docs: Update Frigate migration and Traefik config

- Frigate migrated to LXC 128 (Docker) with auth enabled
- Updated IP to 10.4.2.8, port 8971 for authenticated access
- Traefik uses HTTPS backend with insecureSkipVerify for self-signed cert
- Added logrotate for Traefik logs (50MB max, 3 rotations)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docs/CHANGELOG.md

@@ -2,6 +2,58 @@
 
 > **Purpose**: Historical record of all significant infrastructure changes
 
+## 2025-12-15
+
+### Frigate Migration & Upgrade
+- **Frigate**: Migrated from source install (LXC 111) to Docker-based (LXC 128)
+  - Old: LXC 111 on pm3 (source install, 0.14.1)
+  - New: LXC 128 on pm3 (Docker, 0.17.0-beta1)
+  - IP: 10.4.2.8
+  - Domain: frigate.kavcorp.com
+  - Privileged LXC required for USB device passthrough (Coral TPU)
+  - Coral USB TPU successfully passed through
+  - NFS mount for media storage: `/mnt/pve/KavNas/frigate-media`
+
+- **Frigate Configuration Updates**:
+  - Enabled built-in authentication (port 8971)
+  - Updated MQTT to correct Home Assistant IP (10.4.2.199)
+  - Consolidated camera configs using global defaults
+  - Fixed garage stream bug (was using wrong ffmpeg source)
+  - Added stationary car filtering (stops tracking after 30 seconds)
+
+- **Traefik Updates**:
+  - Updated Frigate route to use HTTPS backend (port 8971)
+  - Added serversTransport for self-signed cert (insecureSkipVerify)
+  - Fixed disk full issue (removed 903MB old access log)
+  - Added logrotate config: 50MB max, 3 rotations, daily
+
+### Service Recovery
+- **Power Outage Recovery**: Started all stopped LXCs on pm2, pm3, pm4
+- **VM 109 (docker-pm3)**: Fixed missing onboot setting
+
+### Infrastructure Notes
+- LXC 111 (old Frigate) pending deletion after new setup confirmed
+- Port 5000 on Frigate remains available for Home Assistant integration (unauthenticated)
+- Admin credentials logged on first auth-enabled startup
+
+## 2025-12-08
+
+### Service Configuration
+- **Shinobi (LXC 103)**: Configured NVR storage and Traefik endpoint
+  - Added to Traefik reverse proxy: shinobi.kavcorp.com
+  - Traefik config: `/etc/traefik/conf.d/shinobi.yaml`
+  - Created NFS storage on elantris (`/el-pool/shinobi`) - 11TB available
+  - Added Proxmox NFS storage: `elantris-shinobi`
+  - Mounted NFS to LXC 103: `/opt/Shinobi/videos`
+  - Coral USB TPU device passed through to container
+  - Coral object detection plugin attempted but blocked by TensorFlow Lite unavailability for Ubuntu 24.04/Python 3.12
+  - Motion detection available and working
+
+### Notes
+- Coral TPU native plugin requires building TensorFlow Lite from source, which is complex for Ubuntu 24.04
+- Basic motion detection works out of the box for event recording
+- Object detection may require alternative approach (Frigate, or CPU-based detection)
+
 ## 2025-12-07
 
 ### Service Additions

docs/CONFIGURATIONS.md

@@ -88,9 +88,16 @@ http:
     frigate:
       loadBalancer:
         servers:
-          - url: "http://10.4.2.215:5000"
+          - url: "https://10.4.2.8:8971"
+        serversTransport: frigate-transport
+
+  serversTransports:
+    frigate-transport:
+      insecureSkipVerify: true
 ```
 
+**Note**: Frigate uses port 8971 for authenticated access with a self-signed TLS certificate. Port 5000 is unauthenticated (for Home Assistant integration only).
+
 **Foundry VTT** (`/etc/traefik/conf.d/foundry.yaml`):
 ```yaml
 http:
@@ -310,3 +317,42 @@ http:
         servers:
           - url: "http://10.4.2.24:2283"
 ```
+
+## Shinobi
+
+**Location**: LXC 103 on pm4
+**IP**: 10.4.2.226:8080
+**Domain**: shinobi.kavcorp.com
+
+**Process Manager**: PM2
+- `pm2 list` - View running processes
+- `pm2 restart camera` - Restart Shinobi
+- `pm2 logs camera` - View logs
+
+**Video Storage**:
+- Path: `/opt/Shinobi/videos`
+- Source: NFS mount from elantris (`/el-pool/shinobi`)
+- Size: ~11TB available
+
+**Hardware**:
+- Coral USB TPU passed through (`/dev/coral_usb`)
+- Note: Coral plugin requires TensorFlow Lite native build (not available for Ubuntu 24.04)
+
+**Traefik Config** (`/etc/traefik/conf.d/shinobi.yaml`):
+```yaml
+http:
+  routers:
+    shinobi:
+      rule: "Host(`shinobi.kavcorp.com`)"
+      entryPoints:
+        - websecure
+      service: shinobi
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    shinobi:
+      loadBalancer:
+        servers:
+          - url: "http://10.4.2.226:8080"
+```

docs/INFRASTRUCTURE.md

@@ -36,7 +36,8 @@
 | **Recyclarr** | 10.4.2.25 | LXC 122 (pm2) | - | CLI only |
 | **NZBGet** | 10.4.2.13:6789 | Docker (kavnas) | nzbget.kavcorp.com | Built-in |
 | **Home Assistant** | 10.4.2.62:8123 | VM 100 (pm1) | hass.kavcorp.com | Built-in |
-| **Frigate** | 10.4.2.215:5000 | LXC 111 (pm3) | frigate.kavcorp.com | Built-in |
+| **Shinobi** | 10.4.2.226:8080 | LXC 103 (pm4) | shinobi.kavcorp.com | Built-in |
+| **Frigate** | 10.4.2.8:8971 | LXC 128 (pm3) | frigate.kavcorp.com | Built-in (auth required) |
 | **Foundry VTT** | 10.4.2.37:30000 | LXC 112 (pm3) | vtt.kavcorp.com | Built-in |
 | **llama.cpp** | 10.4.2.224:11434 | LXC 123 (elantris) | ollama.kavcorp.com | None (API) |
 | **AMP** | 10.4.2.26:8080 | LXC 124 (elantris) | amp.kavcorp.com | Built-in |
@@ -52,6 +53,7 @@
 | Mount Name | Source | Mount Point | Size | Usage |
 |------------|--------|-------------|------|-------|
 | elantris-media | elantris:/el-pool/media | /mnt/pve/elantris-media | ~24TB | Media files (movies, TV, anime) |
+| elantris-shinobi | elantris:/el-pool/shinobi | /mnt/pve/elantris-shinobi | ~11TB | Shinobi NVR video storage |
 | KavNas | kavnas:10.4.2.13:/volume1 | /mnt/pve/KavNas | ~23TB | Backups, ISOs, LXC storage, downloads |
 
 ### Local Storage (Per-Node)