- pm1 uses 10G port (auto-negotiates 2.5G, no PoE needed)
- pm2, pm3, pm4, U6 Enterprise use 2.5G PoE ports
- All 6 ports utilized, no injector needed
- GS308EP dedicated to cameras
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- pm1, pm2, pm3 connect via GS308EP (1G managed PoE)
- GS308EP uplinks to GiGaPlus for 10G backhaul access
- pm4 connects directly to GiGaPlus at 2.5G (OPNsense host)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- NICs use bridges (not passthrough) so other LXCs can share
- vmbr0 (Intel) shared by OPNsense LAN + all pm4 LXCs
- vmbr1 (USB) dedicated to OPNsense WAN
- Added diagram showing LXC connectivity
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- OPNsense moves to pm4 (server closet, next to AT&T modem)
- USB 2.5G NIC for WAN (~$25), Intel I226-V for LAN
- pm4 has USB 3.1 (10Gbps) - verified
- Updated topology diagram with pm4/OPNsense placement
- Total cost now ~$605
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created NETWORK-UPGRADE-PLAN.md with full topology and VLAN design
- Hardware: 2× GiGaPlus 10G PoE ($202), 2× U7 Pro ($378) = $580 total
- 10G backhaul between server closet and basement
- VLANs: Trusted (1), Servers (10), IoT (20), Guest (30)
- OPNsense VM for routing, UniFi Controller LXC for APs
- Updated TASKS.md with implementation checklist
- Updated DECISIONS.md with architecture rationale
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added Pi-hole section to CONFIGURATIONS.md
- Includes Traefik config, DNS setup, and Asus router instructions
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- IP: 10.4.2.129 on pm2
- Domain: pihole.kavcorp.com
- Unbound configured for recursive DNS resolution
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Frigate migrated to LXC 128 (Docker) with auth enabled
- Updated IP to 10.4.2.8, port 8971 for authenticated access
- Traefik uses HTTPS backend with insecureSkipVerify for self-signed cert
- Added logrotate for Traefik logs (50MB max, 3 rotations)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added Gitea (LXC 127) to service map
- Added changelog entry for Gitea setup
- Traefik routing configured for git.kavcorp.com
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
