# IP Address Migration Plan ## Status: IN PROGRESS **Completed 2025-12-22:** - [x] All LXC gateways fixed to 10.4.2.1 (OPNsense) - [x] Critical containers migrated to local-lvm (Pi-hole, Traefik, Authelia, Vaultwarden, UniFi, Gitea) - [x] Traefik gateway fixed (was 10.4.2.254, now 10.4.2.1) - [x] NAT reflection enabled in OPNsense - [x] UniFi, Immich, Gitea set to static IPs and verified working through Traefik - [x] Media stack IP reorganization complete (all in 10.4.2.20-29 range) - [x] Traefik configs updated for all new IPs **Pending:** - [ ] Core infrastructure IP updates (Authelia, Vaultwarden, Pi-hole) - [ ] Other services (Frigate, Foundry, Home Assistant, llama.cpp, AMP) - [ ] Docker hosts IP updates - [ ] Update docs/INFRASTRUCTURE.md with final IPs **Current IP Map (pm2 - 10.4.2.6):** - 104 traefik: 10.4.2.10 - 105 sonarr: 10.4.2.20 ✓ - 108 radarr: 10.4.2.24 ✓ - 113 docker-pm2: 10.4.2.203 - 114 prowlarr: 10.4.2.22 ✓ - 115 jellyseerr: 10.4.2.25 ✓ - 116 authelia: 10.4.2.19 - 117 whisparr: 10.4.2.21 ✓ - 118 notifiarr: 10.4.2.29 ✓ - 119 bazarr: 10.4.2.23 ✓ - 120 kometa: 10.4.2.27 ✓ - 122 recyclarr: 10.4.2.28 ✓ **Current IP Map (pm4 - 10.4.2.5):** - 103 pihole: 10.4.2.129 - 110 docker-pm4: 10.4.2.204 - 111 unifi: 10.4.2.16 ✓ - 125 vaultwarden: 10.4.2.212 - 126 immich: 10.4.2.30 ✓ - 127 gitea: 10.4.2.31 ✓ **Current IP Map (elantris - 10.4.2.14):** - 121 jellyfin: 10.4.2.26 ✓ - 124 amp: 10.4.2.40 ✓ ## New IP Allocation Scheme | Range | Purpose | |-------|---------| | 10.4.2.1 | OPNsense gateway | | 10.4.2.2-9 | Proxmox nodes | | 10.4.2.10-19 | **Core Infrastructure** (proxy, DNS, auth, NAS) | | 10.4.2.20-39 | **Services** (media stack, apps) | | 10.4.2.40-49 | **Game servers / AMP** | | 10.4.2.50-99 | **Reserved / Future** | | 10.4.2.100-199 | **DHCP Dynamic Pool** | | 10.4.2.200-239 | **Docker hosts / VMs** | | 10.4.2.240-249 | **IoT / Network controllers** | | 10.4.2.250-254 | **Network gear** | ## Migration Table ### Core Infrastructure (10.4.2.10-19) | Service | VMID | Node | Current IP | New IP | Gateway Fix | |---------|------|------|------------|--------|-------------| | Traefik | 104 | pm2 | 10.4.2.10 | 10.4.2.10 | Already 10.4.2.1 | | Pi-hole | 103 | pm4 | 10.4.2.129 | 10.4.2.11 | Already 10.4.2.1 | | Authelia | 116 | pm2 | 10.4.2.19 | 10.4.2.12 | 10.4.2.254→10.4.2.1 | | KavNas | - | NAS | 10.4.2.13 | 10.4.2.13 | N/A (DHCP static) | | Gitea | 127 | pm4 | 10.4.2.7 (DHCP) | 10.4.2.14 | Set to 10.4.2.1 | | Vaultwarden | 125 | pm4 | 10.4.2.212 | 10.4.2.15 | 10.4.2.254→10.4.2.1 | | UniFi | 111 | pm4 | 10.4.2.242 (DHCP) | 10.4.2.16 | Set to 10.4.2.1 | ### Services - Media Stack (10.4.2.20-29) ✅ COMPLETE | Service | VMID | Node | IP | Status | |---------|------|------|-----|--------| | Sonarr | 105 | pm2 | 10.4.2.20 | ✅ Done | | Whisparr | 117 | pm2 | 10.4.2.21 | ✅ Done | | Prowlarr | 114 | pm2 | 10.4.2.22 | ✅ Done | | Bazarr | 119 | pm2 | 10.4.2.23 | ✅ Done | | Radarr | 108 | pm2 | 10.4.2.24 | ✅ Done | | Jellyseerr | 115 | pm2 | 10.4.2.25 | ✅ Done | | Jellyfin | 121 | elantris | 10.4.2.26 | ✅ Done | | Kometa | 120 | pm2 | 10.4.2.27 | ✅ Done | | Recyclarr | 122 | pm2 | 10.4.2.28 | ✅ Done | | Notifiarr | 118 | pm2 | 10.4.2.29 | ✅ Done | | Immich | 126 | pm4 | 10.4.2.30 | ✅ Done | ### Services - Other (10.4.2.30-39) | Service | VMID | Node | Current IP | New IP | Gateway Fix | |---------|------|------|------------|--------|-------------| | Immich | 126 | pm4 | DHCP | 10.4.2.30 | Set to 10.4.2.1 | | Frigate | 128 | pm3 | 10.4.2.8 | 10.4.2.31 | Check | | Foundry VTT | 112 | pm3 | 10.4.2.37 | 10.4.2.37 | ✅ Already in range | | Home Assistant | 100 | pm1 | 10.4.2.62 | 10.4.2.33 | Check | | llama.cpp | 123 | elantris | 10.4.2.224 | 10.4.2.34 | Check | ### Game Servers (10.4.2.40-49) | Service | VMID | Node | Current IP | New IP | Gateway Fix | |---------|------|------|------------|--------|-------------| | AMP | 124 | elantris | 10.4.2.40 | 10.4.2.40 | ✅ Done | ### Docker Hosts (10.4.2.200-209) | Service | VMID | Node | Current IP | New IP | Gateway Fix | |---------|------|------|------------|--------|-------------| | docker-pm2 | 113 | pm2 | 10.4.2.203 | 10.4.2.200 | 10.4.2.254→10.4.2.1 | | docker-pm4 | 110 | pm4 | 10.4.2.204 | 10.4.2.201 | 10.4.2.254→10.4.2.1 | | docker-pm3 | 109 | pm3 | ? | 10.4.2.202 | Check | | dockge | 107 | pm3 | ? | 10.4.2.203 | Check | ## Migration Order **Phase 1: Fix gateways only (no IP changes)** - Restart not required, just config update **Phase 2: Migrate non-critical services** 1. Media stack (Sonarr, Radarr, etc.) - low impact 2. Docker hosts 3. Game servers **Phase 3: Migrate core services (brief downtime)** 1. Authelia 2. Vaultwarden 3. UniFi 4. Gitea **Phase 4: Migrate DNS (coordinate carefully)** 1. Update all DHCP clients to use new Pi-hole IP FIRST 2. Then migrate Pi-hole **Phase 5: Update Traefik configs** - Update all backend IPs in Traefik route configs ## Post-Migration 1. Update OPNsense DHCP static mappings 2. Update docs/INFRASTRUCTURE.md 3. Update Traefik configs 4. Test all services 5. Delete this migration plan file ## Commands Reference **Change LXC IP and gateway:** ```bash pct set --net0 name=eth0,bridge=vmbr0,gw=10.4.2.1,ip=/24,type=veth pct reboot ``` **Add DHCP static mapping in OPNsense:** Via UI: Services → DHCPv4 → [LAN] → Static Mappings