Auto-commit: 2025-12-28 22:00 session changes

2025-12-28 22:00:45 -05:00
parent 9002edcf9a
commit e4506d6a07
2 changed files with 14 additions and 1 deletions
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -4,6 +4,13 @@
 ## 2025-12-28
 ### Internal .kav Routing via Traefik
 - Added Traefik `internal` entrypoint on port 8080 for .kav domain routing
 - Created `/etc/traefik/conf.d/internal-kav.yaml` with routes for all services
 - Updated Pi-hole DNS to point service .kav domains to Traefik (10.4.2.10)
 - Services now accessible at `http://<service>.kav:8080/` without per-service ports
 - Direct access retained for: Proxmox nodes, kavnas, docker hosts, mqtt, zwave
 ### Guest VLAN Media Access
 - Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26)
 - Rules inserted before "Block Guest to LAN" to allow media streaming for guests
--- a/docs/DECISIONS.md
+++ b/docs/DECISIONS.md
@@ -55,7 +55,13 @@
 - `.local` - Conflicts with mDNS/Bonjour
 - `.home.arpa` - RFC 8375 compliant but verbose
-**Usage**: All services accessible via `<service>.kav` (e.g., traefik.kav, sonarr.kav)
+**Usage**: Services accessible via `http://<service>.kav:8080/` (routed through Traefik)
 **Internal Routing via Traefik**:
 - Pi-hole resolves `.kav` domains to Traefik (10.4.2.10)
 - Traefik `internal` entrypoint on port 8080 routes to backend services
 - No port numbers needed per-service, just use `:8080` for all
 - Direct access (no Traefik): pm1-4.kav, elantris.kav, kavnas.kav, docker hosts, mqtt.kav, zwave.kav
 ### SSH Access Policy