kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-commit: 2025-12-28 22:00 session changes

Browse Source
This commit is contained in:
kavren
2025-12-28 22:00:45 -05:00
parent 9002edcf9a
commit e4506d6a07
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/CHANGELOG.md
View File

@@ -4,6 +4,13 @@
## 2025-12-28
### Internal .kav Routing via Traefik
- Added Traefik `internal` entrypoint on port 8080 for .kav domain routing
- Created `/etc/traefik/conf.d/internal-kav.yaml` with routes for all services
- Updated Pi-hole DNS to point service .kav domains to Traefik (10.4.2.10)
- Services now accessible at `http://<service>.kav:8080/` without per-service ports
- Direct access retained for: Proxmox nodes, kavnas, docker hosts, mqtt, zwave
### Guest VLAN Media Access
- Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26)
- Rules inserted before "Block Guest to LAN" to allow media streaming for guests

8
docs/DECISIONS.md
View File

@@ -55,7 +55,13 @@
- `.local` - Conflicts with mDNS/Bonjour
- `.home.arpa` - RFC 8375 compliant but verbose
**Usage**: All services accessible via `<service>.kav` (e.g., traefik.kav, sonarr.kav)
**Usage**: Services accessible via `http://<service>.kav:8080/` (routed through Traefik)
**Internal Routing via Traefik**:
- Pi-hole resolves `.kav` domains to Traefik (10.4.2.10)
- Traefik `internal` entrypoint on port 8080 routes to backend services
- No port numbers needed per-service, just use `:8080` for all
- Direct access (no Traefik): pm1-4.kav, elantris.kav, kavnas.kav, docker hosts, mqtt.kav, zwave.kav
### SSH Access Policy