# Infrastructure Reference > **Purpose**: Single source of truth for all infrastructure details - nodes, IPs, services, storage, network > **Update Frequency**: Immediately when infrastructure changes ## Proxmox Cluster Nodes | Hostname | IP Address | Role | Resources | |----------|-------------|------|-----------| | pm1 | 10.4.2.2 | Proxmox cluster node | - | | pm2 | 10.4.2.6 | Proxmox cluster node (primary management) | - | | pm3 | 10.4.2.3 | Proxmox cluster node | - | | pm4 | 10.4.2.5 | Proxmox cluster node | - | | elantris | 10.4.2.14 | Proxmox cluster node (Debian-based) | 128GB RAM, ZFS storage (24TB) | **Cluster Name**: KavCorp **Network**: 10.4.2.0/24 **Gateway**: 10.4.2.1 (OPNsense) **DNS**: 10.4.2.11 (Pi-hole) **Local Domain**: .kav ## Service Map > See [NETWORK-MAP.md](NETWORK-MAP.md) for complete IP allocation details. ### Core Infrastructure (10.4.2.10-19) | Service | IP:Port | Location | Domain | Local DNS | |---------|---------|----------|--------|-----------| | **OPNsense** | 10.4.2.1 | VM 130 (pm4) | opnsense.kavcorp.com | opnsense.kav | | **Traefik** | 10.4.2.10 | LXC 104 (pm2) | - | traefik.kav | | **Pi-hole** | 10.4.2.11 | LXC 103 (pm4) | pihole.kavcorp.com | pihole.kav | | **Authelia** | 10.4.2.12:9091 | LXC 116 (pm2) | auth.kavcorp.com | authelia.kav | | **KavNas** | 10.4.2.13 | Synology NAS | - | kavnas.kav | | **Vaultwarden** | 10.4.2.15 | LXC 125 (pm4) | vtw.kavcorp.com | vaultwarden.kav | | **UniFi Controller** | 10.4.2.16:8443 | LXC 111 (pm4) | unifi.kavcorp.com | unifi.kav | ### Media Stack (10.4.2.20-29) | Service | IP:Port | Location | Domain | Local DNS | |---------|---------|----------|--------|-----------| | **Sonarr** | 10.4.2.20:8989 | LXC 105 (pm2) | sonarr.kavcorp.com | sonarr.kav | | **Whisparr** | 10.4.2.21:6969 | LXC 117 (pm2) | whisparr.kavcorp.com | whisparr.kav | | **Prowlarr** | 10.4.2.22:9696 | LXC 114 (pm2) | prowlarr.kavcorp.com | prowlarr.kav | | **Bazarr** | 10.4.2.23:6767 | LXC 119 (pm2) | bazarr.kavcorp.com | bazarr.kav | | **Radarr** | 10.4.2.24:7878 | LXC 108 (pm2) | radarr.kavcorp.com | radarr.kav | | **Jellyseerr** | 10.4.2.25:5055 | LXC 115 (pm2) | jellyseerr.kavcorp.com | jellyseerr.kav | | **Jellyfin** | 10.4.2.26:8096 | LXC 121 (elantris) | jellyfin.kavcorp.com | jellyfin.kav | | **Kometa** | 10.4.2.27 | LXC 120 (pm2) | - | kometa.kav | | **Recyclarr** | 10.4.2.28 | LXC 122 (pm2) | - | recyclarr.kav | | **Notifiarr** | 10.4.2.29 | LXC 118 (pm2) | - | notifiarr.kav | ### Services (10.4.2.30-39) | Service | IP:Port | Location | Domain | Local DNS | |---------|---------|----------|--------|-----------| | **Immich** | 10.4.2.30:2283 | LXC 126 (pm4) | immich.kavcorp.com | immich.kav | | **Gitea** | 10.4.2.31:3000 | LXC 127 (pm4) | git.kavcorp.com | gitea.kav | | **Frigate** | 10.4.2.32:8971 | LXC 128 (pm3) | frigate.kavcorp.com | frigate.kav | | **Home Assistant** | 10.4.2.33:8123 | VM 100 (pm1) | hass.kavcorp.com | homeassistant.kav | | **Ollama** | 10.4.2.34:11434 | LXC 123 (elantris) | ollama.kavcorp.com | ollama.kav | | **Twingate** | 10.4.2.35 | LXC 101 (pm1) | - | twingate.kav | | **RustDesk** | 10.4.2.36:21115-21119 | LXC 129 (pm2) | - | rustdesk.kav | | **Foundry VTT** | 10.4.2.37:30000 | LXC 112 (pm3) | vtt.kavcorp.com | foundryvtt.kav | ### Game Servers (10.4.2.40-49) | Service | IP:Port | Location | Domain | Local DNS | |---------|---------|----------|--------|-----------| | **AMP** | 10.4.2.40:8080 | LXC 124 (elantris) | amp.kavcorp.com | amp.kav | ### IoT / Home Automation (10.4.2.50-99) | Service | IP:Port | Location | Domain | Local DNS | |---------|---------|----------|--------|-----------| | **Z-Wave JS UI** | 10.4.2.50 | LXC 102 (pm1) | - | zwave.kav | | **MQTT** | 10.4.2.51:1883 | LXC 106 (pm3) | - | mqtt.kav | ### Docker Hosts (10.4.2.200-209) | Service | IP | Location | Local DNS | |---------|-----|----------|-----------| | **docker-pm2** | 10.4.2.200 | LXC 113 (pm2) | docker-pm2.kav | | **docker-pm4** | 10.4.2.201 | LXC 110 (pm4) | docker-pm4.kav | | **docker-pm3** | 10.4.2.202 | VM 109 (pm3) | docker-pm3.kav | | **Dockge** | 10.4.2.203 | LXC 107 (pm3) | dockge.kav | ### Other | Service | IP:Port | Location | Domain | |---------|---------|----------|--------| | **NZBGet** | 10.4.2.13:6789 | Docker (kavnas) | nzbget.kavcorp.com | | **Proxmox Web UI** | 10.4.2.6:8006 | pm2 | pm.kavcorp.com | ## Storage Architecture ### NFS Mounts (Shared) | Mount Name | Source | Mount Point | Size | Usage | |------------|--------|-------------|------|-------| | elantris-media | elantris:/el-pool/media | /mnt/pve/elantris-media | ~24TB | Media files (movies, TV, anime) | | KavNas | kavnas:10.4.2.13:/volume1 | /mnt/pve/KavNas | ~23TB | Backups, ISOs, LXC storage, downloads | ### Local Storage (Per-Node) | Storage | Type | Size | Usage | |---------|------|------|-------| | local | Directory | ~100GB | Backups, templates, ISOs | | local-lvm | LVM thin pool | ~350-375GB | VM/LXC disks | ### ZFS Pools | Pool | Location | Size | Usage | |------|----------|------|-------| | el-pool | elantris | 24TB | Large data storage | ### Media Folders | Path | Type | Permissions | Notes | |------|------|-------------|-------| | /mnt/pve/elantris-media/movies | NFS | 777 | Movie library | | /mnt/pve/elantris-media/tv | NFS | 777 | TV show library | | /mnt/pve/elantris-media/anime | NFS | 777 | Anime library | | /mnt/pve/elantris-media/processing | NFS | 777 | Processing/cleanup folder | | /mnt/pve/KavNas/downloads | NFS | 777 | Download client output | ## Network Configuration ### DNS & Domains **Domain**: kavcorp.com **DNS Provider**: Namecheap **Public IP**: 99.74.188.161 All `*.kavcorp.com` subdomains route through Traefik reverse proxy (10.4.2.10) for SSL termination and routing. ### Bridges #### All Nodes (vmbr0) | Setting | Value | |---------|-------| | Bridge | vmbr0 | | Physical Interface | eno1 | | CIDR | 10.4.2.0/24 | | Gateway | 10.4.2.1 (OPNsense) | #### pm4 Only (vmbr1 - WAN for OPNsense) | Setting | Value | |---------|-------| | Bridge | vmbr1 | | Physical Interface | enx6c1ff76e4d47 (USB 2.5G NIC) | | Purpose | WAN uplink to AT&T modem | | Used by | VM 130 (OPNsense) net1 | ### VLANs and Subnets | VLAN | Subnet | Gateway | DHCP Range | Purpose | |------|--------|---------|------------|---------| | - | 10.4.2.0/24 | 10.4.2.1 | .100-.200 | Infrastructure (Proxmox, core services) | | 10 | 10.4.10.0/24 | 10.4.10.1 | .100-.200 | Trusted (user devices) | | 20 | 10.4.20.0/24 | 10.4.20.1 | .100-.200 | IoT (KavCorp-IOT SSID) | | 30 | 10.4.30.0/24 | 10.4.30.1 | .100-.200 | Guest (KavCorp-Guest SSID) | **VLAN Traffic Path**: UniFi AP → Unmanaged Switch → pm4 vmbr0 → OPNsense vtnet0 **Required pm4 vmbr0 Configuration**: - `bridge-vlan-aware yes` in /etc/network/interfaces - VLANs 10, 20, 30 added to eno1: `post-up bridge vlan add dev eno1 vid {10,20,30}` - VLANs 10, 20, 30 added to veth103i0 (Pi-hole): via hookscript `local:snippets/pihole-vlan.sh` **Pi-hole Configuration** (LXC 103): - `listeningMode = "ALL"` in /etc/pihole/pihole.toml (to accept DNS from all subnets) - Gateway: 10.4.2.1 (OPNsense) for proper VLAN routing *See DECISIONS.md for firewall rules and network isolation strategy.* ## Access & Credentials ### SSH Access **Proxmox Nodes:** - **User**: root (from workstation or between nodes) - **Key Type**: ed25519 - **Access**: `ssh pm1`, `ssh pm2`, `ssh pm3`, `ssh pm4`, `ssh elantris` **LXC Containers:** - **User**: root - **Key Type**: ed25519 (workstation key provisioned) - **Access**: `ssh root@.kav` (e.g., `ssh root@traefik.kav`) - **Provisioning Script**: `scripts/provisioning/setup-ssh-access.sh` All containers have SSH enabled with key-based authentication (PermitRootLogin prohibit-password). ### Important Paths **Traefik (LXC 104)**: - Config: `/etc/traefik/traefik.yaml` - Service configs: `/etc/traefik/conf.d/*.yaml` - SSL certs: `/etc/traefik/ssl/acme.json` - Service file: `/etc/systemd/system/traefik.service.d/override.conf` **Media Services**: - Sonarr config: `/var/lib/sonarr/` - Radarr config: `/var/lib/radarr/` - Recyclarr config: `/root/.config/recyclarr/recyclarr.yml` **NZBGet (Docker on kavnas)**: - Config: `/volume1/docker/nzbget/config/nzbget.conf` - Downloads: `/volume1/Media/downloads/`