_SAGE_MNKY_*, PROXMOX_CODE_MNKY_*, PROXMOX_CASA_MNKY_* — see Data Center Map.
  • Standalone MNKY-HQ: PROXMOX_MNKY_HQ_* — see MNKY-HQ node.

Overlay remote access

  • NetBird: NETBIRD_MANAGEMENT_URL, NETBIRD_SERVER_*, NETBIRD_SERVICE_WORKER_SECRET, NETBIRD_SETUP_TOKEN — see NetBird. Optional operator labels: NETBIRD_SHIELD_PEER_NAME, NETBIRD_DATA_LAN_ROUTE_CIDR, NETBIRD_DATA_LAN_ROUTE_VIA (document Shield + DATA LAN route semantics; no secrets).

App platform

  • Coolify: COOLIFY_DOMAIN, COOLIFY_API_KEY

Media stack

  • VPN / Gluetun / Proton: PROTONVPN_*, PORT_FORWARD_ONLY, GLUETUN_FIREWALL_OUTBOUND_SUBNETS (never paste values in docs).
  • qBittorrent Web UI: QB_WEBUI_*
  • Jellyfin: JELLYFIN_* — see Media stack.
  • *arr / Jellyseerr: SONARR_*, RADARR_*, LIDARR_*, JELLYSEERR_*

Coverage map (env vs docs)

Present in datacenter.env

pfSense, TrueNAS, Proxmox node access, NetBird, Coolify, media apps, and (when synced) Supabase/n8n/Infisical-related blocks.

Present in docs but may need env entries

Confirm runtime endpoints and add namespaces as needed: OLLAMA_*, FLOWISE_*, N8N_*, SUPABASE_*, MINIO_*.

Required credentials checklist (ops)

Track in datacenter.env or Infisical: MeshCentral, Loki, Prometheus, Grafana, Uptime Kuma, Infisical, Authentik, Traefik, PBS, expanded media indexers, GitHub, OpenAI, Notion, Discord, plus any service not yet listed. Use a consistent shape per service: <SERVICE>_URL, <SERVICE>_LAN_URL, <SERVICE>_USERNAME, <SERVICE>_PASSWORD, <SERVICE>_API_KEY as applicable.