# Current Tasks > **Last Updated**: 2025-12-21 ## In Progress None currently. ## Pending ### OPNsense Migration (Priority) OPNsense VM 130 deployed on pm4 with vmbr1 (USB NIC) for WAN. **Pending:** - [ ] Connect USB NIC to AT&T modem (WAN cutover) - [ ] Configure OPNsense WAN interface (DHCP or PPPoE from AT&T) - [ ] Configure OPNsense as DHCP server for LAN (10.4.2.0/24) - [ ] Test internet connectivity through OPNsense - [ ] Update gateway on all devices from 10.4.2.254 → 10.4.2.1 ### Network Isolation (DHCP Workaround) Using DHCP-based isolation due to unmanaged Gigabyte switches. See DECISIONS.md. **Pending:** - [ ] Configure OPNsense DHCP scope for IoT (10.4.10.0/24) - [ ] Configure OPNsense DHCP scope for Guest (10.4.20.0/24) - [ ] Configure UniFi to assign IoT/Guest clients to correct subnets (via DHCP options or UniFi DHCP) - [ ] Create OPNsense firewall rules: - Block IoT → LAN - Block Guest → LAN - Block Guest → IoT - Allow Smart Home VMs → IoT - [ ] Test isolation (IoT device cannot ping LAN device) - [ ] Test Smart Home access (Home Assistant can reach IoT) ### Future Network Upgrades - [ ] Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul - [ ] Consider managed 2.5G PoE switches for proper VLAN support - [ ] Consider OPNsense HA (CARP) with second USB NIC on another node ### Media Organization - [ ] Verify Jellyfin can see all imported media - [ ] Clean up `.processing-loose-episodes` folder - [ ] Review and potentially restore TV shows from processing folder ### Configuration - [ ] Consider custom format to prefer English audio releases - [ ] Review Sonarr language profiles for non-English releases ### Infrastructure - [ ] Define backup strategy and schedule - [ ] Set up monitoring/alerting system - [ ] Document disaster recovery procedures ## Completed (Recent) - [x] Configured pm4 vmbr1 bridge with USB 2.5G NIC for OPNsense WAN - [x] Added net1 (vmbr1) to OPNsense VM 130 - [x] Documented DHCP-based network isolation strategy - [x] Deployed UniFi Controller LXC 111 on pm4 - [x] Fixed SSH access between cluster nodes (pm2 can access all nodes) - [x] Fixed NZBGet permissions (UMask=0000 for 777 files) - [x] Fixed Sonarr permissions (chmod 777 on imports) - [x] Fixed Jellyfin LXC mounts (restarted LXC) - [x] Fixed Jellyseerr IP in Traefik config - [x] Consolidated documentation structure - [x] Created documentation index ## Blocked None currently.