Initial commit: KavCorp infrastructure documentation

- CLAUDE.md: Project configuration for Claude Code - docs/: Infrastructure documentation - INFRASTRUCTURE.md: Service map, storage, network - CONFIGURATIONS.md: Service configs and credentials - CHANGELOG.md: Change history - DECISIONS.md: Architecture decisions - TASKS.md: Task tracking - scripts/: Automation scripts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-07 22:07:01 -05:00
commit 120c2ec809
19 changed files with 3448 additions and 0 deletions
--- a/docs/CONFIGURATIONS.md
+++ b/docs/CONFIGURATIONS.md
@@ -0,0 +1,312 @@
+# Configuration Reference
+
+> **Purpose**: Detailed configuration for all services - copy/paste ready configs and settings
+> **Update Frequency**: When service configurations change
+
+## Traefik
+
+### SSL/TLS with Let's Encrypt
+
+**Location**: LXC 104 on pm2
+
+**Environment Variables** (`/etc/systemd/system/traefik.service.d/override.conf`):
+```bash
+NAMECHEAP_API_USER=kavren
+NAMECHEAP_API_KEY=8156f3d9ef664c91b95f029dfbb62ad5
+NAMECHEAP_PROPAGATION_TIMEOUT=3600
+NAMECHEAP_POLLING_INTERVAL=30
+NAMECHEAP_TTL=300
+```
+
+**Main Config** (`/etc/traefik/traefik.yaml`):
+```yaml
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: cory.bailey87@gmail.com
+      storage: /etc/traefik/ssl/acme.json
+      dnsChallenge:
+        provider: namecheap
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+```
+
+### Service Routing Examples
+
+**Home Assistant** (`/etc/traefik/conf.d/home-automation.yaml`):
+```yaml
+http:
+  routers:
+    homeassistant:
+      rule: "Host(`hass.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: homeassistant
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    homeassistant:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.62:8123"
+```
+
+**Ollama** (`/etc/traefik/conf.d/ollama.yaml`):
+```yaml
+http:
+  routers:
+    ollama:
+      rule: "Host(`ollama.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: ollama
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    ollama:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.224:11434"
+```
+
+**Frigate** (`/etc/traefik/conf.d/frigate.yaml`):
+```yaml
+http:
+  routers:
+    frigate:
+      rule: "Host(`frigate.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: frigate
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    frigate:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.215:5000"
+```
+
+**Foundry VTT** (`/etc/traefik/conf.d/foundry.yaml`):
+```yaml
+http:
+  routers:
+    foundry:
+      rule: "Host(`vtt.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: foundry
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    foundry:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.37:30000"
+```
+
+**Proxmox** (`/etc/traefik/conf.d/proxmox.yaml`):
+```yaml
+http:
+  routers:
+    proxmox:
+      rule: "Host(`pm.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: proxmox
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    proxmox:
+      loadBalancer:
+        servers:
+          - url: "https://10.4.2.6:8006"
+        serversTransport: proxmox-transport
+
+  serversTransports:
+    proxmox-transport:
+      insecureSkipVerify: true
+```
+
+## AMP (Application Management Panel)
+
+**Location**: LXC 124 on elantris
+**IP**: 10.4.2.26:8080
+**Domain**: amp.kavcorp.com
+
+**Traefik Config** (`/etc/traefik/conf.d/amp.yaml`):
+```yaml
+http:
+  routers:
+    amp:
+      rule: "Host(`amp.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: amp
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    amp:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.26:8080"
+```
+
+## Home Assistant
+
+**Location**: VM 100 on pm1
+**IP**: 10.4.2.62:8123
+
+**Reverse Proxy Config** (`/config/configuration.yaml`):
+```yaml
+http:
+  use_x_forwarded_for: true
+  trusted_proxies:
+    - 10.4.2.10  # Traefik IP
+    - 172.30.0.0/16  # Home Assistant internal network (for add-ons)
+```
+
+## Sonarr
+
+**Location**: LXC 105 on pm2
+**IP**: 10.4.2.15:8989
+**API Key**: b331fe18ec2144148a41645d9ce8b249
+
+**Media Management Settings**:
+- Permissions: Enabled, chmod 777
+- Hardlinks: Enabled
+- Episode title required: Always
+- Free space check: 100MB minimum
+
+## Radarr
+
+**Location**: LXC 108
+**IP**: 10.4.2.16:7878
+**API Key**: 5e6796988abf4d6d819a2b506a44f422
+
+## NZBGet
+
+**Location**: Docker on kavnas (10.4.2.13)
+**Port**: 6789
+**Web User**: kavren
+**Web Password**: fre8ub2ax8
+
+**Key Settings** (`/volume1/docker/nzbget/config/nzbget.conf`):
+```ini
+MainDir=/config
+DestDir=/downloads/completed
+InterDir=/downloads/intermediate
+UMask=0000  # Creates files with 777 permissions
+```
+
+**Docker Mounts**:
+- Config: `/volume1/docker/nzbget/config:/config`
+- Downloads: `/volume1/Media/downloads:/downloads`
+
+## Recyclarr
+
+**Location**: LXC 122 on pm2
+**IP**: 10.4.2.25
+**Binary**: `/usr/local/bin/recyclarr`
+**Config**: `/root/.config/recyclarr/recyclarr.yml`
+
+**Sync Schedule**: Daily at 3 AM via cron
+
+**Configured Profiles**:
+- **Radarr**: HD Bluray + WEB (1080p), Remux-1080p - Anime
+- **Sonarr**: WEB-1080p, Remux-1080p - Anime
+- **Custom Formats**: TRaSH Guides synced (Dolby Vision blocked, release group tiers)
+
+## Jellyfin
+
+**Location**: LXC 121 on elantris
+**IP**: 10.4.2.21:8096
+
+**Media Mounts** (inside LXC):
+- `/media/tv` → `/el-pool/media/tv`
+- `/media/anime` → `/el-pool/media/anime`
+- `/media/movies` → `/el-pool/media/movies`
+
+**Permissions**: Files must be 777 for Jellyfin user (UID 100107 in LXC) to access
+
+## Vaultwarden
+
+**Location**: LXC 125 on pm4
+**IP**: 10.4.2.212:80
+**Domain**: vtw.kavcorp.com
+
+**Traefik Config** (`/etc/traefik/conf.d/vaultwarden.yaml`):
+```yaml
+http:
+  routers:
+    vaultwarden:
+      rule: "Host(`vtw.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: vaultwarden
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    vaultwarden:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.212:80"
+```
+
+## Immich
+
+**Location**: LXC 126 on pm4
+**IP**: 10.4.2.24:2283
+**Domain**: immich.kavcorp.com
+
+**Config** (`/opt/immich/.env`):
+```bash
+TZ=America/Indiana/Indianapolis
+IMMICH_VERSION=release
+NODE_ENV=production
+DB_HOSTNAME=127.0.0.1
+DB_USERNAME=immich
+DB_PASSWORD=AulF5JhgWXrRxtaV05
+DB_DATABASE_NAME=immich
+DB_VECTOR_EXTENSION=pgvector
+REDIS_HOSTNAME=127.0.0.1
+IMMICH_MACHINE_LEARNING_URL=http://127.0.0.1:3003
+MACHINE_LEARNING_CACHE_FOLDER=/opt/immich/cache
+IMMICH_MEDIA_LOCATION=/mnt/immich-library
+```
+
+**NFS Mount** (configured via `pct set 126 -mp0`):
+- Host path: `/mnt/pve/elantris-downloads/immich`
+- Container path: `/mnt/immich-library`
+- Source: elantris (`/el-pool/downloads/immich/`)
+
+**Systemd Services**:
+- `immich-web.service` - Web UI and API
+- `immich-ml.service` - Machine learning service
+
+**Traefik Config** (`/etc/traefik/conf.d/immich.yaml`):
+```yaml
+http:
+  routers:
+    immich:
+      rule: "Host(`immich.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: immich
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    immich:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.24:2283"
+```